The Open Container Initiative (OCI) at 12 Months

The OCI at 12 Months https://opencontainers.org Chris Aniszczyk Rob Dolin
Jeff Borek Mrunal Patel Michael Crosby

Brief Introductions • Chris Aniszczyk (@cra) – Linux Foundation •
Jeff Borek (@jeffborek) – OCI TB Certification WG Co-Chair • Michael Crosby (@crosbymichael) – OCI Runtime spec Lead Maintainer • Rob Dolin (@robdolin) – OCI TB Certification WG Co-Chair • Mrunal Patel (@mrunalp) – OCI Runtime spec Maintainer

Agenda • Panel (15 minutes) – Introduction – What is
the OCI and Open Governance – OCI at 12 Months – OCI Release Process – OCI Certification Process – Getting Involved with the OCI community • Demo: OCI Tools and Runc (10 minutes) • Q&A (15 minutes)

What is the Open Container Initiative (OCI) An open source
community (hosted by the Linux Foundation) for building a vendor-neutral, portable and open specification/runtime that delivers on the promise of containers as a source of application portability backed by a certification program.

OCI Membership (46 organizations as of May 2016)

OCI Governance Structure • Trademark Board (TB) – The Trademark
Board shall be composed of one representative appointed by each OCI Member; responsible for trademarks, certification, budget • Technical Development Community (TDC) – open to any individual or any open source contributor • Technical Oversight Board (TOB) – responsible for managing conflicts, violations of procedures or guidelines and any cross-project or high-level issues that cannot be resolved in the TDC for OCI Projects. The TOB shall also be responsible for adding, removing or re-organizing OCI Projects.

OCI Release Process • https://github.com/opencontainers/tob/pull/15 (draft) • “Major specification releases
MUST release at least three release candidates spaced a minimum of one week apart. This means a major release like a v1. 0.0 or v2.0.0 release will take 1 month at minimum: one week for rc1, one week for rc2, one week for rc3, and one week for the major release itself. Maintainers SHOULD strive to make zero breaking changes during this cycle of release candidates and SHOULD add restart the three-candidate count when a breaking change is introduced. For example if a breaking change is introduced in v1.0.0-rc2 then the series would end with v1.0.0-rc4 and v1. 0.0.”

• runtime-spec – a specification for the creation and lifecycle
of a container – https://github.com/opencontainers/runtime-spec • image-spec – a software shipping container image format spec with security and naming as components – https://github.com/opencontainers/image-spec What is the current state of the OCI specifications?

What is the current state of the OCI specifications? •
Runtime spec: https://github.com/opencontainers/runtime-spec/releases – v1.0.0-rc1 (June 5th 2016) – v0.5.0 (April 12th 2016) – v0.4.0 (Mar 10th 2016) – v0.3.0 (Feb 5th 2016) – v0.2.0 (Jan 12th 2016) – v0.1.0 (Sep 11th 2015) • Image spec: https://github.com/opencontainers/image-spec/releases – v0.3.0 (Jun X 2016) – v0.2.0 (May 31st 2016) – v0.1.0 (May 6th 2016)

What open source code is available? OCI Runtime reference implementation:
runc: https://github.com/opencontainers/runc OCI Tools: https://github.com/opencontainers/ocitools

• The Certification Program WG is a committee of the
OCI Trademark Board working to propose a set of criteria for implementations to meet if they want to use OCI trademarks (Open Container Initiative, OCI Certified, etc.) • Implementers whose implementations meet the bar of OCI certification can use OCI trademarks in marketing their solution • Users/customers can look for OCI Certified implementations to know that they are getting interoperable solutions • Implementers who want to build solutions can leverage/target OCI interoperability surfaces rather than having to build for multiple, inconsistent interoperability surfaces What does the certification working group do and what value can a certification program bring?

What are key factors for establishing a certification program for
container technology? Questions being considered by the OCI Cert WG: • Implementations: ◦ Runtime spec ◦ Image format spec ◦ Both • Levels of compliance: ◦ MUST/REQUIRED == Compliant ◦ MUST/REQUIRED + SHOULD/RECOMMENDED == Unconditionally compliant • Testing: ◦ Automation vs. manual: Can we fully automate? ◦ Lab vs. peer vs. self: What optimizes cost and compliance

Demo: OCI Tools [root@dhcp-16-129 ~]# mkdir gopath [root@dhcp-16-129 ~]# export
GOPATH=~/gopath [root@dhcp-16-129 ~]# go get github.com/opencontainers/ocitools [root@dhcp-16-129 ~]# cd $GOPATH/src/github.com/opencontainers/ocitools [root@dhcp-16-129 ocitools]# make go build -tags "" -o ocitools . go build -tags "" -o runtimetest ./cmd/runtimetest [root@dhcp-16-129 ocitools]# make install [root@dhcp-16-129 ocitools]# ./test_runtime.sh -l debug ----------------------------------------------------------------------------------- VALIDATING RUNTIME: runc ----------------------------------------------------------------------------------- time="2016-06-10T21:50:02Z" level=debug msg="validating root filesystem" time="2016-06-10T21:50:02Z" level=debug msg="validating container process" time="2016-06-10T21:50:02Z" level=debug msg="validating capabilities" time="2016-06-10T21:50:02Z" level=debug msg="validating hostname" time="2016-06-10T21:50:02Z" level=debug msg="validating rlimits" time="2016-06-10T21:50:02Z" level=debug msg="validating sysctls" time="2016-06-10T21:50:02Z" level=debug msg="validating maskedPaths" time="2016-06-10T21:50:02Z" level=debug msg="validating readonlyPaths" time="2016-06-10T21:50:02Z" level=debug msg="validating mounts exist" Runtime runc passed validation

Demo: runc https://github.com/opencontainers/runc

Get involved with the OCI community! • Join the technical
community and projects! ◦ Weekly technical meetings open to all ▪ https://github.com/opencontainers/specs#weekly-call ◦ IRC: #opencontainers at irc.freenode.net ◦ GitHub ▪ https://github.com/opencontainers/runtime-spec ▪ https://github.com/opencontainers/image-spec ▪ https://github.com/opencontainers/ocitools ◦ Mailing list: [email protected] ◦ Roadmap (milestones) ▪ https://github.com/opencontainers/runtime-spec/milestones ▪ https://github.com/opencontainers/image-spec/milestones • Consider joining and what role you would like to play in the initiative ◦ https://opencontainers.org/join

Open Q&A https://opencontainers.org

The Open Container Initiative (OCI) at 12 Months

The Open Container Initiative (OCI) at 12 Months

Chris Aniszczyk

More Decks by Chris Aniszczyk

Other Decks in Technology

Featured

Transcript

The OCI at 12 Months https://opencontainers.org Chris Aniszczyk Rob Dolin

Brief Introductions • Chris Aniszczyk (@cra) – Linux Foundation •

Agenda • Panel (15 minutes) – Introduction – What is

What is the Open Container Initiative (OCI) An open source

OCI Membership (46 organizations as of May 2016)

OCI Governance Structure • Trademark Board (TB) – The Trademark

OCI Release Process • https://github.com/opencontainers/tob/pull/15 (draft) • “Major specification releases

• runtime-spec – a specification for the creation and lifecycle

What is the current state of the OCI specifications? •

What open source code is available? OCI Runtime reference implementation:

• The Certification Program WG is a committee of the

What are key factors for establishing a certification program for

Demo: OCI Tools [root@dhcp-16-129 ~]# mkdir gopath [root@dhcp-16-129 ~]# export

Demo: runc https://github.com/opencontainers/runc

Get involved with the OCI community! • Join the technical

Open Q&A https://opencontainers.org