All Posts By

Kristen Evans

2018’s Biggest Moments + What’s Coming for OCI in 2019

By Blog

Looking back at 2018, OCI had a banner year for foundational momentum perfect for all our community has planned for 2019 🗓

Some of our biggest moments of last year included the launch of the Distribution Specification project, to standardize container image distribution based on the specification for the Docker Registry HTTP API V2 protocol the result of extensive work from key maintainers Derek McGowan, Stephen Day and Vincent Batts, with backing from hundreds of OCI contributors and organizations committed to container standardization and the long-awaited announcement of Alibaba Cloud’s membership the last of top 5 major hyperscale clouds to join the initiative and largest cloud provider in China.

Additionally, OCI community members Chris Aniszczyk, Jeffrey Borek, Rithu Leena John, & Patrick Chanezon secured a coveted speaking slot at KubeCon + CloudNativeCon North America to present How Standards, Specifications and Runtimes Make for Better Containers” to a sold-out Seattle crowd. Check out a recording of their session below 🎥

We also started publishing ecosystem features in an effort to highlight how OCI is being leveraged by various projects. These deep dives, which we plan to continue sharing in 2019, were a hit with maintainers and readers alike a sample of community usage posts shared in 2018 can be found below:

Check back soon for more ecosystem project features, including one from the containerd team!

In 2019, the OCI community plans to roll out updates to specifications, ship a v1.0 of runc + much more stay tuned, get involved, and follow along on social for an even bigger year of all things container standards & specs!

Open Container Initiative Welcomes Alibaba Cloud as Newest Member

By Announcement

Chinese cloud giant joins OCI efforts to help drive global container standardization

SAN FRANCISCO, Calif. – August 29, 2018 ​– The Open Container Initiative (OCI), an open source community for creating open standards around containers, today announced that Alibaba Cloud, the cloud computing arm of Alibaba Group, has become a member of the Initiative.

As the largest provider of public cloud services in China, according to IDC, Alibaba Cloud runs one of the world’s most extensive cloud native applications on top of millions of container instances and processes up to 325,000 transactions per second.

“With cloud investments throughout China set to boom in the coming years, the region and beyond will undoubtedly benefit from investments in a set of common, open containers standards from global leaders like Alibaba Cloud,” said Chris Aniszczyk, Executive Director of the OCI. “We’re happy to have the Alibaba team lend its massive-scale expertise to this community as we work to drive improvements to our projects and the availability of our Distribution Specification later this year.”

“Container standardization allows the entire world to speak the same language and benefits hosting providers, ISV, developers and end users alike,” said Junjie Cai, Chief Architect of Elastic Compute Service, Alibaba Cloud. “As we believe that common specifications give customers more value from the cloud, we’ve adopted the OCI v1.0 specifications – both in our internal infrastructure as well as the public container service available in Alibaba Cloud. We also contribute to leading container projects like containerd and recently open-sourced our own container project, Pouch. Alibaba Cloud is thrilled to join OCI and offer our deep container experience to the Initiative, while collaborating with the community to standardize the space.”

As an active member and advocate for open standards, Alibaba looks forward to furthering OCI’s efforts throughout the container ecosystem – making the cloud infrastructure layer more democratic to better serve end users and enable cloud vendors to avoid duplicate efforts while focusing on higher-value innovations.

To learn more about Pouch, the open source project from Alibaba Cloud, read this blog.

About the Open Container Initiative (OCI)

The Open Container Initiative is an open governance structure for the express purpose of creating open industry standards around container formats and runtime. Projects associated to the Open Container Initiative can be found at Learn more about joining the OCI community here:

The Open Container Initiative is a Collaborative Project at The Linux Foundation. Linux Foundation Collaborative Projects are independently funded software projects that harness the power of collaborative development to fuel innovation across industries and ecosystems.

Additional Resources


The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: Linux is a registered trademark of Linus Torvalds.

Media Contact

Kristen Evans

The Linux Foundation

Open Container Initiative(开放容器计划)欢迎Alibaba Cloud(阿里云)作为最新成员加入


加州旧金山—2018 年8 月29 日—创建容器开放标准的开源社区,开放容器计划(OCI)今天宣布,阿里巴巴集团的云计算部门阿里云加入该计划。

根据IDC,阿里云是中国公共云服务规模最大的提供商在数百万个容器实例顶端,运行着世界上最广泛的云原生应用,每秒处理多达325,000 件事务。

OCI 执行董事Chris Aniszczyk 表示:“随着中国区域云投资在未来数年的蓬勃发展,该地区内外无疑将得益于阿里云等全球领导者对一套通用、开放容器标准的投资。”“我们很高兴,阿里巴巴团队能够向这个社区提供大规模的专业知识,我们正在努力改进项目,并在今年晚些时候推出分布规范。”

阿里云弹性计算服务的首席架构师蔡俊杰表示:“容器标准化让全世界都可以说同样的语言,且托管提供商、ISV、开发人员和最终用户将同样受益。”“我们深信,通用规范能让客户从云中获得更多价值,现已在内部架构以及阿里云提供的公共容器服务采用OCI v1.0 规范。我们也大力投入领先的容器项目,例如,containerd和我们自己的最新开源容器项目,Pouch。阿里云对于加入OCI 深感高兴,将为该计划提供深入的容器体验,同时与社区合作,从而规范这一空间。”

作为开放标准的积极成员和倡导者,阿里巴巴期待着在整个容器生态系统中深入OCI 的工作——使云架构层更加民主,以更好地服务于最终用户,并使云开发商能够避免重复劳动,同时专注于更高价值的创新。

若要了解有关阿里云开源项目Pouch 的更多信息,欢迎阅读本篇博客文章


开放容器计划是一种开放的治理结构,其明确的宗旨是,围绕容器格式和运行时创建开放的行业标准。可在了解与开放容器计划相关的项目。在此处了解加入OCI 社区的更多信息:

开放容器计划是Linux 基金会的协作项目。Linux 基金会协作项目是独立资助的软件项目,利用协作开发的力量推动跨行业和生态系统的创新。



Linux 基金会拥有注册商标,并使用商标。有关Linux 基金会的商标列表,请参见商标使用页面: 是Linus Torvalds 的注册商标。


Kristen Evans

Linux 基金会

CRI-O: How Standards Power a Container Runtime

By Blog

By Joe Brockmeier, Red Hat

The CRI-O project (part of the former Kubernetes incubator) is busy working on the upcoming 1.11 release, which will be released in conjunction with the Kubernetes 1.11 release. It will have some interesting new features, but won’t lose sight of its stated No. 1 goal: to never break Kubernetes. Parallel to that goal is to run any OCI image from any registry (when the OCI distribution specification is finalized).

Historically, Kubernetes has worked with container runtimes that were designed to do many things: build container images, manage container security, manage container orchestration, inspect container images, etc. CRI-O, on the other hand, was designed just to support the functions Kubernetes needs to actually run containers.

Depending on Standards

CRI-O moves in lock-step with Kubernetes’ Container Runtime Interface (CRI), the API for container runtimes to integrate with a kubelet. CRI-O is aligned with the upstream Kubernetes releases, so any changes to the CRI in Kubernetes are supported in the matching release of CRI-O for that release. For example, the most recent CRI-O 1.10 release matches Kubernetes 1.10. CRI-O 1.11 will release with Kubernetes 1.11, and so forth.

Most users these days are using Kubernetes with a version of Docker, but some organizations with different business needs might want to use new container types that haven’t been implemented yet, or others like Kata Containers. CRI-O opens the door for this by supporting any OCI images and runtimes.

Here’s how it works:

  • Kubernetes asks the kubelet to start a pod
  • The kubelet talks to the CRI-O daemon using the CRI
  • CRI-O uses a library that implements the OCI standard to pull the image from a registry
  • CRI-O uses another standard library to unpack the container image for use
  • CRI-O then generates a JSON file that describes how the container is to be run
  • Next, CRI-O launches an OCI-compatible runtime (currently runc or the Clear Containers runtime) to run the container processes
  • A common process handles logging for the container and monitors the process

You might also be wondering about networking. Again, the idea is to have flexibility within a standard interface, so CRI-O uses the Container Networking Interface (CNI) to set up networking. Any CNI plugin can be used with CRI-O, giving users flexibility over their container networking stack as well.

CRI-O helps achieve what the OCI specifications and CRI API set out to do – make the container runtime an implementation detail that the end user doesn’t have to worry about. Worry about how Kubernetes works with your application, not how Kubernetes works with the container runtime.

Learning More about CRI-O

Want to learn more about CRI-O? Of course you do! For now the best resources on CRI-O are the README on GitHub, the accompanying tutorial, and be sure to watch the CRI-O blog.

OCI Member Spotlight: OpenStack (Kata Containers)

By Blog

The OCI community is comprised of a diverse set of member organizations that are committed to creating open industry standards around a container image format and runtime. This blog series highlights OCI members and their contributions to building an open, portable and vendor neutral specification.

Name: Xu Wang
Title: CTO + Kata Architecture Committee member
Company: + Kata Containers

What is Kata Containers?

Kata Containers is an open source project hosted by the OpenStack Foundation that provides lightweight virtual machines that feel and perform like containers, while providing the workload isolation and security advantages of traditional VMs.

Why did OpenStack (Kata Containers) join OCI?

The Kata Containers project runs containers specified by OCI runtime spec in virtual machines. We joined OCI to guarantee the compatibility between Kata Containers and OCI runtime specs, and to help to improve the OCI specifications – enabling more efficient Kata Containers. We look forward to collaborating around tooling, compatibility and interoperability testing.

How can OCI community members contribute to Kata Containers? 

Many of the Kata community members come from the OCI community, so we look forward to more collaboration on use case sharing, specification discussion, testing and toolchains. See Github for more information:

How do you anticipate OCI changing the container technology landscape? 

The OCI specs guarantee that container technology can be open, vendor neutral and a cornerstone of future computing infrastructure.

What is the benefit of open standards like OCI for users of Kata Containers?

The open and unified container spec gives users more options and helps Kata to be adopted in more cases.

More and more applications are shipped and run under OCI specs. With OCI, Kata could enable users to launch unified container applications no matter if the runtime isolation technology is namespace or VM.

For cloud providers, if a user application has been developed for OCI specs, they could run the application with Kata Containers directly which introduces fewer layers than running a container orchestration system on a VM pool.

On the other hand, for those users who have already invested in VM technology, they could apply their existing tools to Kata Containers and move their application to microservice with OCI containers.

Teaming up with Docker to Support a Diverse Container Ecosystem

By Blog

With a commitment to driving inclusivity in the community, OCI is proud to be an official Diversity Scholarship sponsor for DockerCon 2018.

By actively seeking ways to increase the ecosystem’s diversity, OCI + Docker’s collective goal is to make DockerCon a safe place for everyone to learn and collaborate.

The scholarship program will provide under represented members across the global container community with a scholarship to attend the annual event.

To learn more, make sure to check out the selection process, scholarship details and requirements below + don’t forget to submit an application by Wednesday, April 25, 2018 at 5:00PM PST!

Apply Now!

Selection Process:

A committee of Docker community members will review and select the scholarship recipients. Recipients will be notified by the week of May 7, 2018

What’s included:

Full Access DockerCon Conference Pass


Must be able to attend DockerCon US 2018

Must be 18 years old or older to apply

ZDNet: “​Open Container Initiative nails down container image distribution standard”

By News

The Open Container Initiative (OCI), the open-source community in charge of creating container standards, has announced the launch of the Distribution Specification project to standardize container image distribution. This new standard is based on the Docker Registry v2 protocol. It standardizes container image distribution, which supports the pushing and pulling of container images. READ MORE.

Container Journal: “OCI Standardizes Container Registry Protocol”

By News

The Open Container Initiative (OCI) announced today that the way which container images are distributed is about to become standardized using the Docker Registry v2 protocol.

Chris Aniszczyk, executive director of the OCI, says the protocol will now serve as the specification for the new distribution-spec OCI project that will foster interoperability across different container registries. READ MORE.