OCI Container Instances runs your containers on serverless compute optimized for container workloads. The underlying infrastructure is fully managed and hardened by OCI. You can focus on building your applications without worrying about provisioning, patching, or managing servers.
You only pay for the CPU and memory resources allocated to your container instance at the same price as the regular compute instances for the chosen shape. There are no additional charges or taxes for the seamless operations provided by the serverless platform. With better performance and security and a price that’s similar to do-it-yourself, letting go of the management overhead is an easy decision.
Running a new container instance with one or more containers requires only a few simple parameters via command-line interface, API, or the OCI console. You have the flexibility to specify your preferred shape (such as AMD E4 Flex and Ampere A1 Flex), required CPU and memory resources, and networking configuration. You can also configure environment variables, startup options, resource limits, a security context, and so forth for each container. This lets you launch containers instantly, configured just the way you want them to support your needs.
You can allocate all the CPU and memory resources provided by the underlying compute shape to a container instance to run even the most demanding workloads. For example, you can allocate up to 64 cores (128 vCPU) and 1,024 GB of memory to a container instance with E3/E4 Flex shapes.
OCI Container Instances supports pulling container images from container registries that are compliant with the Open Container Initiative, including OCI Container Registry. You can also set up OCI Container Registry with private access and enable security scanning for your container images.
Container Instances provides a dedicated environment with strong isolation to each container instance—the same as VMs. Containers running on a container instance don’t share operating system kernel and CPU/memory resources with other container instances. This enhances your application’s security posture without compromising its performance.
Each container instance is connected to a subnet in your VCN, ensuring secure communication. Optionally, you can assign a public IP to a container instance if containers need to be accessed publicly. Using OCI Identity and Access Management, you can configure policies to control access to other OCI services and resources from container instances. Furthermore, you can apply security context settings at the container level to specify user ID/group ID, mount the root file system as a read-only file system, or run the container as non-root user only.
Using the built-in logging, you can view your container logs in the OCI console or pull them using the API. OCI Container Instances also provides built-in metrics to monitor CPU and memory utilization, disk I/O, network receive/transmit bytes, and more.