OCI (Open Container Initiative) provides a standard for building, distributing and running containers: - `OCI Image-spec`: Defines the structure of container images, ensuring they can be recognized and managed by various tools. - `OCI Distribution-spec`: Specifies the distribution methods for container images, ensuring that images can interact with repositories through standardized HTTP APIs. - `OCI Runtime-spec`: Defines the standards for container runtime, ensuring consistent management and execution of container lifecycles. ![[Pasted image 20250219135258.png]] ### OCI Image-spec Contains at minimum: Manifest, Layers and Configuration. ![[Pasted image 20250219135333.png]] ### OCI Distribution-spec ![[Pasted image 20250219135420.png]] ### OCI Runtime-spec Contains: container configuration (```config.json```), execution environment and lifecycle. How can we view ```config.json```? - Locate the node where the Pod is running and ssh into it - Use ```crictl ps``` to find the container ID - For ```containerd```, the file is located at `/run/containerd/io.containerd.runtime.v2.task/k8s.io/<container-id>/config.json`. In cri-o, it may be found at `/run/containers/storage/<container-id>/userdata/config.json` ![[Pasted image 20250219135623.png]] > This `OCI Runtime-spec` defined `config.json` is generated by `Containerd` or `CRI-O` based on the Pod's definition (commands, parameters, environment variables, resource limits, etc.)