1. Container Runtimes for Release 1.5
  2. Introduction to Container Runtimes

1 Introduction to Container Runtimes

Important:

The software described in this documentation is either in Extended Support or Sustaining Support. See Oracle Open Source Support Policies for more information.

We recommend that you upgrade the software described by this documentation as soon as possible.

This chapter introduces the container runtimes available in Oracle Cloud Native Environment. The available container runtimes are compliant with the Open Container Initiative (OCI) Runtime Specification.

This chapter provides introductory information about runC and Kata Containers.

This document does not attempt to explain how to use images to create containers in any detail, nor does it attempt to explain how to create and use Kubernetes pods or deployments.

For more detailed information on creating and managing containers using Kubernetes, see Container Orchestration.

Introduction to runC

runC is a container runtime based on the Linux Foundation's Runtime Specification (runtime-spec). runC is developed by the Open Container Initiative.

runC is a component of Oracle Cloud Native Environment. runC is a Cloud Native Computing Foundation (CNCF) compliant environment to deploy microservices, and to orchestrate containers.

runC is based on a stable release of the upstream runC project. Differences between Oracle versions of the software and upstream releases are limited to Oracle specific fixes and patches for specific bugs.

For upstream runC documentation, see:

https://github.com/opencontainers/runc/blob/main/man/runc.8.md

For more information about runC, see:

https://github.com/opencontainers/runc

Introduction to Kata Containers

You can provide additional security and isolation of workloads using Kata Containers. Kata Containers is based on the upstream Kata Containers OpenStack Foundation project. Kata Containers delivers the framework for creating lightweight virtual machines, that can easily plug into a container ecosystem. Kata Containers offers additional levels of security, while maintaining the development and deployment speed of traditional containers.

Kata Containers is a component of Oracle Cloud Native Environment. Kata Containers is a Cloud Native Computing Foundation (CNCF) compliant environment to deploy microservices, and to orchestrate containers.

Kata Containers is based on a stable release of the upstream Kata Containers project. Differences between Oracle versions of the software and upstream releases are limited to Oracle specific fixes and patches for specific bugs.

For upstream Kata Containers documentation, see:

https://github.com/kata-containers/documentation

For more information about Kata Containers, see:

https://katacontainers.io/

Setting Runtime Classes

CRI-O uses a Kubernetes annotation or Runtime class set in the pod configuration file to decide whether to run a pod using runc or kata-runtime.

Figure 1-1 Kubernetes Runtimes


This figure shows that CRI-O uses a Kubernetes annotation or Runtime class to decide whether to run a pod using runc or kata-runtime.

You can create Kubernetes runtime classes to specify whether containers should be run as the default runtime, runc, or using kata-runtime. The examples in this book use the name native to specify the use of runc, and the name kata-containers to specify the use of kata-runtime. You can use any name you like.

To create a runtime class:

  1. Create a file for a runtime class for Kata Containers named kata-runtime.yaml with the following contents: 

    kind: RuntimeClass
apiVersion: node.k8s.io/v1beta1
metadata:
    name: kata-containers
handler: kata

    Load the runtime class to the Kubernetes deployment: 

    kubectl apply -f kata-runtime.yaml

    The runtime class kata-containers can now be used in pod configuration files to specify a container should be run as a Kata container, using the kata-containers runtime. For examples of creating pods using this runtime class, see Creating Kata Containers.

  2. (Optional) If you want to specify a runtime for runc, you can do this in a similar way. This is an optional configuration step. As runc is the default runtime, pods automatically run using runc unless you specify otherwise. This file is named runc-runtime.yaml: 

    kind: RuntimeClass
apiVersion: node.k8s.io/v1beta1
metadata:
    name: native
handler: runc

    Load the runtime class to the Kubernetes deployment: 

    kubectl apply -f runc-runtime.yaml

    The runtime class native can be used in pod configuration files to specify a container should be run as a runC container, using the runc runtime.

  3. You can see a list of the available runtime classes for a Kubernetes cluster using the kubectl get runtimeclass. For example: 

    kubectl get runtimeclass
NAME              CREATED AT
kata-containers   2019-09-11T06:48:12Z
native            2019-09-11T07:08:56Z