ooooo        ooooo ooooo      ooo ooooo     ooo ooooooo  ooooo   .oooooo.   ooooooooo.   
     `888'        `888' `888b.     `8' `888'     `8'  `8888    d8'   d8P'  `Y8b  `888   `Y88. 
      888          888   8 `88b.    8   888       8     Y888..8P    888      888  888   .d88' 
      888          888   8   `88b.  8   888       8      `8888'     888      888  888ooo88P'  
      888          888   8     `88b.8   888       8     .8PY888.    888      888  888`88b.    
      888       o  888   8       `888   `88.    .8'    d8'  `888b   `88b    d88'  888  `88b.  
     o888ooooood8 o888o o8o        `8     `YbodP'    o888o  o88888o  `Y8bood8P'  o888o  o888o 

Open Container Initiative (OCI) and Specifications

  • Open Container Initiative
    The Open Container Initiative (OCI) is a lightweight, open governance structure (project), formed under the auspices of the Linux Foundation, for the express purpose of creating open industry standards around container formats and runtime. The OCI was launched on June 22nd 2015. The OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.

Open Container Initiative (OCI) - Implementations

Container Based

  • runc (Docker)
    runc is a CLI tool for spawning and running containers according to the OCI specification.

  • Kurma
    Kurma - github
    Kurma - Documentation
    Kurma is a container runtime built with extensibility and flexibility in mind. It focuses on "everything is a container" and uses this to enable plugins that run within Kurma, leaving Kurma easy and simple to deploy and manage. Configuring networking plugins or customizing how containers are instrumented is easily extensible. Kurma implements the App Container (appc) specification, and leverages libcontainer from the Open Container Initiative (OCI).

  • rkt - A security-minded, standards-based container engine (License: )
    rkt - github
    rkt - Documentation
    rkt is the next-generation container manager for Linux clusters. Designed for security, simplicity, and composability within modern cluster architectures, rkt discovers, verifies, fetches, and executes application containers with pluggable isolation. rkt can run the same container with varying degrees of protection, from lightweight, OS-level namespace and capabilities isolation to heavier, VM-level hardware virtualization.

Hypervisor Based

  • HyperContainer = Hypervisor + Kernel + Docker Image (License: )
    HyperContainer - github
    HyperContainer - How it works
    HyperContainer - Documentation
    HyperContainer is a Hypervisor-agnostic Docker Runtime that allows you to run Docker images on any hypervisor (KVM, Xen, etc.).

    • hyperd
      HyperContainer Daemon. This repo contains two parts: the daemon of HyperContainer hyperd and the CLI hyperctl.

    • hyperstart
      The init Task for HyperContainer.

    • runV
      runV is a hypervisor-based runtime for OCI. runV is compatible with OCI. However, due to the difference between hypervisors and containers, the following sections of OCI don't apply to runV:
      - Namespace
      - Capability
      - Device
      - linux and mount fields in OCI specs are ignored
      The current release of runV supports the following hypervisors:
      - KVM (QEMU 2.0 or later)
      - Xen (4.5 or later)
      - VirtualBox (Mac OS X)

    • hypernetes = Bare-metal + Hyper + Kubernetes + KeyStone + Cinder + Neutron
      Hypernetes is a secure, multi-tenant Kubernetes distro.
  • Frakti (License: Apache-2.0)
    The hypervisor-based container runtime for Kubernetes. Frakti lets Kubernetes run pods and containers directly inside hypervisors via HyperContainer. It is light weighted and portable, but can provide much stronger isolation with independent kernel than linux-namespace-based container runtimes.

  • cc-oci-runtime
    cc-oci-runtime is an Open Containers Initiative (OCI) "runtime" that launches an Intel VT-x secured Clear Containers 2.0 hypervisor, rather than a standard Linux container. It leverages the highly optimised Clear Linux technology to achieve this goal.