Sign in Subscribe
By Sahil Kapoor -

OCI

The Open Container Initiative (OCI) is an open governance body, hosted by the Linux Foundation, that maintains the standard specifications for container images, runtimes, and distribution. OCI specs are why a container built with one tool runs on another, and why Docker, Podman, Kubernetes, and cloud platforms can interoperate.

The three specs

  • Image Specification. Defines the on-disk format of a container image: manifests, layers as tar archives, content-addressable digests.
  • Runtime Specification. Defines how a runtime should launch a container from a filesystem bundle and a config (Linux namespaces, cgroups, mount points, capabilities).
  • Distribution Specification. Defines the registry API for pushing and pulling images, used by Docker Hub, GHCR, ECR, GAR, ACR, Harbor, Artifactory.

Reference implementations

  • runc. Reference OCI runtime, originally from Docker; used by containerd, CRI-O, and most others under the hood.
  • umoci, skopeo. Image manipulation and registry interaction tools.
  • distribution / Docker Registry. Reference implementation of the distribution spec.
🔗
Related Terms
Docker, Kubernetes, containerd, Container Runtime, Image Layer.

Subscribe to Sahil's Playbook

Clear thinking on product, engineering, and building at scale. No noise. One email when there's something worth sharing.
[email protected]
Subscribe
Mastodon