the open container initiative
TRANSCRIPT
![Page 1: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/1.jpg)
Jonathan Boulle@baronboulle | [email protected]
The Open Container InitiativeEstablishing standards for an open ecosystem
![Page 2: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/2.jpg)
A short agenda
● Why do we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 3: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/3.jpg)
A short agenda
● Why do we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 4: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/4.jpg)
Standards: why do we care?Why should you care?
![Page 5: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/5.jpg)
Standards: why do we care?Why should you care?
"You" as software developer or ops engineer
![Page 6: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/6.jpg)
you
![Page 7: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/7.jpg)
you as a sw engineer
![Page 8: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/8.jpg)
your
with Ada.Text_IO;
procedure Hello_World is
use Ada.Text_IO;
begin
Put_Line("Hello, world!");
end;
#include <stdio.h>
int main()
{
printf("Hello, world!\n");
}
package main
import "fmt"
func main() {
fmt.Println("Hello, world!")
}
![Page 9: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/9.jpg)
your containerimage
![Page 10: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/10.jpg)
your/your/code/bin/java
/opt/app.jar/lib/libc
![Page 11: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/11.jpg)
your/your/code/bin/python/opt/app.py/lib/libc
![Page 12: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/12.jpg)
your example.com/app
d474e8c57737625c
![Page 13: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/13.jpg)
your d474e8c57737625c
Signed By: Alice
![Page 14: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/14.jpg)
you as a software engineer
A standard image format allows you to...● build your container images how you want● distribute them in a consistent, secure way
under your control● re-use other people's container images with
whatever tooling you want● run them anywhere that supports the format
![Page 15: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/15.jpg)
you
![Page 16: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/16.jpg)
you as an ops engineer
![Page 17: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/17.jpg)
your
![Page 18: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/18.jpg)
your
example.com/appx3
![Page 19: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/19.jpg)
your
example.com/appx3
![Page 20: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/20.jpg)
your
???
example.com/appx3
![Page 21: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/21.jpg)
you as an ops engineer
A standard image format allows you to...● deploy your developers' images + third-party
images securely and consistently in the cluster● use your tooling of choice to process and run
container images● introspect and audit container images
![Page 22: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/22.jpg)
![Page 23: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/23.jpg)
A short agenda
● Why should we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 24: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/24.jpg)
A short agenda
● Why should we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 25: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/25.jpg)
How did we get here?The journey to OCI
![Page 26: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/26.jpg)
The abbreviated journey to OCI(since ~2013)
How did we get here?
![Page 27: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/27.jpg)
First: an abbreviated history of containers
![Page 28: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/28.jpg)
where "containers" = "Linux containers"
First: an abbreviated history of containers
![Page 29: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/29.jpg)
● Roll-your-own process containers○ ulimit, cgroups, chroot, namespaces○ more focused on noisy-neighbour problem
● LXC (since 2008)○ powerful, complex (ops more than dev)○ oriented more to "full-OS" containers
Pre-2013: the early (Linux) container era
![Page 30: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/30.jpg)
Enter Docker● easy-to-use, developer friendly● popularised the application-centric container● simple, centralised image distribution
2013/14: dawn of application container age
![Page 31: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/31.jpg)
2015/16: app containers go mainstream
![Page 32: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/32.jpg)
and the journey to standards
![Page 33: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/33.jpg)
An image formatA container runtime
A log collection daemonAn init system and process babysitter
A container image build systemA remote management API
![Page 34: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/34.jpg)
An image formatA container runtime
A log collection daemonAn init system and process babysitter
A container image build systemA remote management API
![Page 35: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/35.jpg)
An image format... the thing we want to standardise
![Page 36: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/36.jpg)
Two years agoMid 2014
![Page 37: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/37.jpg)
Docker Image Format Circa 2014● Fluid format and evolution
○ No specification, just implementation○ No guarantees of interoperability for other toolwriters
● Not content-addressable○ No way to verify integrity or leverage CAS
● No name delegation/discovery (e.g. MX records)○ Centralised/siloed distribution
● No mechanism for signing○ No way to attest content
![Page 38: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/38.jpg)
23 months agoDecember 2014
![Page 39: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/39.jpg)
App Container (appc)
github.com/appc
![Page 40: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/40.jpg)
appc motivation
● Write down what a container image is so anyone can build and run one
● Decompose the tooling and decentralise distribution
● Introduce features that were lacking in other container formats
● Two key areas: image format and runtime
![Page 41: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/41.jpg)
appc image in a nutshell
● Image Format (ACI)○ what does an application consist of?
● Image Discovery○ how can an image be located?
● Content-addressability○ what is the cryptographic id of an image?
● Signing○ how is an image signed and verified?
![Page 42: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/42.jpg)
appc image (ACI) example{ "acKind": "ImageManifest", "acVersion": "0.6.1", "name": "my-app", "labels": [ {"name": "os", "value": "linux"}, {"name": "arch", "value": "amd64"} ], "app": { "exec": [ "/bin/my-app" ], "user": "1000", "group": "1000" }}
Simple tarball, containing root filesystem + configuration manifest
$ tar tf /tmp/my-app.aci/manifest/rootfs/rootfs/bin/rootfs/bin/my-app
![Page 43: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/43.jpg)
appc runtime in a nutshell
● Application Container Executor (ACE)○ what environment can the application expect?○ e.g. isolators (memory, CPU), network, etc
● OS/Platform agnostic● Pods
○ Minimum execution unit (i.e. everything is a pod)○ Grouping of applications with shared fate
![Page 44: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/44.jpg)
appc in practice
● Diversity of image tooling○ Build-from-scratch or build-from-language projects
■ shell scripts, acbuild, dgr, goaci○ Convert from other packaging formats
■ docker2aci, deb2aci● Diversity of runtimes
○ rkt (Linux)○ Kurma (Linux)○ Jetpack (FreeBSD)
![Page 45: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/45.jpg)
19 Months AgoApril 2015
![Page 46: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/46.jpg)
Docker v2.2 Image Format Circa 2015
● Versioned v2.0, v2.1, v2.2 schema○ Still vendor-specific, but (mostly) documented!
● Content-addressable● No name delegation/discovery ● Optional and separately-defined signing
![Page 47: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/47.jpg)
Two separate worlds...
aka the "Container Wars"
● appc starting to see some traction, but conspicuously lacking Docker support
● Meanwhile, Docker image format gaining several of the key features that motivated appc
![Page 48: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/48.jpg)
Two separate worlds...
● How can we end the "war" and all work together?
![Page 49: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/49.jpg)
Two separate worlds...
● How can we end the "war" and all work together?
● Enter OCI!
![Page 50: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/50.jpg)
17 Months AgoJune 2015
![Page 51: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/51.jpg)
![Page 52: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/52.jpg)
● See: Chris's earlier talk :-)
● Original objective: merge everything we liked from appc, then deprecate appc in favour of OCI as the "true" standard
● However...
Open Container Initiative (OCI)
![Page 53: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/53.jpg)
● Originally only a runtime specification ○ What a container looks like on disk, just before it is run○ A lot of system-specific state (e.g. mount/cgroup paths)○ Not a portable, distributable format○ Doesn't help with any of our earlier motivations
OCI Specification
![Page 54: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/54.jpg)
● Several releases (v0.1.0 - v0.4.0)● Continued disagreements and debate on scope
of the project... until...
OCI Specification (runtime only)
![Page 56: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/56.jpg)
● A serialized, distributable image format○ Content-addressable ○ Platform-agnostic
● Optional extras:○ Signatures based on image content address○ Federated, delegatable naming based on DNS
OCI Image Format Spec Project
![Page 57: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/57.jpg)
● Backwards-compatible with Docker:○ Taking the de facto standard Docker v2.2 format and
writing it down for everyone to use● Shared starting point for future innovation in
container image format and distribution● Intended to interoperate with Runtime Spec
(similar to how appc defined both sections)
OCI Image Format Spec Project
![Page 58: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/58.jpg)
A short agenda
● Why should we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 59: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/59.jpg)
A short agenda
● Why should we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 60: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/60.jpg)
Today15 November 2016
![Page 61: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/61.jpg)
Today15/11/2016? 11/15/2016?
2016年11月15日?
![Page 62: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/62.jpg)
Today15 November 2016
2016-11-15 (ISO 8601 standard)
![Page 63: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/63.jpg)
Two separate but connected specifications● image-spec: what's in a container● runtime-spec: how to run a container
OCI Today
![Page 64: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/64.jpg)
● Portable archive format○ "The thing to distribute"○ Structured tarball
● Image Manifest, Manifest List, and Config○ Metadata about the container image○ References to layers, containing root filesystem
● Cryptographic addressability○ How to securely reference images and parts of images
OCI Image Spec
![Page 65: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/65.jpg)
Anatomy of an OCI Image
![Page 66: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/66.jpg)
$ find busybox/
busybox/
busybox/refs
busybox/refs/latest
busybox/oci-layout
busybox/blobs
busybox/blobs/sha256
busybox/blobs/sha256/d09bddf0432...
busybox/blobs/sha256/56bec22e355...
busybox/blobs/sha256/e02e811dd08...
Inside the tarball
![Page 67: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/67.jpg)
$ cat busybox/blobs/sha256/d09bddf043...
{
"layers" : [
{ "digest" : "sha256:56bec22e355981d...",
"size" : 668151,
"mediaType" : application/vnd.oci.image.layer.v1.tar+gzip"
} ],
"mediaType" : "application/vnd.oci.image.manifest.v1+json",
"schemaVersion" : 2,
"config" : {
"digest" : "sha256:e02e811dd08fd49e7f6...",
"mediaType" : "application/vnd.oci.image.config.v1+json",
"size" : 1464
}
![Page 68: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/68.jpg)
● On-disk layout of a container○ Extracted root filesystem and configuration, ready to
run● Lifecycle verbs
○ create, start, kill, delete, state
● Multi-platform support○ Shared general configuration○ Windows/Solaris/Linux-specific bits
OCI Runtime Spec
![Page 69: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/69.jpg)
Example: container state { "ociVersion": "v1.0.0-rc2", "id": "oci-container1", "status": "running", "pid": 4422, "bundlePath": "/containers/redis", "annotations": { "myKey": "myValue" }}
OCI Runtime Spec
![Page 70: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/70.jpg)
A short agenda
● Why should we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 71: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/71.jpg)
A short agenda
● Why should we care about standards?● Where have container standards come from?● Where are they now?● Where are they going?
![Page 72: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/72.jpg)
Where are we going?
● First things first: 1.0○ OCI Runtime Spec and OCI Image Spec 1.0
● Minimum viable product we can all agree on● ETA: 1-2 months to finish release candidate
process for both specifications
![Page 73: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/73.jpg)
Where are we going?
● OCI Image Spec 1.0+○ Image signatures
https://github.com/opencontainers/image-spec/issues/400https://github.com/opencontainers/image-spec/issues/22
○ Image distributionhttps://github.com/opencontainers/image-spec/issues/15
○ Image dependencieshttps://github.com/opencontainers/image-spec/issues/102
![Page 74: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/74.jpg)
Where are we going?
● OCI Runtime Spec 1.0+○ Live container updates?
https://github.com/opencontainers/runtime-spec/issues/17https://github.com/opencontainers/runtime-spec/issues/305
○ Virtualisation support?https://github.com/opencontainers/runtime-spec/pull/405
![Page 75: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/75.jpg)
Where are we going?
Goal: Standard container● Common image format and runtime format● End user can just "run example.com/app"● Identity and signing, discovery and naming,
distribution all just work
![Page 76: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/76.jpg)
Where are we going?
Goal: Enable innovation● Diverse ecosystem of tooling● Build systems (CI integration, language integration)● Runtimes (virtualisation technologies?)● Distribution methods (torrents? IPFS?)● Orchestration platforms (Kubernetes, Mesos, Nomad)
![Page 77: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/77.jpg)
Where are we going?
Goal: Ubiquity through organic adoption● Industry-standard in the container ecosystem● Support in Kubernetes, Docker, Mesos, and more● Magical world of interoperability!
![Page 78: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/78.jpg)
Where are we going?
Join us!● All OCI standards work happens in the open● GitHub:
○ https://github.com/opencontainers/image-spec○ https://github.com/opencontainers/runtime-spec
● Email:○ [email protected]
![Page 80: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/80.jpg)
![Page 81: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/81.jpg)
Extra/unused slides
![Page 82: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/82.jpg)
appc specifications
● appc tried to define the application container story from the end-to-end UX perspective:○ Users should be able to securely discover, download,
and run an application container with a simple command-line (e.g. "run example.com/app")
● appc specifies two key areas:○ image format○ runtime environment
![Page 83: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/83.jpg)
Image formats: a summarised historyDocker v1 appc Docker v2.2 OCI (in progress)
Introduced 2013 December 2014 April 2015 April 2016
Content-addressable
No Yes Yes Yes
Signable No Yes, optional Yes, optional Yes, optional
Federated namespace
Yes Yes Yes Yes
Delegatable DNS namespace
No Yes No Yes
![Page 84: The Open Container Initiative](https://reader034.vdocuments.site/reader034/viewer/2022051303/58a2d7c21a28ab722c8b7219/html5/thumbnails/84.jpg)
● Reference runtime implementation (runc)○ Widespread production use ○ Integral part of Docker and many others
● Nascent tooling for images and runtime○ image-tools, runtime-tools projects
OCI: other things