The Technical Oversight Board (TOB) for the Open Container Initiative (OCI) today announced it has approved a new Artifacts project that will extend the reach of a single repository to encompass multiple artifacts such as Kubernetes deployment files, Helm Charts and other evolving formats alongside containers. READ MORE.
Looking back at 2018, OCI had a banner year for foundational momentum – perfect for all our community has planned for 2019 🗓
Some of our biggest moments of last year included the launch of the Distribution Specification project, to standardize container image distribution based on the specification for the Docker Registry HTTP API V2 protocol – the result of extensive work from key maintainers Derek McGowan, Stephen Day and Vincent Batts, with backing from hundreds of OCI contributors and organizations committed to container standardization – and the long-awaited announcement of Alibaba Cloud’s membership – the last of top 5 major hyperscale clouds to join the initiative and largest cloud provider in China.
Additionally, OCI community members Chris Aniszczyk, Jeffrey Borek, Rithu Leena John, & Patrick Chanezon secured a coveted speaking slot at KubeCon + CloudNativeCon North America to present “How Standards, Specifications and Runtimes Make for Better Containers” to a sold-out Seattle crowd. Check out a recording of their session below 🎥
My talk from Kubecon 2018 😊 How Standards, Specifications and Runtimes Make for Better Containers! https://t.co/t8No2pE3vJ
— Rithu Leena John (@rithu_john) January 7, 2019
We also started publishing ecosystem features in an effort to highlight how OCI is being leveraged by various projects. These deep dives, which we plan to continue sharing in 2019, were a hit with maintainers and readers alike – a sample of community usage posts shared in 2018 can be found below:
- Bringing OCI images to the desktop with Flatpak
- OCI Image Support Comes to Open Source Docker Registry
- PouchContainer: How OCI Specifications Power Alibaba
- CRI-O: How Standards Power a Container Runtime
Check back soon for more ecosystem project features, including one from the containerd team!
In 2019, the OCI community plans to roll out updates to specifications, ship a v1.0 of runc + much more – stay tuned, get involved, and follow along on social for an even bigger year of all things container standards & specs!
Chinese cloud giant joins OCI efforts to help drive global container standardization
SAN FRANCISCO, Calif. – August 29, 2018 – The Open Container Initiative (OCI), an open source community for creating open standards around containers, today announced that Alibaba Cloud, the cloud computing arm of Alibaba Group, has become a member of the Initiative.
As the largest provider of public cloud services in China, according to IDC, Alibaba Cloud runs one of the world’s most extensive cloud native applications on top of millions of container instances and processes up to 325,000 transactions per second.
“With cloud investments throughout China set to boom in the coming years, the region and beyond will undoubtedly benefit from investments in a set of common, open containers standards from global leaders like Alibaba Cloud,” said Chris Aniszczyk, Executive Director of the OCI. “We’re happy to have the Alibaba team lend its massive-scale expertise to this community as we work to drive improvements to our projects and the availability of our Distribution Specification later this year.”
“Container standardization allows the entire world to speak the same language and benefits hosting providers, ISV, developers and end users alike,” said Junjie Cai, Chief Architect of Elastic Compute Service, Alibaba Cloud. “As we believe that common specifications give customers more value from the cloud, we’ve adopted the OCI v1.0 specifications – both in our internal infrastructure as well as the public container service available in Alibaba Cloud. We also contribute to leading container projects like containerd and recently open-sourced our own container project, Pouch. Alibaba Cloud is thrilled to join OCI and offer our deep container experience to the Initiative, while collaborating with the community to standardize the space.”
As an active member and advocate for open standards, Alibaba looks forward to furthering OCI’s efforts throughout the container ecosystem – making the cloud infrastructure layer more democratic to better serve end users and enable cloud vendors to avoid duplicate efforts while focusing on higher-value innovations.
To learn more about Pouch, the open source project from Alibaba Cloud, read this blog.
About the Open Container Initiative (OCI)
The Open Container Initiative is an open governance structure for the express purpose of creating open industry standards around container formats and runtime. Projects associated to the Open Container Initiative can be found at https://github.com/opencontainers. Learn more about joining the OCI community here: https://www.opencontainers.org/community
The Open Container Initiative is a Collaborative Project at The Linux Foundation. Linux Foundation Collaborative Projects are independently funded software projects that harness the power of collaborative development to fuel innovation across industries and ecosystems. www.linuxfoundation.org
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
The Linux Foundation
Open Container Initiative（开放容器计划）欢迎Alibaba Cloud（阿里云）作为最新成员加入
阿里云弹性计算服务的首席架构师蔡俊杰表示：“容器标准化让全世界都可以说同样的语言，且托管提供商、ISV、开发人员和最终用户将同样受益。”“我们深信，通用规范能让客户从云中获得更多价值，现已在内部架构以及阿里云提供的公共容器服务采用OCI v1.0 规范。我们也大力投入领先的容器项目，例如，containerd和我们自己的最新开源容器项目，Pouch。阿里云对于加入OCI 深感高兴，将为该计划提供深入的容器体验，同时与社区合作，从而规范这一空间。”
开放容器计划是Linux 基金会的协作项目。Linux 基金会协作项目是独立资助的软件项目，利用协作开发的力量推动跨行业和生态系统的创新。www.linuxfoundation.org
Linux 基金会拥有注册商标，并使用商标。有关Linux 基金会的商标列表，请参见商标使用页面：https://www.linuxfoundation.org/trademark-usage。Linux 是Linus Torvalds 的注册商标。
By Joe Brockmeier, Red Hat
The CRI-O project (part of the former Kubernetes incubator) is busy working on the upcoming 1.11 release, which will be released in conjunction with the Kubernetes 1.11 release. It will have some interesting new features, but won’t lose sight of its stated No. 1 goal: to never break Kubernetes. Parallel to that goal is to run any OCI image from any registry (when the OCI distribution specification is finalized).
Historically, Kubernetes has worked with container runtimes that were designed to do many things: build container images, manage container security, manage container orchestration, inspect container images, etc. CRI-O, on the other hand, was designed just to support the functions Kubernetes needs to actually run containers.
Depending on Standards
CRI-O moves in lock-step with Kubernetes’ Container Runtime Interface (CRI), the API for container runtimes to integrate with a kubelet. CRI-O is aligned with the upstream Kubernetes releases, so any changes to the CRI in Kubernetes are supported in the matching release of CRI-O for that release. For example, the most recent CRI-O 1.10 release matches Kubernetes 1.10. CRI-O 1.11 will release with Kubernetes 1.11, and so forth.
Most users these days are using Kubernetes with a version of Docker, but some organizations with different business needs might want to use new container types that haven’t been implemented yet, or others like Kata Containers. CRI-O opens the door for this by supporting any OCI images and runtimes.
Here’s how it works:
- Kubernetes asks the kubelet to start a pod
- The kubelet talks to the CRI-O daemon using the CRI
- CRI-O uses a library that implements the OCI standard to pull the image from a registry
- CRI-O uses another standard library to unpack the container image for use
- CRI-O then generates a JSON file that describes how the container is to be run
- Next, CRI-O launches an OCI-compatible runtime (currently runc or the Clear Containers runtime) to run the container processes
- A common process handles logging for the container and monitors the process
You might also be wondering about networking. Again, the idea is to have flexibility within a standard interface, so CRI-O uses the Container Networking Interface (CNI) to set up networking. Any CNI plugin can be used with CRI-O, giving users flexibility over their container networking stack as well.
CRI-O helps achieve what the OCI specifications and CRI API set out to do – make the container runtime an implementation detail that the end user doesn’t have to worry about. Worry about how Kubernetes works with your application, not how Kubernetes works with the container runtime.
Learning More about CRI-O
The OCI community is comprised of a diverse set of member organizations that are committed to creating open industry standards around a container image format and runtime. This blog series highlights OCI members and their contributions to building an open, portable and vendor neutral specification.
Name: Xu Wang
Title: CTO + Kata Architecture Committee member
Company: Hyper.sh + Kata Containers
What is Kata Containers?
Kata Containers is an open source project hosted by the OpenStack Foundation that provides lightweight virtual machines that feel and perform like containers, while providing the workload isolation and security advantages of traditional VMs.
Why did OpenStack (Kata Containers) join OCI?
The Kata Containers project runs containers specified by OCI runtime spec in virtual machines. We joined OCI to guarantee the compatibility between Kata Containers and OCI runtime specs, and to help to improve the OCI specifications – enabling more efficient Kata Containers. We look forward to collaborating around tooling, compatibility and interoperability testing.
How can OCI community members contribute to Kata Containers?
Many of the Kata community members come from the OCI community, so we look forward to more collaboration on use case sharing, specification discussion, testing and toolchains. See Github for more information: https://github.com/kata-containers/community
How do you anticipate OCI changing the container technology landscape?
The OCI specs guarantee that container technology can be open, vendor neutral and a cornerstone of future computing infrastructure.
What is the benefit of open standards like OCI for users of Kata Containers?
The open and unified container spec gives users more options and helps Kata to be adopted in more cases.
More and more applications are shipped and run under OCI specs. With OCI, Kata could enable users to launch unified container applications no matter if the runtime isolation technology is namespace or VM.
For cloud providers, if a user application has been developed for OCI specs, they could run the application with Kata Containers directly which introduces fewer layers than running a container orchestration system on a VM pool.
On the other hand, for those users who have already invested in VM technology, they could apply their existing tools to Kata Containers and move their application to microservice with OCI containers.
With a commitment to driving inclusivity in the community, OCI is proud to be an official Diversity Scholarship sponsor for DockerCon 2018.
By actively seeking ways to increase the ecosystem’s diversity, OCI + Docker’s collective goal is to make DockerCon a safe place for everyone to learn and collaborate.
The scholarship program will provide under represented members across the global container community with a scholarship to attend the annual event.
To learn more, make sure to check out the selection process, scholarship details and requirements below + don’t forget to submit an application by Wednesday, April 25, 2018 at 5:00PM PST!
A committee of Docker community members will review and select the scholarship recipients. Recipients will be notified by the week of May 7, 2018
Full Access DockerCon Conference Pass
Must be able to attend DockerCon US 2018
Must be 18 years old or older to apply
This week, the Open Container Initiative initialized its third open endeavor, the Distribution Specification Project. The goal of this initiative is to offer a shared set of requirements for registries designed to host container images. Based on the Docker Registry version 2, the new project has no set time frame for completion. READ MORE.
The Open Container Initiative (OCI) launched a project to standardize container image distribution based on the DockerRegistry v2 protocol. The creation of the new distribution specification supports interoperability within the container ecosystem. READ MORE.
The Open Container Initiative (OCI), the open-source community in charge of creating container standards, has announced the launch of the Distribution Specification project to standardize container image distribution. This new standard is based on the Docker Registry v2 protocol. It standardizes container image distribution, which supports the pushing and pulling of container images. READ MORE.
The Open Container Initiative (OCI) announced today that the way which container images are distributed is about to become standardized using the Docker Registry v2 protocol.
Chris Aniszczyk, executive director of the OCI, says the protocol will now serve as the specification for the new distribution-spec OCI project that will foster interoperability across different container registries. READ MORE.