Choosing an Operating System and Container Runtime for Your Cloud Native Stack
Containers redefined the role of an operating system (OS). With much of the heavy lifting moving to container runtimes, an OS has become a thin layer that provides access to physical resources. This shift has resulted in a new breed of operating systems called container-optimized OS (COS).
The COS forms the base layer of the cloud native stack, one layer above the physical infrastructure of the cluster, as we learned in the previous article in this series.
When compared to a traditional OS, COS is a lightweight OS with a much smaller footprint. It contains the most essential components that are required to run the container runtime. Choosing the right COS goes a long way in maintaining the CaaS deployment.
Customers can choose between Fedora CoreOS from Red Hat, Talos from Talos Systems, Flatcar Container Linux from Kinvolk GmbH., or RancherOS from Rancher Labs (in the process of being acquired by SUSE as of July 2020) to deploy the COS.
Most of the vendors offer an optional commercial subscription plan that includes regular updates, patches, and professional support.
| Container-Optimized Operating System | ||
| Commercial Offerings | Product | Vendor |
| Fedora CoreOS | Red Hat | |
| Talos | Talos Systems | |
| Open Source Projects | Project | CNCF Status |
| Flatcar Container Linux | Not Submitted | |
| RancherOS | Not Submitted | |
Container Runtime
The container runtime is responsible for managing the life cycle of a container, providing the execution environment, and acting as an interface between the workload and the host operating system.
In 2015, the Open Container Initiative (OCI)was launched by The Linux Foundation to bring parity among the container runtime implementations. The OCI currently defines two specifications: the Runtime Specification (runtime-spec) and the Image Format Specification (image-spec).
According to the OCI website, the Runtime Specification outlines how to run a “filesystem bundle” that is unpacked onto a disk. At a high level, an OCI implementation would download an OCI Image and then unpack that image into an OCI Runtime file system bundle.
The Image Format Specification defines how to create an OCI Image — which will generally be done by a build system — and how to output an image manifest, filesystem (layer) serialization, and image configuration.
After the acquisition of Docker Enterprise by Mirantis, the commercial edition of Docker Engine (Docker Engine Enterprise) is sold by Mirantis; this offers enterprise-class support and professional services.
The containerd project has evolved as an industry standard for the container runtime. It’s a graduated project from the Cloud Native Computing Foundation, which is used in many production environments. CRI-O is currently a CNCF incubation project with active participation from the community.
Docker Engine (now Docker-CE) is one of the most popular container runtimes used by container management platforms. Frakti is a hypervisor-based container runtime for Kubernetes which provides a stronger isolation by running pods in dedicated VMs. Apart from these, other choices include Kata Containers and runC.
| Container Runtime | ||
| Commercial Offerings | Product | Vendor |
| Docker Engine Enterprise | Mirantis | |
| Open Source Projects | Project | CNCF Status |
| containerd | Graduated | |
| CRI-O | Incubation | |
| Docker-CE | Not Submitted | |
| Frakti | Not Submitted | |
| Kata Containers | Not Submitted | |
| runC | Not Submitted | |
The Cloud Native Computing Foundation and Red Hat are sponsors of The New Stack.