Indeed, it's a very interesting space to explore.

You get proper isolation at the "hardware" level, with performance and efficiency probably not very far from containers, or at least good enough for most use cases (with VT-x, etc.).

Some of the issues of containers disappear (cross-platform support, for one), but we gain others instead, which prohibits me from attempting to use this in production for the immediate future. (Side note: is anyone actually using unikernels in production today? Please share your experience.)

It took us quite a while to get the orchestration part right for containers, and even today, a lot of companies struggle with it. Not to mention writing tools for storage management, debugging, etc.

We need similar tooling for unikernels+VMs, and I haven't seen such initiatives yet. That's OK, it's still a young platform, but I'll definitely be keeping my eye on it.

It's certainty an exciting area to keep an eye on. I have not looked at containers too much, I understand the basic theory but I've not had a use case myself to deploy them in production. I am much more familiar and in love with virtual machines however. If applications could be built as a self contained tiny VM's I can see myself using these quite heavily.

I think the most exciting thing about containers is actually the infrastructure and tooling around them. The technology for managing containers and container images is a lot better than that for managing VMs and VM images. As far as I know, there isn't anything comparable to Docker, Docker registry, Docker swarm, etc for VMs, or at least they are outclassed in terms of power and usability.

If we could bring all of the benefits of containers to the VM world (including subsecond boot times), I think that could revolutionize at least cloud computing (if not other forms).

Does CloudStack/OpenStack not allow for container lime management? Again, without much knowledge of containers I am not sure of the comparison.

I do know I sometimes get annoyed with something like a web app or service needing a whole OS, to largely do nothing except use resources unnecessarily. Something that can see storage and that has an IP Stack would free up a lot of resources.

I don't know about CloudStack or OpenStack.

I don't think the OS is consuming a whole lot of resources on the scale of a web service. You might get some performance improvements from static linkage vs syscalls, but I'm guessing the "performance improvement" story is mostly one of latency (startup times) and not throughput.

Mostly the nice bit of getting rid of the OS is improved startup times, reduced attack surface, and an easier-to-reason-about system.

This probably impacts tooling as well--you can actually compile your entire image from source code instead of needing to fire up an instance, script changes to it, shut it down, then copy it.

I'd not considered the reduced attack surface, I'd mostly been thinking of the efficiency gains. It's a very good point.

The closest match I know of is containers:Docker::VMs:Packer https://www.packer.io

well containers, self contained tiny vms, etc. have one single downside. shared libraries do not work well with them, which means updating the host os does not fix anything inside the container. something that helps against that is actually running something like distroless, however that still won't make it, the best thing is probably update all the stuff every day automatically. (not a hard thing on something like k8s, etc..)