At Dockercon Europe 2018 held in Barcelona, Microsoft in collaboration with the Docker community announced Cloud Native Application Bundle (CNAB), which is an open-source, cloud-agnostic specification for packaging and running distributed applications.
Cloud Native Application Bundle (CNAB)
Cloud Native Application Bundle(CNAB) is the combined effort of Microsoft and the Docker community to provide a single all-in-one packaging format, which unifies management of multi-service, distributed applications across different toolchains. Docker is the first to implement CNAB for containerized applications. It plans to expand CNAB across the Docker platform to support new application development, deployment, and lifecycle management.
CNAB allows users to define resources that can be deployed to any combination of runtime environments and tooling including Docker Engine, Kubernetes, Helm, automation tools and cloud services.
Patrick Chanezon, technical staff at Docker Inc. writes, “Initially CNAB support will be released as part of our docker-app experimental tool for building, packaging and managing cloud-native applications. Docker lets you package CNAB bundles as Docker images, so you can distribute and share through Docker registry tools including Docker Hub and Docker Trusted Registry.”
Docker also plans to enable organizations to deploy and manage CNAB-based applications in Docker Enterprise soon.
Scott Johnston, Chief product officer at Docker, said, “this is not a Docker proprietary thing, this is not a Microsoft proprietary thing, it can take Compose files as inputs, it can take Helm charts as inputs, it can take Kubernetes YAML as inputs, it can take serverless artifacts as inputs.”
According to Microsoft, they partnered with Docker to solve issues with ISV (Independent Software Vendor) and enterprises including:
- To be able to describe their application as a single artifact, even when it is composed of a variety of cloud technologies
- Wanting to provision their applications without having to master dozens of tools
- They needed to manage lifecycle (particularly installation, upgrade, and deletion) of their applications
Added features that CNAB brings include:
- Manage discrete resources as a single logical unit that comprises an app.
- Use and define operational verbs for lifecycle management of an app
- Sign and digitally verify a bundle, even when the underlying technology doesn’t natively support it.
- Attest and digitally verify that the bundle has achieved that state to control how the bundle can be used.
- Enable the export of the bundle and all dependencies to reliably reproduce in another environment, including offline environments (IoT edge, air-gapped environments).
- Store bundles in repositories for remote installation.
According to a user review on Hacker News thread, “The goal with CNAB is to be able to version your application with all of its components and then ship that as one logical unit making it reproducible. The package format is flexible enough to let you use the tooling that you’re already using”.
Another user said, “CNAB makes reproducibility possible by providing unified lifecycle management, packaging, and distribution. Of course, if bundle authors don’t take care to work around problems with imperative logic, that’s a risk.”