How UCloud’s Cube Serverless Container Cuts Ops Overhead with Firecracker

Background

With the rise of cloud‑native technologies, container usage in enterprise production environments has grown dramatically. Kubernetes, as the de‑facto standard for container orchestration, is widely adopted. UCloud’s container team launched the UK8S Kubernetes service in 2018, tightly integrated with UCloud IaaS for compute, networking, and storage.

User Pain Points

Maintaining Kubernetes clusters adds operational burden, preventing application‑centric management.

Kubernetes’ complexity creates a steep learning curve and requires architectural changes for existing container users.

Customers desire an instant‑start container product that launches applications without waiting for virtual machines.

Cube Serverless Container

To address these issues, the team developed Cube, a serverless container product now in public beta. Its key features include:

Zero Operations : No resource maintenance; focus on applications, using container images as the packaging standard.

Pay‑as‑You‑Go : Billing based on actual resource consumption per application.

Auto Scaling : API‑driven on‑demand launch and termination of applications with automatic resource scheduling.

High Availability : Built‑in high availability and self‑healing capabilities for applications.

Technical Choices

1. Container Runtime – To achieve strong isolation on shared physical hosts, the team selected Firecracker, a lightweight virtual machine that offers VM‑level isolation with container‑like startup speed. Benchmarks show Firecracker outperforms QEMU in launch time and memory usage.

2. Container Management Service – The team chose the cri‑o + firecracker‑containerd stack for its clear architecture and simple call chain, facilitating future customizations.

3. Container Scheduling Service – Kubernetes serves as the core scheduler, customized to meet Cube’s specific requirements.

Optimization Improvements

1. Container Image Handling – Modified cri‑o to mount writable layers as block devices inside the lightweight VM, avoiding host interference. Implemented remote image mounting to reduce startup latency, achieving sub‑3‑second first‑pull times.

2. Public Cloud Resource Integration – Network model aligns with cloud VPC via CNI plugins. Storage supports NFS and UDisk, with automatic NFS mounting in the VM and SPDK‑backed high‑performance cloud disks via vhost‑user.

3. Runtime Environment – Adopted a one‑shim‑per‑pod model to reduce shim overhead, streamlined the VM kernel/rootfs, and embedded an infra container to eliminate extra mounts.

4. Kubernetes Customizations – Implemented a custom scheduler for multi‑tenant priority and speed, and stripped unnecessary kubelet functions to enhance isolation and security.

Future Outlook

After successful launch, Cube will continue iterating to improve efficiency, reduce costs, and simplify maintenance. Ongoing work includes optimizing the lightweight VM I/O path, adding diverse management controllers, and enabling direct integration of Cube instances into Kubernetes clusters for flexible resource scheduling.