14.2-RELEASE now includes OCI-compatible images, and the Podman toolkit on FreeBSD is ready to use them, on both amd64 and arm64 systems.
↫ Dave Cottlehuber
This article from Dave Cottlehuber goes into more detail about the OCI-compatible FreeBSD images and how to use them.
I do not know why it has been made so hard to guess or understand this from both the FreeBSD release and this article but what we are talking about here is running OCI images containing a FreeBSD userland on a FreeBSD kernel using software designed to work with the OCI spec.
What we are NOT talking about is running a FreeBSD OCI image as a container on the Linux kernel. In other words, this is not going to work in any of the contexts you would expect OCI containers to run today. I am not going to be able to fire up Podman on the EOS machine I am typing on and launch into an OCI containerized FreeBSD. You are not going to be running these FreeBSD containers via Docker Desktop. They are not going to work on the Kubernetes cluster that you manage today.
As a related but distinct issue, it does appear to be possible to run some OCI images on FreeBSD that target Linux ( in other words, “normal” OCI images ). That has nothing to do with OCI per se but is rather just exploiting the fact that the FreeBSD kernel features some support for native Linux binaries.
OCI containers and OCI runtimes ( eg. the Docker and Kubernetes universes ) allow the software contained inside OCI images to run alongside native processes and to share the same host kernel. You can run a Debian OCI image on an Ubuntu host because the Ubuntu kernel is compatible with both of them.
As above, it “may” be that a Linux OCI image can run on FreeBSD if the FreeBSD kernel is compatible with the software inside that image. However, a FreeBSD OCI image is not going to run on Linux because Linux is not able to host the FreeBSD software contained inside. It will run on FreeBSD only.
The goal here seems to be to run Kubernetes. Again, you are not going to run these FreeBSD containers on an existing ( Linux ) Kubernetes cluster. What you may be able to do is to host Kubernetes itself on FreeBSD and then to deploy these new FreeBSD OCI images to it.
Perhaps this is all just super obvious to everybody. I went looking for the answer though and found it incredibly frustrating that the question was never answered. If somebody believes I am wrong, please correct me. I would love it if I was wrong.
It’s been possible to run Linux containers on freebsd using containerd for a long time.
See https://productionwithscissors.run/2022/09/04/containerd-linux-on-freebsd/
There are multiple tools for doing this.
Which is what I said. That is, IF the Linux applications inside the container will run on the FreeBSD kernel. How reliable is that support in practice?
And now you can also run FreeBSD containers ( compliant with the OCI spec ) on FreeBSD as well. And you could already run FreeBSD on FreeBSD various other ways before ( eg. Jails ).
What you cannot do, as far as I can tell, is run those FreeBSD OCI containers in 99% of the environments where OCI containers are deployed today. Do you agree?
It’s hard for me to say. There is Chimera Linux which takes it’s userland from the BSDs and pairs it with the Linux kernel. They might have a better idea about that.
https://chimera-linux.org/
That’s basically it. I have to imagine this would help companies run FreeBSD in their CI/CD systems, which would be tremendous.