Frequently Asked Question

What is the Open Container Initiative (OCI) and why does it matter?

The Open Container Initiative is a Linux Foundation working group, formed in 2015 by Docker, CoreOS, Red Hat and others, that publishes vendor-neutral specifications for what a "container" actually is. There are three specs. The image-spec defines the on-disk format of a container image: a JSON manifest plus an ordered list of compressed filesystem layers, each addressed by SHA-256 digest. The runtime-spec defines what a runtime such as runc takes as input, an unpacked root filesystem plus a config.json describing namespaces, mounts, capabilities and so on, and how it should launch a process inside that bundle. The distribution-spec defines the HTTP API that registries like Docker Hub and the GitHub Container Registry implement.

Why it matters: before OCI, "Docker image" was whatever Docker, Inc shipped that week, and the format was tightly coupled to a single company. After OCI, any tool can build an image that any other tool can run. That is why Podman, BuildKit, Kaniko, buildah, containerd, CRI-O, runc, crun, and a dozen others all interoperate, and why Kubernetes was able to drop its hard dependency on Docker in 1.24 without breaking anyone's images. OCI is one of the quieter standards successes of the 2010s.