Kernels will turn into libraries and become part of the containers
Containerized software expert Docker has bought Unikernel Systems, a tiny startup in Cambridge UK that could give Docker the ability to absorb all the funcitons of the operating system into its containers.
Containers are portable packages of resources individualized for particular applications so that developers can work on each applications in an environment which is separate from other applications’ containers, and can be moved easily from development to delivery. Unikernels take this idea and push it further, by allowing the developer to specify the kernel which the application will run on - effectively rolling their own operating system. As the diagram below shows, it would allow Docker to provide every application with its own VM, including a specialized unikernel.
Kernels versus unikernels
Source: Unikernel Systems
“I’m happy to announce today that Unikernel Systems is part of Docker!” says a blog from Docker community marketing manager Adam Herzog.
Kernels have traditionally been solid functionality separate from applications, on which those applications run. Unikernel systems take away that distinction, and when source code is compiled, they create a custom operating system. Every application gets its own operating systen which only inlcudes the functionality that application needs.
That makes unikernels small and fast, and improves efficiency, says the Docker blog.
“Just like we did with containers, we are interested is democratizing that technology, making it available and useful to the millions of developers and IT pros out there,” said Solomon Hykes, founder and chief technology officer for Docker, in remarks quoted at The New Stack. “Unikernels allow you to basically get rid of the operating system, and instead compile into the application the small bits of the operating system it really needs.”
Unikernel Systems was only formed in 2015, but its staff have a heaviweight pedigree, including among their number several key developers of the widely used Xen hypervisor, including CTO Anil Madhavapeddy, David Scott, Thomas Gazagnaire and Amir Chaudhry.
”Unikernels are an important part of the future of the container ecosystem,” says the Docker blog, as by implication, they effectively absorb the operating system into the containers.
On its own announcement, Unikernel Systems says ”Docker is uniquely suited to work with Unikernel Systems to drive one of the most significant recent developments in operating systems technology. Working together will allow us to accelerate the development and broad adoption of this technology which will become a critical part of future microservices and IoT. The integration with Docker tooling will provide users greater choice in how they build, ship and run their applications.”
Unikernels don’t even necessarily need a hypervisor, says Chris Williams at The Register. They can use a “rump kernel” with hardware drivers effectively letting the unikernel run on bare metal.
But all this will have to pass severe security scrutiny, as unikernel applications, and the individual operating systems they create, must be trusted. The system could have the potential for individual unikernel applications to break, hog or subvert the overall system. Both Docker and Unikernel say these issues are being addressed solidly.
As well as Xen, other influences on Unikernel Systems include MirageOS, the Rumprun unikernel, the Irmin distributed database and the Jitsu just-in-time deployment system. The Unikernel Systems work was presented at DockerCon EU in Barcelona, Spain. The movement has its own community site, unikernel.org