Don’t miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
urunc: A container runtime for unikernels and single application kernels – Charalampos Mainas, Nubis PC
Traditional container runtimes rely on OS-level isolation using namespaces and cgroups. While efficient, this approach can fall short in multi-tenant environments where stronger workload isolation is essential. To mitigate these risks, containers execute within sandboxes, often in the form of VMs. However, this approach typically involves extra components to manage the container lifecycle within the VM, adding complexity and increasing resource usage.
What if we could have the best of both worlds, strong isolation and low overhead? The key lies in specialization! Unikernels and
stripped-down Linux VMs, tailored for a single application, offer VM-grade isolation with small resource usage and fast boot times.
This talk introduces urunc, a novel container runtime that makes this approach practical. Urunc reverses the traditional model: instead of running containers inside VMs, it runs lightweight VMs, as containers. CRI-compatible, urunc integrates seamlessly with Kubernetes, enabling the orchestration of such VMs just like regular containers. The talk covers the design and architecture of urunc, its key differences with other sandboxing technologies and includes a live demo.
