Today, the task of running containers involves a lot of technologies and levels of abstraction, and it can be difficult to understand, or just to keep up. How do CRI-O and containerd overlap ? Does Kata containers compete with Firecracker ? Is there any relationship between OCI and CRI ? How many different meanings can "container runtime" have ? In this talk, we will navigate this treacherous sea of overlapping technologies and acronyms that take care of running container workloads, below Kubernetes all the way down to the Linux kernel. We will present at a high-level how these technologies, interfaces and levels of abstraction combine and overlap, and hopefully clarify which are spec vs. implementation, which are complementary, and which are alternative solutions. This talk will cover the following points: The world used to be simple: the case of Docker Interfaces: OCI and CRI More puzzle pieces: Podman, Containerd and CRI-O Workload isolation: Kata Containers, GVisor and Firecracker Q&A