This specification defines an OCI Image, consisting of a manifest, an image index (optional), a set of filesystem layers, and a configuration.
The goal of this specification is to enable the creation of interoperable tools for building, transporting, and preparing a container image to run.
- Introduction
- Notational Conventions
- Overview
- Content Descriptors
- Image Layout
- Image Manifest
- Image Index
- Filesystem Layers
- Image Configuration
- Annotations
- Considerations
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119 (Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997).
The key words "unspecified", "undefined", and "implementation-defined" are to be interpreted as described in the rationale for the C99 standard.
An implementation is not compliant if it fails to satisfy one or more of the MUST, REQUIRED, or SHALL requirements for the protocols it implements. An implementation is compliant if it satisfies all the MUST, REQUIRED, and SHALL requirements for the protocols it implements.
At a high level the image manifest contains metadata about the contents and dependencies of the image including the content-addressable identity of one or more filesystem layer changeset archives that will be unpacked to make up the final runnable filesystem. The image configuration includes information such as application arguments, environments, etc. The image index is a higher-level manifest which points to one or more manifests and descriptors. Typically, these manifests may provide different implementations of the image, possibly varying by platform or other attributes.
Once built the OCI Image can then be discovered by name, downloaded, verified by hash, trusted through a signature, and unpacked into an OCI Runtime Bundle.
The OCI Image Media Types document is a starting point to understanding the overall structure of the specification.
The high-level components of the spec include:
- An archival format for container images, consisting of an image manifest, an image index (optional), an image layout, a set of filesystem layers, and image configuration (base OCI layer)
- A process of referencing container images by a cryptographic hash of their content (base OCI layer)
- A format for storing CAS blobs and references to them (optional OCI layer)
- Signatures that are based on signing image content address (optional OCI layer)
- Naming that is federated based on DNS and can be delegated (optional OCI layer)