OCI Image Format Specification v1

Transcript

1. OCI Image Format Specification v1 Josh Wood DocOps at CoreOS

   @joshixisjosh9

2. CoreOS runs the world’s containers We’re hiring: [email protected] [email protected] 90+

   Projects on GitHub, 1,000+ Contributors coreos.com Support plans, training and more OPEN SOURCE ENTERPRISE

3. Overview Making Containers Portable

4. !Define fundamentals around which consensus can form !Are not a

   complete platform for production !Example: HTML Standards

5. !Writing an HTML doc: by hand, generating with a CMS,

   or compiling with a static engine like Hugo !Rendering (executing) that doc: Browsers implement the standard HTML as a Standard

6. !Different ways to create HTML - tools compete on that

   experience, not what they produce !Browsers compete on: render speed, UI features, upgrades/security, … !They agree on the standard Competing above standards

7. !Discrete artifact containing everything an app needs to run !Dependencies,

   libraries, executable Containers: What even are they?

8. The OCI Container Image standard is like HTML in our

   analogy: !Tools to build containers (actool, Docker (client), …) !Runtimes to execute them: OCI runtime (runc): Specifically: Docker, rkt, CRIO, et al Standards for containers

9. Diverging implementations could: !Fragment communities and efforts !Do redundant work

   !Lock users into implementation and vendor Why we need standards for containers

10. !Execution environment choice, features: rkt has some features for bootstap-level

    software packaged in containers. !Kubernetes has an interface, CRI, designed to make the runtime modular, replaceable !Migration among environments enables economic decisions about where things run Why you need standards for containers

11. History The road to the OCI Image Format

12. c.2014 Docker, obvs, and Docker v1 and v2 image formats

    Rkt and AppC, `.aci` images Tools, runtime, and image format: All different History: Before the OCI Image standard

13. A CLI for running app containers on Linux. Focuses on:

    ! Security ! Modularity ! Standards/Compatibility

14. A CLI for running app containers on Linux. Modularity: Internal

    ! Stages of execution ! Fly, cgroups/ns, KVM vm ◦SAME CONTAINER

15. !The OCI brings together CoreOS, Docker, Red Hat, Google, Microsoft

    and others to define standards for software containers !April 2016: Efforts begin on OCI Container Image Format Specification !Based on Docker v2.2 image structure Open Container Initiative

16. The Standard OCI Container Image Specification v1.0

17. !Resize/Upgrade - coordination for availability !Layout - inherits Docker v2.2

    layers !Distribution - out of OCI scope !Sign/Verify - Optional OCI Container Image Specification

18. OCI Container Image ancestry Docker v1 appc Docker v2 OCI

    Image Spec Content-addr No Yes Yes Yes Signable No Yes Yes, optional Yes, optional* Federated namespace Yes Yes Yes Yes Introduced 2013 2014 April 2015 July 2017

19. https://coreos.com/blog/oci-image-specification.html https://coreos.com/blog/making-sense-of-standards.html https://blog.docker.com/2017/07/demystifying-open-container-initiative-oci- specifications/ And of course: https://github.com/opencontainers/image-spec https://www.opencontainers.org/about/oci-scope-table URLs

20. [email protected] @joshixisjosh9 joshix.com QUESTIONS? Thanks! We’re hiring: coreos.com/careers Let’s talk!

    CoreOS-User google group More events: coreos.com/ community LONGER CHAT?