Thank you for your interest in MirageOS. MirageOS is first and foremost a framework for creating an application (such as a blog) for several targets. One of these targets is Solo5 which allows to create an entire system which includes everything necessary for OCaml (its runtime). Thus, one can deploy a MirageOS application on:
- KVM (with the target
- or produce a simple executable taking advantage of seccomp (and thus finely controlling access to the executable).
- we can also mention the experimental target for Raspberry Pi 4
The objective of MirageOS is to make the choice of targets transparent to the application. This means that for a given application, deploying for KVM or Xen should not be an upstream choice (which would govern the development of the application) but the last of the choices which can, of course, be left to third party users.
This reverses the development logic of an application thanks to abstraction mechanisms (specific to OCaml) (the functors) that allow to get rid of any specialisation to a given system (Solo5, Unix, Raspberry Pi, etc.).
This is of course the theory and in practice, it works quite well .
To take the example of the blog, you can see Hannes’ blog or mine which runs on MirageOS (KVM). The latter have a similar architecture: a unikernel managing TLS certificates and redirecting HTTP connections to unikernels on a local network (tlstunnel or contruno) and a unikernel (unipi) that only transmits what appears in a Git repository via the HTTP protocol (http/1.1 and h2).
Deployment depends of course on what you have. Regarding KVM, you can follow the tutorials here (quite general) and there. You can deploy your unikernels on Google Cloud with this (probably a bit old) tutorial. Finally, a deployment with seccomp is possible, it is a simple executable.
Of course, most of these unikernels are already available for download here thanks to the excellent work of robur.io. It is ensured that the generated image is reproducible regardless of the context.
There is of course a whole series of unikernels made by the community that you can mainly find on GitHub. We can talk about several services like DNS or emails.
I would like to specify that all this is still experimental. We are gradually reaching the stage where our unikernels are used in production domains, but it still requires a lot of work and a lot of skills for such a small team . Of course, we are open to everyone’s participation and we are especially here to help newcomers.