Containers are very much the technology of the moment and there have been some interesting developments in this space over the last few weeks that I think will influence the direction and use of these technologies through 2017.
The Open Containers Initiative (OCI) is the standards body working on both the Container Image Standard and the Container Runtime Standard. Both of these documents are approaching their 1.0 release with the Image spec reaching v1.0 rc5 and the Runtime spec also reaching v1.0 rc5.
Also on the standards front we are seeing the start of support from various vendors. As part of the founding of the OCI, Docker Inc. donated their runC component which has become reference implementation of the runtime standard. For the time being runC is pretty much the only runtime in use, though read on for developments regarding CoreOS rkt. If you’re looking for another container runtime you might also consider DC/OS from Mesosphere.
Open-sourcing of containerd
Back in December 2016, Docker Inc. announced that they were open sourcing containerd. Containerd is the component that sits immediately above runC in the Docker stack and is responsible for fetching images from a registry, unpacking them on disk, and then invoking runC to instantiate a container based on the downloaded image. The source code for containerd can be found on GitHub.
You’ll notice that the git repository for containerd sits within the Docker organisation on GitHub. At the time of the announcement Docker Inc. stated that they would be looking for a governance home for containerd that could manage the project in a independent manner. This week Docker Inc. announced that it was intending to donate containerd to the Cloud Native Computing Foundation (CNCF). Note that this is only a proposal, and that the CNCF might vote not to accept responsibility for containerd, however I think the donation is very unlikely to be turned down.
If you want a good, technical, overview of containerd and the future plans for the project, this YouTube video from the recent conatinerd mini-conf is worth an hour of your time:
Proposed donation of rkt to the CNCF
At the same time as Docker Inc. were proposing that the CNCF take over stewardship of containerd, CoreOS announced that they were proposing that the CNCF take over governance of their container runtime called rkt (pronounced rocket). Similar to the submission by Docker Inc. of containerd, there’s no guarantee that the CNCF will vote to adopt rkt, but I suspect it will.
What does this mean?
Amazon’s support for the OCI image standard in it’s ECR service is a interesting development. By my reckoning this is the first, major, container registry to support the new standard. Now that the standards are reaching maturity there’s scope for a whole new toolchains for creating container images to be produced.
This is an area that I feel has been neglected over the last four years, pretty much everyone I meet just uses the
docker build command and treats it as a blackbox. Additionally, Docker Inc. have, with good reason, largely frozen the Dockerfile specification over the last few years. The result has been that build toolchains have stagnated. I imagine that companies (and open source projects) like Amazon will be looking at adding powerful container build tools into their existing CI/CD toolchains. It wouldn’t surprise me if we saw AWS CodeBuild extended to natively support building OCI complaint containers and pushing them, automatically, to ECR. AWS CodeDeploy or AWS CodePipeline could then use ECS or Blox to perform canary or blue/green deployments.
The open-sourcing of containerd and it’s proposed donation to the CNCF is a indication that Docker Inc. is firming up it’s strategy to monetise the container revolution it launched. The recent rationalisation and clarification of the Docker Inc. production lines into Docker Enterprise Edition and Docker Community Edition also help in this regard. This Hacker News thread, in which Solomon Hykes participates, also shows how their positioning is evolving and is well worth reading.
Finally, if the CNCF accept the donation of rkt from CoreOS we will effectively have two competing container runtimes, both supporting the OCI runtime standard. This should drive further innovation and ensure that we don’t end up with one company dominating the container space and a monoculture similar to that found in enterprise virtualisation.
These announcements herald an exciting future for the adoption of container technologies. Now that the runtime and image standards are nearing completion, and the tool landscape is settling down the large enterprise customers I deal with in my day job can get serous about rolling out containerisation across their environments.