Docker and the OCI container ecosystem

Excellent article, thanks! On the runtimes section, one option that may be worth mentioning is Sysbox which is a runc alternative that enhances container isolation and workloads using pure OS virtualization (I am one of the developers). Sysbox enables the user-namespace on all containers, virtualizes /proc and /sys within them, traps sensitive syscalls, and enables containers to run systemd, Docker, K8s, K3s, and more seamlessly. The latter means Docker or Kubernetes can be used to deploy not just app containers, but also system containers. Docker recently acquired the company that developed Sysbox (Nestybox) to extend containers isolation and workloads.