Container standards on the Horizon

 

 

Vincent Batts  @vbatts

$> finger $(whoami)
Login: vbatts                           Name: Vincent Batts
Directory: /home/vbatts                 Shell: /bin/bash
Such mail.
Plan:
OHMAN
$> id -Gn
devel opencontainers docker appc redhat golang slackware

So,

Containers?

STANDARDS!

Standard

/ˈstandəd/

noun

something used as a measure, norm, or model in comparative evaluations

STANDARDS!

Areas to Standardize:
  • Packaging
  • Runtime
  • Networking
  • Cloud

Runtime - Implied standards

LXC

  • 2008
  • lxc specifc config

Docker

  • 2013
  • Docker specifc config and APIs

Runtime - Specifications

Application Container Spec (github.com/appc/spec)

  • December 2014
  • App Container Executor (ACE)
  • Several implementations, with rkt as the flagship
  • Specification

Runtime - Specifications

OpenContainer Runtime-Spec (github.com/opencontainers/runtime-spec)

  • June 2015
  • Several Implementations, with runc as flagship
  • Specification
  • Currently v1.0.0-rc3

Network

Container Networking Interface

(CNI - github.com/containernetworking/cni)

  • Used by RKT, kubernetes, OpenShift, Kurma, Cloud Foundry, RancherOS, usable with runC, and more
  • Simple to integrate with a process based workflow
  • December 2014
  • Specification and Library

Network

Container Network Model

(CNM - Docker libnetwork)

  • Used by Docker Engine
  • April 2015

Packaging - Implied Standard

  • Docker specific format

Docker Image

  • Tight coupling with daemon version
  • Signing requires Docker notary integration
  • Image naming is Docker specific and bound to registries

Packaging - Specification

  • December 2014
  • A number of independent tooling

Application Container Spec (github.com/appc/spec)

  • App Container Image (ACI)
  • Addresses Fully-Qualified-Naming, image discovery, signing, content addressibility, and versioned schema

Packaging - Specification

  • April 2016
  • Originated from Docker-1.10 and Registry v2 format
  • Content addressibility

OpenContainer Image-Spec (github.com/opencontainers/image-spec)

  • Signable. Possibility to have naming and discovery.
  • Currenly releasing v1.0.0-rc3
  • Gaining support from rkt, flatpak, skopeo, cri-o, docker, docker-registry and more

Cloud

Cloud Native Computing Foundation (https://cncf.io)

  • Kubernetes orchestration donated by Google
  • Prometheus monitoring donated
Why More Standards?!

Really great question. Thought you might ask ...


The package wars of deb vs rpm set back the broad adoption of Linux

xkcd.com/927

Horizon

Continued adoption

Verification and certification of integrations/implemenations

Tooling to further signing, distribution and discovery

Increasing number of container runtimes

Increasing number of kubernetes distributions

Wishes

  • Image Distribution

  • Image Signing

  • Orchestration

  • CNI (networking) to be in OCI

Call to Action!

Define your use-cases first

Ensure your container integration touchpoint stay generic,

to avoid lock-in to a particular platform.

Get involved in the conversations

PoC tooling for your integration

Thanks!

Vincent Batts

@vbatts| vbatts@redhat.com