darren whittingham - Fotolia

OCI 1.0 container image spec finds common ground among open source foes

Touted as the USB interface of container management, OCI 1.0 will ensure consistency at the lowest levels of infrastructure, and push the container wars battlefront up the stack.

The container wars rage on, but a ceasefire two years in the making will standardize the most basic container components.

Most enterprises don't muck around deep in Linux container plumbing. Still, agreement on a standard container image format and runtime among open source container management software vendors, such as IBM, Red Hat, Docker, Google and CoreOS, is crucial for the technology to be viable in the long run. Today, that consensus was finalized with version 1.0 of the Open Container Initiative (OCI) standard.

"Just the fact that vendors are agreeing is a good thing," said Fintan Ryan, analyst at RedMonk, based in Portland, Maine. "Without this agreement, containers wouldn't be usable by enterprises."

The specification began when Docker donated its runC utility to the Linux Foundation in 2015, which touched off the OCI project, followed by Docker's image format. The rest of the community's work the last two years has been focused to standardize those components for Windows, Solaris and Linux operating systems, as well as multiple families of processors from x86 to IBM mainframes.

Docker expects OCI to be adopted by the Cloud Native Computing Foundation (CNCF), which also governs its containerd daemon and Docker container orchestration rival Kubernetes. Even CoreOS' rkt containers support the OCI standard for runtime and image format, after the company deprecated its appc utility in favor of the Linux Foundation standard.

OCI 1.0 also officially laid to rest last year's buzz around the possibility of a Docker fork.

Without this agreement, containers wouldn't be usable by enterprises.
Fintan Ryananalyst, RedMonk

The next step for OCI will be a battery of tests and a certification process that can be used to designate higher-level open source container management software products as "OCI Compatible." Currently, any such label claimed by a vendor is a misnomer, according to Docker officials. OCI also doesn't cover interoperability and portability between various systems, such as between Linux and Windows OSes or between multiple container orchestration tools. This standard's ratification does not mean containers are portable across operating systems, though it lays the groundwork for that development in the future.

Enterprise IT consultants compare OCI 1.0 to the USB standard in consumer technology.

"I can develop a platform against this spec and it should just work," said Chris Riley, director of solutions architecture at cPrime Inc., an Agile software development consulting firm in San Francisco. "This provides an interface everybody can agree on."

Container images and runtimes: A minor treaty amid the container battles

Version 1.0 of the Open Container Initiative standard is an important milestone in container maturity but covers less than 5% of the Docker codebase. Meanwhile, the open source container management software community remains divided along several other technical lines, such as  Container Runtime Interface using Open Container Initiative runtimes (CRI-O) versus containerd, or Kubernetes versus Docker swarm mode. Industry watchers don't expect further détente akin to OCI in these areas, but say it probably won't be necessary, either.

"The marketplace will speak and define the next abstraction," Riley said. "There's also always going to be monitoring, orchestration and routing tools, but that's where the vendors will probably say, 'Let us figure out our own best way to do that.'"

While the Kubernetes 1.7 release lays the groundwork for the popular container orchestration platform to support CRI-O, readers of industry tea leaves predict containerd will establish itself as the de facto standard there.

"CRI-O seems to be something no one actually uses, but there's been community effort around it," said Gary Chen, an analyst at IDC, the Framingham, Mass., research firm. Its continued development, like that of CoreOS rkt, shows this is still a market where people like to have lots of alternatives, he said.

Once OCI testing and certification processes are established, work will progress more slowly. It's too soon to say what tack future OCI work will take, but container image distribution and signing could potentially be areas of focus, according to Docker reps.

Beth Pariseau is senior news writer for TechTarget's Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Next Steps

Open source Kubernetes projects advance container maturity

How Docker's container architecture evolved over time

Plan capacity in a containerized future

Dig Deeper on Managing Virtual Containers