Scaler
Academy
Data Science
Neovarsity
New
Skill Test
CoursesFree Masterclass
Search for Articles, Topics
Docker Tutorial
The Open Container Initiative (OCI)

The Open Container Initiative (OCI)

Learn via video courses
Topics Covered

Overview

The Open Container Initiative (OCI) is a lightweight, open governance project formed under the Linux Foundation umbrella for the sole purpose of creating open industry standards around container formats and runtimes. In this article, we will dive deeper into it.

What is Open Container Initiative (OCI)?

The Open Container Initiative exists to create industry standards for container formats and runtimes. The idea is that by having everyone work together, we can make the technology better instead of having a bunch of different, incompatible formats.

Lots of big companies are a part of the Open Container Initiative, including Alibaba Cloud, Google, AWS, Cisco, and Goldman Sachs.

What are the Various Container Runtimes?

To understand the different kinds of container runtimes, we first need to understand what exactly a container runtime is.

Container runtime standards are also governed by the Open Container Initiative (OCI).

Container runtimes are software components that allow you to run containers on a host operating system in containerized architecture. Container runtimes are responsible for loading container images from a repository, monitoring local system resources, isolating system resources for the use of a container, and managing the container lifecycle.

Instead of focussing on the above complex technical definition - the below definition would give you enough idea to understand what lies ahead -

A container runtime is responsible for all the parts of running a container that isn't running the program itself.

Sandboxed and Virtualized

These runtimes provide increased isolation between the containerized process and the host, as they don't share a kernel.

Low Level

These runtimes are responsible for creating and running containers. Once the containerized process runs, the container runtime is not required to perform other tasks.

High Level

These runtimes are currently the default Kubernetes container runtime. These provide image specifications, a command-line interface (CLI), and a container image-building service.

What is Docker?

Docker is a platform that enables developers and sysadmins to create, deploy, and run applications with containers.

Docker comes under the purview of the Open Container Initiative (OCI)

We have talked about Docker in detail here

Playing Around with Containers

Let's understand what containers are all about.

Playing around with containerd

the container is a container runtime that helps manage the life of a container on any physical or virtual machine. It's used by the docker engine to create, start, stop, and destroy containers. containers can also pull container images from registries, mount storage, and enable networking for a container.

Containerd Installs the Downstream Dependencies as Well

runs: to Run Containers

It is a CLI tool for spawning and running containers on Linux according to the Open Container Initiative specification.

Check more about it over here

ctr: A CLI for Containers

It is a CLI that lets us create and manage containers run with containers.

Check more about it over here

contained-shim: to Support Daemon Fewer Containers

It is a piece of software that resides in between a container manager (containerd, cri-o, podman) and a container runtime (runc, crun) to solve the problems of integration in these counterparts.

How to Interact With Containers?

containerd runs as a daemon process, i.e. it runs continuously as a background process rather than being under the direct control of a user. It manages the complete container lifecycle, i.e. it creates, starts, stops containerd, pulls and stores images, configures mounts, networking, etc.

Docker uses containerd internally to run containerd. Kubernetes also uses containerd to run containerd but with the help of a Container Runtime Interface (CRI).

But, how can we (the user) interact with containerd? Well, containerd has a command-line client called ctr, which can be used. If you have containerd running on a machine, chances are the ctr binary is also there.

Let's take a look at some of the ctr commands -

Pull images

e.g. $ ctr images pull docker.io/library/nginx:1.21

Listing container images

e.g. ctr images ls

Import existing images

e.g. ctr images import my-app.tar

Remove images

e.g. ctr images remove docker.io/library/nginx:1.21

Run a container

e.g. ctr run --rm -t docker.io/library/debian:latest cont1

These are some of the interactions that you can try.

Playing Around with runc

runc is a low-level tool not designed with an end user in mind. It is mostly employed by other higher-level container software.

Therefore, unless there is some specific use case that prevents using tools like Docker or Podman, it is not recommended to use runc directly.

If you still want to use it to explore runc, check out this document: https://github.com/opencontainerd/runc#using-runc

Conclusion

In this article, we have understood what the Open Container Initiative (OCI) is and how it is helpful for the tech world. We have also seen in detail about Container Runtimes and contained. In the upcoming articles, we will dive deeper into other topics to build a strong foundation for learning Docker.