SYSTEM Cited by 3 sources

Cloudflare Containers

Cloudflare Containers is Cloudflare's Docker-container runtime on the Developer Platform, intended for workloads that don't fit the Workers isolate model — typically because they need arbitrary binaries, multi- process runtimes, or Linux-filesystem assumptions. Containers are addressable from Workers and can be driven at a higher level via Sandbox SDK.

Ephemeral by design

Containers are inherently ephemeral — data generated inside a container is lost when the container is deleted. This is the structural shape called out as concepts/container-ephemerality. Persistent-storage needs are met by mounting external storage (e.g. R2 via sandbox.mountBucket()) rather than by persisting the container filesystem itself.

Positioning

• Not the default compute tier on Cloudflare — Workers isolates are. Containers are opt-in for workloads where isolate constraints don't fit (custom binaries, ffmpeg-style tooling, agent runtimes, full Docker images).
• Paid-plan feature — the Workers Paid plan is required to access Sandbox Containers.
• Usually driven via Sandbox SDK, not raw Container APIs, for ergonomic lifecycle / networking / filesystem / process management.

Seen in

• sources/2026-05-19-cloudflare-announcing-claude-managed-agents-on-cloudflare — canonical wiki instance of Cloudflare Containers as the microVM tier in a per-agent sandbox-substrate choice. The launch post pairs Containers with Dynamic Workers (V8-isolate tier) as the two interchangeable backends an operator can pick per agent at setup time — "agents acting as a developer, building full applications and running Linux-based tools" pick Containers; "a faster, cheaper, and more scalable alternative" picks isolates. The trade-off itself is canonicalised at concepts/isolate-vs-microvm-for-agent-sandbox; the larger architectural shape (Anthropic brain ↔ Cloudflare hands) at concepts/agent-brain-hands-decoupling; the egress-policy half at patterns/outbound-worker-proxy-for-agent-egress and concepts/outbound-proxy-credential-injection. Containers here are the dev-agent-shape backend for Claude Managed Agents — the "if you need agents to act as a developer, building full applications and running Linux-based tools" case.
• sources/2026-05-13-cloudflare-browser-run-now-running-on-cloudflare-containers-its-faster — canonical wiki instance of Cloudflare Containers as the Customer Zero substrate for Browser Run. Browser Run migrated off shared Browser Isolation (BISO) infra onto its own DO-enabled Container image to unblock three workload-shape mismatches that had been bottlenecking it (image-size, distribution footprint, long-steady-vs-short-spiky session shape). The migration surfaced (and drove fixes for) the "novel, unstable early-stage Containers platform interface that was light on documentation, light on observability, and light on colleagues in an overlapping timezone" — explicitly framed as concepts/customer-zero for the Containers platform itself. Two architectural primitives canonicalised on this substrate by the migration: (a) DO-Container placement is independent (concepts/do-to-container-cross-region-rtt) — DO-enabled Containers create a Durable Object near the request, but the Container "may spin up on the other side of the world"; for chatty WebSocket workloads, the cross-region distance is paid per-message; (b) Regional pre-warmed DO+Container pair pools (patterns/regional-pre-warmed-do-container-pair-pool) are the architectural response — the unit of selection becomes a colocated DO+Container pair within a region. Outcomes: 60 browsers/min via Workers binding, 120 concurrent (4× previous), >50% Quick Action latency drop, WebGL + WebMCP unblocked.
• sources/2026-01-29-cloudflare-moltworker-self-hosted-ai-agent — Moltbot's Gateway runtime (originally run via Docker on a user's Mac mini) is instead run as a Cloudflare Container in the Moltworker architecture. The ephemeral-by-design property forces the use of mountBucket() for session memory + conversations (patterns/mountable-persistent-storage).

Related

• systems/cloudflare-sandbox-sdk — ergonomic higher-level API on top of Containers.
• systems/cloudflare-workers — the adjacent isolate-based compute tier.
• systems/cloudflare-r2 — typical durable-storage complement.
• systems/cloudflare-browser-rendering — Customer-Zero consumer; Browser Run runs on Cloudflare Containers post-2026-05-13.
• systems/cloudflare-durable-objects — pair primitive in DO-enabled Containers; placement coupling is the primary asymmetry regional pools resolve.
• systems/cloudflare-browser-isolation — BISO; the prior shared substrate Browser Run migrated off.
• concepts/container-ephemerality — the operational-semantics framing.
• concepts/customer-zero — the discipline framing Browser Run's role as the platform's first-party shaper.
• concepts/do-to-container-cross-region-rtt — the placement asymmetry of DO-enabled Containers.
• patterns/regional-pre-warmed-do-container-pair-pool — the bounding-pattern for the placement asymmetry.
• companies/cloudflare — operator.