Instances
Containers running inside isolated Firecracker microVMs.
An instance is a container running inside an isolated Firecracker microVM. Each instance gets its own kernel, network stack, and resource limits — full VM-level isolation with container-speed startup.
Lifecycle
Instances are ephemeral. They have exactly one lifecycle: created, running, stopped. There is no restart — stopping an instance destroys it, and you create a new one to replace it.
This is by design. Ephemeral instances encourage immutable deployments: push a new image, roll out fresh instances, tear down the old ones.
Resources
Every instance is allocated dedicated compute resources:
| Resource | Range | Default |
|---|---|---|
| vCPUs | 1–32 | 1 |
| Memory | 128 MB – 64 GB | 1024 MB |
Resources are reserved per-instance and not shared or overcommitted.
Container images
Instances run standard OCI container images pulled from any compliant registry — Docker Hub, GitHub Container Registry, AWS ECR, or your own. Unisrv also includes a built-in registry at harbor.unisrv.io that you push to with plain Docker (see Container Registries). External private registries require stored credentials.
The image is pulled at instance creation time. There is no image cache on nodes — each instance pull is fresh, ensuring you always get exactly the tag you requested.
Networking
Each instance gets a private IP on the node's internal network. Instances are not directly reachable from the internet by default — traffic arrives through a service.
Internal networks
Instances can be joined to internal networks for private communication between instances. A network defines a CIDR block and each instance joined to it receives an allocated IP within that range.
This is useful for separating concerns — for example, an app instance talking to a database instance over a private network, with only the app exposed through a service.
TCP expose
For cases where you need raw TCP access (SSH, databases, custom protocols), an instance port can be exposed publicly through the edge proxy. This assigns a public port that tunnels directly to the instance.
Environment variables
Instances accept environment variables at creation time, passed as KEY=VALUE pairs. These are set inside the container and available to the running process.
Naming
Instances can be given an optional name. Names are not unique — they're a convenience label for identification. When not provided, instances are identified by their UUID. Both names and UUID prefixes can be used to reference instances in commands.