Skip to content

api-evangelist/youki

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
examples
examples
 
 
finops
finops
 
 
json-ld
json-ld
 
 
json-schema
json-schema
 
 
json-structure
json-structure
 
 
plans
plans
 
 
rate-limits
rate-limits
 
 
vocabulary
vocabulary
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
apis.yml
apis.yml
 
 

Repository files navigation

Youki (youki)

youki is an open source container runtime written in Rust that implements the OCI runtime specification as a memory-safe alternative to runc, with rootless container support, cgroups v1 and v2, seccomp filtering, and systemd integration. Maintained as a CNCF sandbox project under the youki-dev organization, youki is adopted by container engines such as containerd, Podman, and Docker for executing OCI-compliant workloads.

URL: Visit APIs.json URL

Run: Capabilities Using Naftiko

Tags:

  • Containers, Container Runtime, OCI, Rust, CNCF, Cloud Native, Kubernetes

Timestamps

  • Created: 2026-03-26
  • Modified: 2026-05-03

APIs

Youki Container Runtime

youki is a container runtime written in Rust that implements the OCI runtime specification, providing a memory-safe and high-performance alternative to runc. It supports rootless containers, cgroups v1 and v2, seccomp filtering, capabilities, and Linux namespaces, and integrates with container engines including containerd, Podman, Docker, and Kubernetes.

Human URL: https://github.com/youki-dev/youki

Tags:

  • Container Runtime, OCI, Rust

Properties

OCI Spec for Rust

oci-spec-rs is a Rust implementation of the OCI Runtime, Image, and Distribution Specifications, providing the data structures and types consumed by youki and other Rust-based container tooling.

Human URL: https://github.com/youki-dev/oci-spec-rs

Tags:

  • OCI, Rust, Specification

Properties

Common Properties

Features

Name Description
OCI Runtime Spec Compliance Implements the Open Container Initiative (OCI) runtime specification, allowing youki to run any OCI-compliant container alongside or in place of runc.
Memory-Safe Rust Implementation Written entirely in Rust to deliver memory safety and stronger isolation guarantees than C-based container runtimes.
Rootless Containers Enables running containers without root privileges to reduce host attack surface for development and multi-tenant scenarios.
Cgroups v1 and v2 Support Supports both legacy cgroups v1 and modern cgroups v2 hierarchies for resource management on Linux.
Seccomp Filtering Applies seccomp BPF filters to restrict syscalls available to containers and harden the runtime surface.
Systemd Integration Integrates with systemd as a cgroup manager and supports systemd-managed container processes.
Linux Namespaces and Capabilities Manages mount, UTS, IPC, user, PID, network, and cgroup namespaces and supports capabilities such as CAP_BPF, CAP_PERFMON, and CAP_CHECKPOINT_RESTORE.
Performance Benchmarks show youki performing roughly twice as fast as runc for container create-to-delete cycles.
CNCF Sandbox Project Maintained as a Cloud Native Computing Foundation sandbox project with open governance, public roadmap, and community contributors.

Use Cases

Name Description
Drop-In runc Replacement Use youki as a drop-in replacement for runc in container engines to gain memory safety and performance benefits with no workload changes.
Rootless Container Workflows Run containers as a non-root user for development, CI, or multi-tenant environments where elevated privileges are not desirable.
Kubernetes Workloads via containerd Use youki under containerd to execute Kubernetes pods and workloads in production clusters.
Podman and Docker Container Execution Configure Podman or Docker to invoke youki as the low-level OCI runtime for image execution.
Container Runtime Research and Education Explore and prototype container runtime features in a memory-safe codebase suitable for systems research, security analysis, and teaching.

Integrations

Name Description
containerd containerd has passed end-to-end testing against youki, enabling its use as the OCI runtime for Kubernetes and other workloads orchestrated by containerd.
Podman Podman can be configured to use youki as its OCI runtime for both rootless and rootful container execution.
Docker Docker can call youki as the low-level OCI runtime in place of runc for compatible workloads via daemon.json configuration.
Kubernetes Kubernetes clusters can run youki indirectly through container runtimes such as containerd or CRI-O.
crun youki sits alongside crun as a modern alternative to runc, focused on memory-safe systems programming in Rust.
systemd Integrates with systemd for cgroup management and lifecycle control of container processes.
oci-spec-rs Built on oci-spec-rs, the Rust implementation of the OCI Runtime, Image, and Distribution specifications maintained by the same organization.

Solutions

Name Description
Cloud Native Container Platforms Provides a CNCF sandbox container runtime for cloud-native platforms looking to adopt a memory-safe OCI runtime under containerd or CRI-O.
Secure Multi-Tenant Hosts Pairs rootless containers, seccomp filtering, and Rust memory safety to harden multi-tenant container hosts against runtime exploits.
Edge and Embedded Workloads A lightweight, high-performance runtime suitable for edge and embedded deployments where resource use and predictable performance matter.

Artifacts

Machine-readable API specifications organized by format.

JSON Schema

JSON Structure

JSON-LD

Examples

Vocabulary

  • Youki Vocabulary — Unified taxonomy mapping 16 resources, 17 actions, 10 workflows, and 9 personas across operational (OpenAPI) and capability (Naftiko) dimensions

Maintainers

FN: Kin Lane

Email: kin@apievangelist.com

About

youki is a container runtime written in Rust that implements the OCI runtime specification as an alternative to runc.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors