runC is a container runtime based on the Linux Foundation's Runtime Specification (runtime-spec). runC is developed by the Open Container Initiative.

runC is a component of Oracle Cloud Native Environment. runC is a Cloud Native Computing Foundation (CNCF) compliant environment to deploy microservices, and to orchestrate containers.

runC is based on a stable release of the upstream runC project. Differences between Oracle versions of the software and upstream releases are limited to Oracle specific fixes and patches for specific bugs.

For upstream runC documentation, see:

https://github.com/opencontainers/runc/blob/main/man/runc.8.md

For more information about runC, see:

https://github.com/opencontainers/runc

You can provide extra security and isolation of workloads using Kata Containers. Kata Containers is based on the upstream Kata Containers OpenStack Foundation project. Kata Containers delivers the framework for creating lightweight virtual machines, that can easily plug into a container ecosystem. Kata Containers offers extra levels of security, while maintaining the development and deployment speed of traditional containers.

Kata Containers is a component of Oracle Cloud Native Environment. Kata Containers is a Cloud Native Computing Foundation (CNCF) compliant environment to deploy microservices, and to orchestrate containers.

Kata Containers is based on a stable release of the upstream Kata Containers project. Differences between Oracle versions of the software and upstream releases are limited to Oracle specific fixes and patches for specific bugs.

For upstream Kata Containers documentation, see:

https://github.com/kata-containers/documentation

For more information about Kata Containers, see:

https://katacontainers.io/

CRI-O uses a Kubernetes annotation or Runtime class set in the pod configuration file to decide whether to run a pod using runc or kata-runtime.

You can create Kubernetes runtime classes to specify whether containers are run as the default runtime, runc, or using kata-runtime. The examples in this book use the name native to specify the use of runc, and the name kata-containers to specify the use of kata-runtime. You can use any name you like.

To create a runtime class:

1. Create a file for a runtime class for Kata Containers named kata-runtime.yaml with the following contents:

   kind: RuntimeClass
   apiVersion: node.k8s.io/v1
   metadata:
       name: kata-containers
   handler: kata

   Load the runtime class to the Kubernetes deployment:

   kubectl apply -f kata-runtime.yaml

   The runtime class kata-containers can now be used in pod configuration files to specify a container is to be run as a Kata container, using the kata-containers runtime. For examples of creating pods using this runtime class, see Creating Kata Containers.

2. (Optional) To specify a runtime for runc, you can do this in a similar way. This is an optional configuration step. As runc is the default runtime, pods automatically run using runc unless you specify otherwise. This file is named runc-runtime.yaml:

   kind: RuntimeClass
   apiVersion: node.k8s.io/v1
   metadata:
       name: native
   handler: runc 

   Load the runtime class to the Kubernetes deployment:

   kubectl apply -f runc-runtime.yaml

   The runtime class native can be used in pod configuration files to specify a container is to be run as a runC container, using the runc runtime.

3. You can see a list of the available runtime classes for a Kubernetes cluster using the kubectl get runtimeclass. For example:

   kubectl get runtimeclass

   The output looks similar to:

   NAME              HANDLER   AGE
   kata-containers   kata      7m29s
   native            runc      7m7s