TL;DR

  • The Open Container Initiative (OCI) is launched in June 2015 by Docker, CoreOS, and other leaders in the container industry.
  • The OCI currently contains two specifications: runtime-spec and image-spec
  • RunC
    • RunC is the runtime for running containers according to the OCI specification (implements OCI runtime-spec).
    • Runc leverages technologies available in Linux Kernel (cgroups and namespaces) to create and run containers.
  • containerd
    • containerd is a daemon and it manages the complete lifecycle of a container on the host operating system.
    • containerd manages image storage and transfer, container execution and supervision, low-level storage, network attachment, etc.
    • containerd uses RunC for creating and running containers from OCI-compatible images.
  • dockerd
    • dockerd (docker-engine) provides an API for clients via three different types of sockets: unix, tcp, and file.
    • dockerd serves all features of Docker platform.
    • dockerd leverages containerd gRPC API for managing containers.
  • containerd-shim
    • containerd-shim allows daemonless containers and acts as a middleman between containers and containerd.
    • Using containerd-shim, runc can exit after creating and starting containers (removes the need for long-running runtime processes for containers).
    • containerd-shim also keeps the STDIO and FDs open for containers in case dockerd or containerd dies.
    • This also allows updating dockerd or containerd without killing the running containers.
  • Docker CLI (docker command) and other Docker clients communicate with dockerd (docker-engine).

READ MORE