Chapter 7. Unikernels Flashcards
1
Q
What is the idea behind Unikernels?
A
- as part of a containers running process, the entire user-space libraries of the respective distribution need to be shipped with the application
- in most cases, the majority of the libraries would not be consumed by the application
- with unikernels we can select the part of the kernel needed to run with the specific application
- the unikernel image becomes a single address space executable, including both applicatoin and kernel components
- this image can be deployed on VMs or bare metal, based on unikernels type
2
Q
What is the difference between unikernels and containers?
A
- containers run on top of a container engine and are through them connected to the operating system
- a single host OS kernel powers many containers simultaneously
- unikernels are machine images with everything necessary for execution of an application, including the operating system compoenent
- thus they are completely self-sufficient and able to run independently
- unikernels reduce the attack surface further by removing unnecessary components of the operating system (like permissions and isolation)
3
Q
What are unikernels exactly?
A
- specialized virtual machine images
4
Q
What do Unikernels contain exactly?
A
- application code
- configuration files for the application
- user-space libraries needed for the application
- appliation runtime (like JVM)
- system libraries of the unikernel, which allow back and forth communication with the hypervisor
5
Q
What are benefits of unikernels?
A
- minimalistic VM image to run an application, allows to have more applications per host
- faster boot time
- simplified development and management model
- more secure applications than traditional VM, as the attack surface is reduced
- easily-reproducible VM environment, which can be managed through a source control system like Git
6
Q
What implementations of unikernels exist?
A
- specialized and purpose-built unikernels
- generalized ‘fat’ unikernels