Having used Containers, Kubernetes and Serverless (a lot!) over the last few years, I catch myself wondering ‘What next?’ when it comes to more efficient, faster and secure units of computing. By Nithin Jois.
Unikernels – single purpose compute environments packaged with necessary dependencies, runtime, libraries, kernel capabilities and everything else required boot and run Application code, and System code in a single address space with No Operating System, No Users and No Shell resulting in smaller, faster and a more secure system.
The author will also walk you through steps he took to use Nanos unikernel by NanoVMs and their CLI tool ops to build, and deploy. It seems like the simplest option out there, and the documentation is fairly straight-forward as well.
The article then reads about:
- What are Unikernels?
- Types of Unikernels
- Clean Slate
- Legacy
- VMs vs. Containers vs. Lightweight VMs vs. Unikernels
- Comparison of High-level Architectures
- Why isn’t everyone using this already!?
- Implementing Unikernels
- Prerequisites
- IAM Permissions
- Create Instance
- Delete Instance
- Security Considerations
One major security issue is the fact that unikernels run the application, and the kernel together as a single process allowing applications(or attackers) to potentially call kernel-level functions. Supply chain attacks, which are a very likely threat can make this a reality. The article provides the links to further reading, references and other similarly interesting projects. Well done!
[Read More]