Long Nguyen-Vu
Overview of Container Runtimes.
Posted on :: 353 Words

Table of Contents

Foundation

OCI: Open Container Initiativefounded by Docker, CoreOS, and othersimage-specruntime-specCRI: Container Runtime Interface enables kubelet to use different runtimesCNI: Container Network Interface

Container Runtimes

high-level runtimes often incorporate low-level runtimes that are otherwise standalone projects.

 If tomorrow you get the urge to add your own container project to the ever-growing jungle, you should make it OCI-, CRI- and CNI-compliant

![image.png](https: //t3735202.p.clickup-attachments.com/t3735202/ae6744f8-648a-48ac-bc38-b3304d5fe120/image.png)

![image.png](https: //t3735202.p.clickup-attachments.com/t3735202/87264a3f-bf61-4060-9abf-c4c6442973e8/image.png)

![image.png](https: //t3735202.p.clickup-attachments.com/t3735202/ef578bd5-1808-44e3-a65e-63a79d194386/image.png)

runc = libcontainer + ..runc runs OCI open container image directly(high level) rkt (obsolete) did not rely on daemonlxc: virtual env that does not emulate the hardware. he focus of Linux Containers are base images (e. g. Ubuntu) rather than application-tailored images.singularity focuses on High Performance Computing. Uses Singularity Image Format (SIF), but also supports OCI/CRI

VM-like Container Runtimes

![image.png](https: //t3735202.p.clickup-attachments.com/t3735202/b74b1bbc-d8c0-4f9d-8c80-a9ec88fc9061/image.png)

![image.png](https: //t3735202.p.clickup-attachments.com/t3735202/af5f3a44-0065-4c90-9141-4bb3caa6db00/image.png)

**Firecracker**Amazon project, FaaS, VMM that uses KVM to create microVM.Efforts:

  • Firecracker instead of QEMU as VMM for Kata Containers
  • firecracker-containerd mapper allows containerd to run containers as microVMs

**gVisor**Google, runsc, OCI compilant, Sentry, GoferSentry is the central user-space OS kernel that the untrusted application uses.Not every system call, /proc or /sys file is implemented.

**Source: **

innovex blog , ianlewis blog

and other opensource sites.