The initial security model for CNAB was designed alongside the core specification. But it was not necessarily designed to provide a great user experience. The core specification is written with air-gapped environments in mind, as is the security specification. So is installing one on your Mac, Linux box, or PC. True, there are specific services (like PaaS) that make this manageable for a small segment of the ecosystem. Duffner continued, “Modern applications are made up of a wide range of comp… For a list of trademarks of The Linux Foundation, please see our, Set up object storage and cloud databases databases, Load containerized workloads onto clusters like Kubernetes, but perhaps not only Kubernetes, Manage virtual networks and resources like load balancers, Interoperate with policy and identity control tools, Make it possible and even easy for developers to introduce support for new services and tools. And right now, the newly released Docker. Two years ago, my team sat down and asked a straightforward question: Why is installing, upgrading, and deleting applications from the cloud is such a challenge? It is not a platform-specific tool, and developers can bundle applications targeting environments spanning IaaS (like OpenStack or Azure), container orchestrators (like Kubernetes or Nomad), container runtimes (like local Docker or ACI), and cloud platform services (like object storage or Database as a Service). It is not a platform-specific tool, and developers can bundle applications targeting environments spanning IaaS (like OpenStack or Azure), container orchestrators (like Kubernetes or Nomad), container runtimes (like local Docker or ACI), and cloud platform services (like object storage or Database as a Service). At the end of last year, they explained how CNAB worked with application templates in Docker Desktop. We have even experimented with a graphical, The Linux Foundation introduces Cloud Engineer Bootcamp for cloud job seekers (ZDNet), Lenovo’s Massive Ubuntu And Red Hat Announcement Levels Up Linux In 2020 (Forbes), Goldman Sachs Open Sources its Data Modeling Platform through FINOS, Introducing the Open Governance Network Model, Why Congress should invest in open-source software (Brookings), Open Source Processes Driving Software-Defined Everything (LinuxInsider), Amundsen: one year later (Lyft Engineering). With this combination of specification and tooling, we’re optimistic that you can get started with CNAB today. Send us a pull request! several groups in Azure are also evaluating the use of CNAB as a delivery and operational pillar. All rights reserved. Initially announced at DockerCon EU in December of 2018, our combined team has continued to work on the specifications, build tools, and explore better ways of delivering an easy-to-use cloud packaging experience. CNAB is intended to work well in these environments as well. Our goal with CNAB is to provide a package management story for the cloud. The First Bundle Bringing container magic to cloud-native applications Cloud Native Application Bundles: A Simple Way to Install Software on Kubernetes (or Any Other Runtime) The First Bundle Footage of the first bespoke bundle coming into existance. For example, one tool can “claim” ownership over an application deployment, while another tool can access the shared information about that application and how it was deployed. “As modern applications continue to grow in complexity, there’s an immediate need to simplify how these multiservice, distributed applications are built, shared and run,” said Robert Duffner, director of alliance marketing at Docker. Why break down into multiple specifications in the first place? It means that you can build a bundle with tool A, install it with tool B, then upgrade it or uninstall it with tool C - so the following workflow could be possible: The arguments and flags passed to the tools above are not representative. As everything from our daily meetings to our kids’ classrooms has gone online, we are reminded daily of what a potent boon cloud technologies have become. Store bundles in repositories for remote installation. Late last year, the CNAB (Cloud Native Application Bundles) specification was announced - the news made it to TechCrunch and other tech publications, and partner organizations wrote about how they’re using CNAB (for example Docker, Pivotal, or Bitnami). Porter and Duffle already support claims, but we are excited to get a formal standard that enables information sharing across all of the tools in the CNAB ecosystem. But when it comes to a high-level solution, we are still left doing the orchestration of things either by hand or with bespoke tools. There are multiple public (and even more still private) projects that implement parts of the CNAB specification, or use CNAB as a way of deployment: If a tool or platform wants to be CNAB compliant, it must implement the core specification, but it can choose not to implement the distribution or security specifications. There you will find not only the specifications, the common source libraries (like, ), and our full command-line reference implementation. So what is CNAB? Docker initially announced their CNAB support for Docker Apps with a great architectural introduction. So what does stabilizing the core specification mean for the community? We have even experimented with a graphical CNAB installer, and have some VS Code extensions to improve the development process. While the core cloud technologies like virtual machines and object storage have been around for over a decade, and a rich tapestry of cloud infrastructure exists, managing cloud applications remains a challenge. But we wanted to make sure we did our due diligence. There you will find not only the specifications, the common source libraries (like cnab-go), and our full command-line reference implementation duffle. In that case, we can reuse a considerable amount of cloud infrastructure, easily moving packages around–even across air-gapped boundaries. According to the official specification: CNAB is a standard packaging format for multi-component distributed applications.