Choosing an Operating System and Container Runtime for Your Cloud Native Stack

19 Oct 2020 11:47am, by

Containers redefined the role of an operating system (OS). With much of the heavy lifting moving to container runtimes, an OS has become a thin layer that provides access to physical resources. This shift has resulted in a new breed of operating systems called container-optimized OS (COS).

The COS forms the base layer of the cloud native stack, one layer above the physical infrastructure of the cluster, as we learned in the previous article in this series.

When compared to a traditional OS, COS is a lightweight OS with a much smaller footprint. It contains the most essential components that are required to run the container runtime. Choosing the right COS goes a long way in maintaining the CaaS deployment.

Customers can choose between Fedora CoreOS from Red Hat, Talos from Talos Systems, Flatcar Container Linux from Kinvolk GmbH., or RancherOS from Rancher Labs (in the process of being acquired by SUSE as of July 2020) to deploy the COS.

Most of the vendors offer an optional commercial subscription plan that includes regular updates, patches, and professional support.

Container-Optimized Operating System
Commercial Offerings Product Vendor
Fedora CoreOS Red Hat
Talos Talos Systems
Open Source Projects Project CNCF Status
Flatcar Container Linux Not Submitted
RancherOS Not Submitted

Container Runtime

The container runtime is responsible for managing the life cycle of a container, providing the execution environment, and acting as an interface between the workload and the host operating system.

In 2015, the Open Container Initiative (OCI)was launched by The Linux Foundation to bring parity among the container runtime implementations. The OCI currently defines two specifications: the Runtime Specification (runtime-spec) and the Image Format Specification (image-spec).

According to the OCI website, the Runtime Specification outlines how to run a “filesystem bundle” that is unpacked onto a disk. At a high level, an OCI implementation would download an OCI Image and then unpack that image into an OCI Runtime file system bundle.

The Image Format Specification defines how to create an OCI Image — which will generally be done by a build system — and how to output an image manifest, filesystem (layer) serialization, and image configuration.

After the acquisition of Docker Enterprise by Mirantis, the commercial edition of Docker Engine (Docker Engine Enterprise) is sold by Mirantis; this offers enterprise-class support and professional services.

The containerd project has evolved as an industry standard for the container runtime. It’s a graduated project from the Cloud Native Computing Foundation, which is used in many production environments. CRI-O is currently a CNCF incubation project with active participation from the community.

Docker Engine (now Docker-CE) is one of the most popular container runtimes used by container management platforms. Frakti is a hypervisor-based container runtime for Kubernetes which provides a stronger isolation by running pods in dedicated VMs. Apart from these, other choices include Kata Containers and runC.

Container Runtime
Commercial Offerings Product Vendor
Docker Engine Enterprise Mirantis
Open Source Projects Project CNCF Status
containerd Graduated
CRI-O Incubation
Docker-CE Not Submitted
Frakti Not Submitted
Kata Containers Not Submitted
runC Not Submitted

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Mirantis, Docker.

This post is part of a larger story we're telling about Kubernetes.

Get the full story in the ebook

Get the full story in the ebook