Type-1 Bare-Metal Environment
Container can be treated as a process of a Linux system. By using yaml files that include the description of the applications, users can package all related system lib and bin files, and by utilizing Linux kernel features, such as cgroup and namespace, they can separate a completely independent environment for execution. It is similar to the concept that every logged-in user has his/her own home directory, yet the only exception is that the environment, including process, network, IPC, file system, and hostname, is more completely independent. Therefore, containers for Windows or Mac OS need to have Linux virtual machine installed in advance, to enable internal container operation and system calls to Linux kernel.
A complete kernel has many unnecessary applications, such as some device drivers, or other files that do not belong to current kernel version. If one can get rid of these additional modules or files, it will be a lot helpful for enhancing the booting performance. With that in mind, Unikernel adopts libOS to compile necessary kernel components into a binary file for execution.
Can Unikernel replace Container?
The booting speed of Containers is faster than that of Unikernel, which has a better performance for execution efficiency because it consists of kernel and application together with the identical IP address assigned. Furthermore, due to the kernel sharing and imperfect namespace, the security of container has long been an issue to users. On the contrary, Unikernel has a more complex compilation process and is more difficult to debug. For now, Unikernel is complementary to Container; it can help containers to achieve a cross-platform application. From the perspective of features, functionalities, and efficiency, Unikernel has the potential to replace containers. Therefore, Docker acquired Unikernel Systems and announced Docker engine for Mac/Windows. In a 2017 Docker conference, Docker announced that Linuxkit started to support Unikernel on Linux.
撰文: 顏志翰 迎棧科技資深架構師