容器的几种运行时

containerd is a container runtime which can manage a complete container lifecycle - from image transfer/storage to container execution, supervision and networking.

containerd是一个容器运行时，可以管理完整的容器生命周期 - 从镜像传输/存储到容器执行，监督和网络。

supervision 监督

container-shim handle headless containers, meaning once runc initializes the containers, it exits handing the containers over to the container-shim which acts as some middleman.

容器填充符处理无头容器，这意味着一旦 runc 初始化容器，它就会退出，将容器移交给充当中间人的容器垫片。

shim 垫片

runc is lightweight universal run time container, which abides by the OCI specification. runc is used by containerd for spawning and running containers according to OCI spec. It is also the repackaging of libcontainer.

runc 是轻量级的通用运行时容器，它遵循 OCI 规范。runc 由 containerd 用于根据 OCI 规范生成和运行容器。这也是libcontainer的重新包装。

universal 通用

abides by 尊循

grpc used for communication between containerd and docker-engine.

grpc 用于容器和 docker 引擎之间的通信。

OCI maintains the OCI specification for runtime and images. The current docker versions support OCI image and runtime specs.

OCI 维护运行时和映像的 OCI 规范。当前的 Docker 版本支持 OCI 映像和运行时规范。

Open Container Initiative 开放容器计划

The Open Container Initiative is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes.

开放容器计划是一个开放的治理结构，其明确目的是围绕容器格式和运行时创建开放的行业标准。

https://github.com/opencontainers/runtime-spec

Established in June 2015 by Docker and other leaders in the container industry, the OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.

OCI 由 Docker 和容器行业的其他领导者于 2015 年 6 月建立，目前包含两个规范：运行时规范（runtime-spec）和 Image Specification（image-spec）。运行时规范概述了如何运行在磁盘上解压缩的"文件系统捆绑包"。在高级别上，OCI 实现将下载 OCI 映像，然后将该映像解压缩到 OCI 运行时文件系统捆绑包中。此时，OCI 运行时捆绑包将由 OCI 运行时运行。

dockerd - The Docker daemon itself. The highest level component in your list and also the only 'Docker' product listed. Provides all the nice UX features of Docker.

(docker-)containerd - Also a daemon, listening on a Unix socket, exposes gRPC endpoints. Handles all the low-level container management tasks, storage, image distribution, network attachment, etc...

(docker-)containerd-ctr - A lightweight CLI to directly communicate with containerd. Think of it as how 'docker' is to 'dockerd'.

(docker-)runc - A lightweight binary for actually running containers. Deals with the low-level interfacing with Linux capabilities like cgroups, namespaces, etc...

(docker-)containerd-shim - After runC actually runs the container, it exits (allowing us to not have any long-running processes responsible for our containers). The shim is the component which sits between containerd and runc to facilitate this.