The State of Open Containers

Innovation Through Standardization

Scott McCarty

Senior Principal Product Manager

Red Hat Enterprise Linux Server

1

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

In this talk you will learn about:

​

• The State of OCI Today
• Exciting developments
• The Future

Abstract

Scott McCarty

Senior Principal Product Manager, RHEL Server

2

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Secretly, I’d also like to convey:

​

• Why OCI is here to stay
• Why source containers are important
• How WASM has the potential to change the world

Abstract

Evil Scott McCarty

Senior Principal Evil Product Manager, RHEL Server

3

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Mission of The Open Containers Initiative

Abstract

The Open Container Initiative (OCI) is a lightweight, open governance structure (project), formed under the auspices of the Linux Foundation, for the express purpose of creating open industry standards around container formats and runtimes.

4

​

The State of OCI Today

5

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

.

The Open Containers Initiative is Responsible

The State of OCI Today

For multiple standards

• Image: A container image, in its simplest definition, is a file which is pulled down from a Registry Server and used locally as a mount point when starting Containers.
• Runtime: a lower level component typically used in a Container Engine but can also be used by hand for testing. The runc program is the reference implementation.
• Distribution: Governs the communication between a Container Registry and a Container Engine for pulling or pushing Images

6

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Distribution

The State of OCI Today

Compatibility between Container Registries and Engines

• It’s standardized
• It’s working well
• It’s boring (this is a good thing)
• Version 1.1 is pre-release

7

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Image

The State of OCI Today

Use cases for OCI container images have expanded dramatically

Development and operations teams have mature Registry infrastructure with security, scanning, etc.

• Version 1.1 is pre-release
• Source containers
• Signatures (Sigstore, Cosign)
• Software Bill of Materials (SBOM)
• Helm charts
• Singularity
• Tekton Bundles

8

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Runtime

The State of OCI Today

Other types of workloads

• Virtual machines with:
• Kata Containers
• KubeVirt
• libkrun
• WASM binaries with
• crun
• containerd
• Cgroup v2 adoption

9

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Exciting developments

10

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

.

New Technologies

Exciting Developments

Next generation of containers

• Sigstore/Cosign: Sigstore empowers software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored in a tamper-resistant public log.
• WASM: WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.

11

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Exciting Developments

How Sigstore changes things:

• End to end security between the artifact and the container engine
• Super easy to use comparatively
• Combines nicely with SBOM

​

Sigstore

State of the art

What we do today:

• Rely on SSL for security
• Red Hat provides GPG signatures
• Most people don’t verify at all (bad)

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Exciting Developments

Cloud Native Use Cases

• Very fast startup times
• Serverless style use case
• More about the control plane performance than the runtime performance

​

WASM

Very exciting use-cases

Traditional Use Cases

• Cross platform binaries
• Combined security with containers
• Use existing Registry infrastructure

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Exciting Developments

Demo

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

The Future

15

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

.

Things I’m excited about

The Future

From my perspective…

• Improved serverless-like services for developers
• Improved cross platform interactions
• Improved security

16

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Other Great Talks

The Future

At Container Plumbing Days

March 22nd

• 1730 UTC: When Podman Desktop Eats, CLI Dwellers Eat Too by Urvashi Mohnani, Ashley Cui

March 23rd

• 1500 UTC: WASM/WASI and Cloud Ecosystem by Aditya Rajan, Giuseppe Scrivano
• 1600 UTC: bootc - A new project for bootable containers by Colin Walters
• 1700 UTC: Future of CRI and Container Runtimes by Mrunal Patel (Red Hat), Peter Hunt (Red Hat), Alexander Kanevskiy (Intel), Sascha Grunet (Red Hat), Michael Brown (IBM)

17

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Join The OCI

The Future

At Container Plumbing Days

• https://opencontainers.org/community/overview/
• Open meetings
• Mailing list
• Chat
• Github
• Technical Oversight Board (TOB)
• Trademark Board
• Other special topics working groups

18

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Thank you

Red Hat is the world’s leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make �Red Hat a trusted adviser to the Fortune 500.

19

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHat

@fatherlinux

https://www.linkedin.com/in/fatherlinux/

Questions and Comments?

Closing

20

@fatherlinux

https://www.linkedin.com/in/fatherlinux/