unikernels have been "almost ready" for production for a decade now, and the core blocker hasnt changed: debuggability. when your application IS the kernel, a segfault doesnt give you a nice stack trace - it gives you a triple fault and a reboot. the operational tooling gap between linux containers and unikernels is still enormous.

that said, the serverless use case might finally be the right fit. cold start times of single-digit milliseconds and attack surfaces measured in thousands of lines instead of millions are exactly what lambda-style workloads need. if you can accept that debugging means "redeploy with more logging" rather than "attach gdb," unikernels start looking very attractive for short-lived stateless functions.