Advanced Computing in the Age of AI | Friday, March 29, 2024

Standards Group Eyes Industry Consensus on Containers 

The Open Container Initiative (OCI) launched earlier this year to develop industry standards for Linux-based containers said this week it has established a governing structure to oversee technical details and referee disputes as application containers make their way into production.

San Francisco-based Docker Inc. is spearheading the Linux Foundation standards initiative. Patrick Chanezon, Docker's chief developer advocate, said in an interview he expects a nine-member technical governing body to be in place after the first of the year.

Early phases of application container development have been contentious, illustrating the stakes for an emerging technology that has been likened to virtualization a decade ago. Chanezon noted that an appeals process would be instituted in which the elected governing board would "referee" technical disputes.

The OCI governance model would allow any developer or user to contribute to the container spec. Founding members and container rivals Docker and CoreOS, along with Google and Chinese telecommunications giant Huawei will serve as "maintainers" for a technical developer subgroup that will oversee releases of the container runtime and specification, OCI said this week.

Meanwhile, a technical oversight board will work with the developer community to ensure "cross-project consistencies and workflows."

Organizers predicted the IT industry would coalesce around standardized workloads running in Docker containers. This would allow users to implement containers based on Intel, ARM or Power architectures as well as Linux, Windows or other operating systems. While parts of the container spec will be "OS-specific," Docker's Chanezon said member companies would be able to use the own container isolation primitives designed to boost application security. For example, Chanezon noted, Microsoft will use its own isolation primitives to support Docker containers on Windows Server 2016.

Container security has been stumbling block as the technology slowly enters production environments. With that in mind, OCI said container "isolation should be pluggable, and the cryptographic primitives for strong trust, image auditing and application identity should be solid."

There have been two releases of the application container spec and six versions of the Docker-provided runtime since the container standards group was formed in June. The latest version of the runc runtime will be integrated into future releases of Docker. Meanwhile, OIC said Cloud Foundry has implemented the runtime into its Garden project designed to provide a lightweight container abstraction that would run on multiple operating systems.

Along with security, OCI also stressed that the container spec should be composable, meaning "all tools for downloading, installing and running containers should be well integrated." It also stressed portability, backward compatibility and a "minimalist" approach as a way to ensure stable operation while "encouraging experimentation."

Amid the bickering over the direction of container technology that preceded OIC's formation, container upstart CoreOS argued that the Docker ecosystem was expanding from its core capability as an application delivery mechanism to a full-blown platform. The group's current emphasis on "simplicity" in a container spec acknowledges that concern.

The goal, Chanezon stressed, is leveraging container technology to achieve a "higher density of workloads" through a standard that represents an industry consensus. "If we get an agreement on the basics, there will be a flurry of innovation" around container technology, he predicted.

The OCI project has so far attracted 38 member companies ranging from enterprise infrastructure vendors, container startups and influential users like investment banker Goldman Sachs.

 

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).

EnterpriseAI