Are Unikernels Unfit for Production?

Are unikernels unfit for production? Joyent CTO Bryan Cantrill thinks so — and makes a compelling case.

Unikernels promise radical simplification: compile your app directly to a minimal OS image with only the kernel components it needs. No shell, no package manager, tiny attack surface.

But Cantrill's critique centers on operability: when something goes wrong in production, you lose all the standard debugging tools — no strace, no ptrace, no standard signals. The trade-off between attack surface and debuggability is a fundamental tension that any team evaluating unikernels needs to confront head-on.

A question as relevant today as it was then, as the container ecosystem continues to push toward minimal, immutable runtimes.