Unikraft is a Linux Foundation project able to build extremely efficient and secure software stacks/unikernels. By tailoring the operating system, libraries and tools to the particular needs of each application, it vastly reduces virtual machine and container image sizes to a few KBs drastically cutting down the software stack's attack surface. Our evaluation using off-the-shelf popular applications such as Nginx, SQLite, and Redis shows that running such applications on Unikraft results in a 30%-50% performance improvement compared to Linux guests. In addition, Unikraft images for these apps are around 1MB, require less than 10MB of RAM to run, and boot in around 1ms on top of the VMM time (total boot time 2ms-70ms).
Unikraft is an automated system for building specialized POSIX-compliant OSes known as unikernels; these images are tailored to the needs of specific applications. Unikraft is based around the concept of small, modular libraries, each providing a part of the functionality commonly found in an operating system (e.g., memory allocation, scheduling, filesystem support, network stack, etc.).
Unikraft supports multiple target platforms (e.g., Xen, KVM, and Linux serspace) so that it is possible to build multiple images, one for each platform, for a single application without requiring the application developer to do any additional, platform-specific work. In all, Unikraft is able to build specialized OSes and unikernels targeted at specific applications without requiring the time-consuming, expert work that is required today to build such images.
If you run significant amount of services on public cloud infrastructure, you should come to our stand to find out how Unikraft can help you seamlessly debloat your deployments; for example, in recent experiments on AWS we have been able to cut costs by half when running NGINX compared to a Linux image. If you come from the automotive industry, Unikraft can act as a minimal guest that can provide POSIX-like functionality while providing a relatively cheap certification path. And if you work on IoT or edge cloud deployments, Unikraft can even run bare metal on ARM devices, providing substantial efficiency on such hardware-constrained devices.
In early 2021 we will be releasing the v0.5.0 (Tethys), which will be our biggest release yet. Since our last presentation at FOSDEM2020, in addition to growing the community, we have added a large amount of features to Unikraft:
Finally, we are hard at work integrating Unikraft into standard frameworks such as Kubernetes and Cloud Foundry.