CNAB: the Docker, Microsoft open source standard
Launched at Dockercon Europe, the Cloud Native Application Bundle will become "universal" according to the container specialist
6 December 2018 | 0
Docker and Microsoft are making a joint bid for what they hope will be a “universal standard” to significantly simplify distributed computing as well as setting up a cloud native foundation of their own with “three or four” other as-yet unnamed parties.
Chief product officer at Docker Scott Johnston said that he believes the Cloud Native Application Bundle (CNAB for short) will turn out to have as much of an impact in the developer community as Docker containers first did when they launched.
CNAB, which has been developed in partnership with Microsoft, aims to reduce the complexity of running multiple services packaged together. It promises to be capable handling multiple inputs such as Kubernetes YAML, Helm charts, Docker Compose files, CloudFormation, Terraform or ARM templates all in a single package, and is cloud agnostic in terms of the environment that it can run on.
Johnston explained at a media roundtable during Dockercon Europe 2018 in Barcelona that the company had been working on addressing this problem for some time, based on feedback from customers and the wider developer community. Then, roughly a year ago “Microsoft came knocking” reporting a similar set of challenges around managing complexity.
The two realised that with their separate customer bases – and even the in-house Azure services team – facing adjacent challenges it would make sense for them to work on the specification together.
“Over the course of the year you’ll see more and more adoption gathered around this,” said Johnston. “Not only Docker containers, but you’ll see this become the universal standard for distributed applications. And, really important, this is not a Docker proprietary thing, this is not a Microsoft proprietary thing, it can take Compose files as inputs, it can take Helm charts as inputs, it can take Kubernetes YAML as inputs, it can take serverless artefacts as inputs.
“It’s designed intentionally to take whatever artefacts are components of a distributed application, to be able to describe those immutably, so you get the benefit of Docker containers but applied to multiple component distributed applications.”
The “next milestone” after launch will be to move CNAB into a foundation model with joint governance.
“Because it’s an application definition standard it’s in everyone’s interest to make this open source and widely available,” Johnston said. “So both Microsoft and Docker agreed to open source the project [with an] Apache 2 licence.”
The foundation will include “many more” in the industry beyond Microsoft and Docker, including “three or four” others that have not yet been named but that we can assume are major players in the development space given the thirst for simplicity in development and operations, as well as Docker’s recent history partnering with the likes of Salesforce.
CNAB, according to Docker
The open source container company describes CNAB as an “open source, cloud-agnostic specification for packaging and running distributed applications”.
“CNAB unifies the management of multi-service, distributed applications across different toolchains into a single all-in-one packaging format. The CNAB specification lets you define resources that can be deployed to any combination of runtime environments and tooling including Docker.”
Johnston said that the main challenge with distributed computing is that although a single container is easy enough to manage and deploy, when applications that are defined by multiple containers enter the equation, all those different dependencies that they rely on can lead to serious complexity.
“We walk into organisations where they’re trying to manage thousands of Compose files, and they’re saying, ‘gosh, this is really a challenge from a version management standpoint’,” said Johnston. “They’re managing one set of compose files for their staging environment… a separate set of compose files for their production environment… and they’re like, we can make this work, but can you guys make this easier for us?”
In practice, a CNAB workflow would look similar to a Docker one today — the idea of building, shipping, and running that application like you would with a single container, at least in theory.
“That same workflow, that same lifecycle stage works with a Docker App artefact or a CNAB artefact,” Johnston said. “What’s really important here is that this is not confined to Docker Compose… the fact is, it’s immutable, and yet we’ve externalised the parameters you can change depending on the environment — that’s what’s going to get away from having to have multiple copies of the same app depending on the environment.
“It will make it a much simpler way to deploy and manage these applications throughout the lifecycle.”
In short, no matter the jumble of files and configurations, these distributed applications can be shipped to operations without the operations team having to know every single detail of the application and the dependencies within it.
Can it work?
We’re sure that most would agree if you took a shot whenever you heard ‘complexity’ at a developer or cloud infrastructure conference you’d be dead within hours if not minutes. There appears to be a burning appetite to deploy and manage complex environments without necessarily having to rely on the experts, important though they are.
That the relatively newly open source-friendly Microsoft is bolting its name firmly to the project, combined with the heritage behind Docker and how that company transformed the landscape, suggests that they could seriously alter the playing field in how applications are deployed and monitored at scale here.
Vice president at Forrester Randy Heffner, who is the principal analyst serving application development and delivery professionals, told Computerworld UK that the announcement is the “kind of thing that we need”.
“Whether CNAB is the right answer or not, we’ll find out,” he said. “But it’s one of the many kinds of things we need in order to bring the complexity of microservices – which is currently rocket science – to bring it to the masses, and that’s exactly the way they were describing it.
“So, I think it’ll be interesting to watch, but it’s a good thing.”
IDG News Service