Docker-unikernel-runner -- build and run rumprun unikernels as Docker containers


Hi all,

I’d like to announce ‘docker-unikernel-runner’, which provides a base image you can use to build and run rumprun unikernels as Docker containers:

TL;DR, cut and paste to try it:

Requirements: An x86_64 machine with Docker and KVM, though the latter is not required.

To run the example unikernel-mathopd image, which contains a web server:

CID=$(docker run -d --device /dev/kvm:/dev/kvm \
    --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN \
CIP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID)
curl http://${CIP}/

If you don’t have/want to run with KVM acceleration, you can omit the pass through of /dev/kvm, in which case the unikernel will be run using software emulation only.

You can find more details, including instructions on how to build your own unikernel images using unikernel-runner as a base, in the README[1].


Docker-unikernel-runner is an extension of the DockerCon EU demo[2] from last November, with the following notable improvements:

  • A generic, re-usable, minimal base image containing exactly two executables (unikernel-runner and a stripped down build of qemu).
  • Integration with the work in progress Rumprun configuration specification[3].
  • Does not rely on macvtap to provide L2 connectivity to the unikernel, so no kernel patching is required.

Docker-unikernel-runner is intended as a platform to experiment with:

  1. Improving Docker/unikernel integration. (e.g. native support for L2 connectivity so that CAP_NET_ADMIN is not required)
  2. Use it as a “higher level stack” client for the rumprun configuration specification, so that I can validate and test that work.
  3. Supporting other unikernel projects, either by adding specific support to unikernel-runner or getting other projects on board with using the configuration spec.
  4. Distributing “ready-to-run” binary unikernels using Docker Hub. This ties in with David Halls’ work[4], and completes the stack with Docker+KVM providing the “run” part.




Do you have a "get started"?