The Linux Foundation’s Open Container Initiative (OCI) is taking a major step today, starting a project to define and ultimately standardize an open container image format specification for containers.
OCI was first announced in June 2015 as an effort bringing Docker and its container rivals together with the goal of creating a standards-based approach to advancing the container market. The initial specification effort from OCI is a runtime specification for containers. The Docker Engine 1.11 update, released April 13, is the first Docker update that complies with OCI.
While a runtime defines the container environment, a critical attribute of the container market is the image format that defines the application as it is packaged inside a container for deployment. At the current point in time, the Docker image format for containers is version 2.2, the de facto standard in the industry. Rival container vendor CoreOS has been advocating for an open format since December 2014, when it announced its application container image (appc) effort, which has now been rolled into the OCI.
Given that the image specification group at OCI is only officially being announced today, it’s too early to know what the technical community will decide about how much it might differ from the de facto Docker standard, Chris Aniszczyk, vice president of developer programs at the Linux Foundation, told eWEEK. “The project is now formed, and technical discussion and development is just starting to take place.”
Brandon Philips, CoreOS CTO, said that the OCI image format today is gearing up to use the best from appc and Docker v2.2. The effort is about getting to shared standards and interoperability between tools.
“The industry and container users want a shared application container standard that is independent of any one software project,” Philips told eWEEK. “Creating a project to standardize something in the OCI is a way of delivering this, and we are optimistic about getting it done in a quick time frame.”
The move to create an open standard doesn’t, however, necessarily mean that the Docker v2.2 image specification is broken. The Docker image format specification has evolved since the first version debuted in 2013, and the Docker v2.2 format, which debuted in April 2015, has already integrated some of the things that appc introduced in December 2014.
With Docker v1, images were not signable, which is necessary to provide authenticity and security. With appc in 2014 and Docker v2.2 in 2015, container images can now be digitally signed. Philips noted that Docker itself has gotten many critical features since Docker v1, and overall, it is a good starting point for an industry standard.
However, there are features many people want to add to this spec, Philips said. “For example we also want to add DNS [Domain Name System] namespace delegation from appc. There are other things that people have started to discuss, such as labels, multi-key signing and recording canonical upstream locations.”
The hope is that by starting from Docker v2.2, OCI can get a set of products and projects implementing the initial OCI Image Specification rapidly after its first release, Philips said.
The implementation of any potential new OCI Image Specification is an important issue, as container popularity today already means that there are tens of thousands of images built with Docker v2.2 and available on container repositories, including the Docker Hub. CoreOS’ own Quay container registry and rkt (rocket) container runtime support both the Docker image format and the appc image format.
“We remain committed to backward compatibility so users who have invested time and tooling can continue to manage, store and run container images in the formats they have today using Quay and rkt,” Philips said.
That approach to compatibility will also guide OCI specification-based deployment in the future. Philips said that CoreOS will add support for the OCI Image Spec alongside existing formats as the OCI format matures.
“We hope the OCI image format quickly becomes the single shared industry standard that all future build, storage and runtime products employ,” Philips said. “As this effort combines the best parts of the appc image format and the Docker v2.2 image, we expect that specifying and implementing the new OCI image format will move quickly.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.