iSulad

• iSulad is a lightweight container engine developed on C/C++. It is not restricted by hardware architecture or specifications, has low memory overheads, making it suited for a wide range of applications.
• iSulad is a new container engine that has a unified architecture design to meet different requirements in the CT and IT fields. Compared with the Docker container engine developed using Go, iSulad occupies fewer resources, starts containers faster, and can be used in a wider range.
• iSulad provides commands similar to those of Docker, for greater usability. It supports the Container Runtime Interface (CRI) in the northbound direction and can connect to Kubernetes. You can use iSulad as the container base to orchestrate and schedule containers through Kubernetes. It also supports the Open Container Initiative (OCI) Runtime Specification in the southbound direction and is compatible with multiple container runtime environments, such as runc, LXC, Kata, and Kuasar.
  Figure 1 iSulad
  

Core capabilities of iSulad include the container service, image service, volume service, and network service.

• Container service: manages the lifecycle of containers.
• Image service: enables operations on container images.

  iSulad complies with the OCI Image Specification and supports mainstream image formats in the industry. In addition, iSulad supports the external rootfs image format in system container scenarios and the embedded image format in embedded scenarios.

• Volume service: manages data volumes of a container.
• Network service: works together with Container Network Interface (CNI)-compliant network plugins to provide network capabilities for containers.

As a general-purpose container engine, iSulad supports system containers and secure containers as well as common containers.

• Common containers: They are traditional application containers.
• System containers: They have extended functions based on common containers, possessing the systemd management service capability, as well as being able to dynamically add or release drives, NICs, routes, and volumes when the container is running. System containers are mainly used in computing-intensive, high-performance, and heavy-concurrency scenarios to accommodate computing-intensive applications and cloudified services.
• Secure containers: They are a combination of virtualization and container technologies. Unlike common containers that share the same host kernel, secure containers clearly isolate containers from each other through the virtualization layer. Each secure container has its own kernel and a lightweight VM environment, ensuring that different secure containers on the same host do not affect each other.