Brussels / 3 & 4 February 2024


From Containers to Unikernels: Navigating Integration Challenges in Cloud-Native Environments

Containers have undoubtedly taken the lead in the landscape of cloud-native applications, but their security limitations have prompted a revisit to conventional VMs. This renewed interest revolves around implementing additional security measures, particularly by confining containers within VM or microVM sandboxes. While this approach offers enhanced security, it introduces complexities in effectively optimizing resources on physical nodes.

On the other hand, unikernels emerge as a compelling alternative —- a streamlined application kernel that preserves the benefits of VM isolation. However, the challenge lies in seamlessly integrating unikernels into the existing container ecosystem.

In this talk we present urunc, a CRI-compatible container runtime that spawns unikernels, packaged in OCI images. We dig in the internals of urunc, providing insights into support for various hypervisors, network and storage handling, as well as the integration with high-level orchestration frameworks (such as k8s). At the same time, we elaborate on the network setup implications when unikernels and generic containers are mixed in the context of k8s.


Georgios Ntoutsos
Photo of Ioannis Plakas Ioannis Plakas