Containers enable application/service deployment environments with relatively-low overhead compared with other virtualization techniques, while offering portability, compatibility, and isolation. They leverage server virtualization methods such as operating system-level virtualization, where the kernel of an operating system allows for multiple isolated user space instances, instead of just one.
However, traditional application/service deployments using containers have employed a top-down approach, which containerizes applications/services in a container that is inclusive of many standard libraries, packages, and binaries of an operating system (OS). These comprise many of the possible requirements and dependencies for this application/service, many of which will not be used during regular operation of the application/service, but are still included in the container. Even though the container allows for relatively-low overhead by leveraging a shared kernel between containers on the same host, that overhead is still relatively high compared to the minimum set of requirements and dependencies of the application/service during regular operation.
Unikernels consist of single address space machine images, and may be constructed with the use of library operating systems (OS). Traditionally, to deploy applications/services as unikernels, the developers would manually identify the minimum set of libraries corresponding to the operation system (OS) constructs for specific types of unikernels. These libraries would then be compiled with the applications/services and any corresponding configuration code. Many times, device drivers would also be required for specific hardware on which the unikernel is to be deployed, as well as protocol libraries.
Compared with deploying applications/services using traditional operating systems, deploying applications/services using unikernels offers several benefits, which include small footprint, short boot times, and increased security. However, because of their high degree of specialization, combined with their inability to allow developers to debug or modify them after compilation, unikernels are unsuitable for general-purpose, multi-user computing, an area where traditional operating systems excel.