我最近使用 docker 部署了一个小型 Haskell 应用,使用“scratch-haskell”作为基础镜像。
然后我读到了 Unikernels 和 HALVM。我有点困惑。
我的 docker 容器大约有 6MB 大。我猜一个 Unikernel(具有相同的 haskell 应用程序)的大小大致相同。
Unikernel 直接在 Xen 管理程序上运行,而 docker Image(或通用 LXC)在普通 Linux 发行版上运行,后者在裸机上运行。
现在我可以“选择”运行带有多个最小容器的 Linux 或带有多个小型 Unikernel 的 Xen 机器。
但这两种解决方案的优缺点是什么?一个比另一个更安全吗?它们之间是否存在显着的性能差异?
最佳答案
来自 http://wiki.xenproject.org/wiki/Unikernels
What do Unikernels Provide?
Unikernels normally generate a singular runtime environment meant to enable single applications built solely with that environment. Generally, this environment lacks the ability to spawn subprocesses, execute shell commands, create multiple threads, or fork processes. Instead, they provide a pure incarnation of the language runtime targetted, be it OCaml, Haskell, Java, Erlang, or some other environment.
Unikernels Versus Linux Containers
Much has been made recently of the advantages of Linux Container solutions over traditional VMs. It is said by container advocates that their lightweight memory footprint, quick boot time, and ease of packaging makes containers the future of virtualization. While these aspects of containers are certainly notable, they do not spell the end of the world of the hypervisor. In fact, Unikernels may reduce the long-term usefulness of containers.
Unikernels facilitate the very same desirable attributes described by the container proponents, with the addition of an absolutely splendid security story which few other solutions can match.
因此,如果您只想运行 Haskell 应用程序,Unikernels 可能适合您,并且它们的开销应该比 docker 更少(而且 docker 开销无论如何都非常小),但是如果您的应用程序需要一些准备好的环境,则需要与非 Unikernels 软件 docker 是更好的选择。我想现在说 Unikernel 是否有用或广泛使用还为时过早,只有时间会证明一切。
关于Docker Container 与 Unikernel 对比,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30392261/