README
¶
Open Container Specifications
This project is where the Open Container Project Specifications are written. This is a work in progress. We should have a first draft by end of July 2015.
Table of Contents
The 5 principles of Standard Containers
Define a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container.
The specification for Standard Containers is straightforward. It mostly defines 1) a file format, 2) a set of standard operations, and 3) an execution environment.
A great analogy for this is the shipping container. Just like how Standard Containers are a fundamental unit of software delivery, shipping containers are a fundamental unit of physical delivery.
1. Standard operations
Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, Standard Containers can be created, started, and stopped using standard container tools (what this spec is about); copied and snapshotted using standard filesystem tools; and downloaded and uploaded using standard network tools.
2. Content-agnostic
Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.
3. Infrastructure-agnostic
Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.
4. Designed for automation
Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterparts, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.
Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.
Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.
5. Industrial-grade delivery
There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded onto the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in less time than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.
With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
Documentation
¶
Index ¶
Constants ¶
const Version = "pre-draft"
Version is the specification version that the package types support.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BlockIO ¶
type BlockIO struct {
// Specifies per cgroup weight, range is from 10 to 1000.
Weight int64 `json:"blkioWeight"`
// Weight per cgroup per device, can override BlkioWeight.
WeightDevice string `json:"blkioWeightDevice"`
// IO read rate limit per cgroup per device, bytes per second.
ThrottleReadBpsDevice string `json:"blkioThrottleReadBpsDevice"`
// IO write rate limit per cgroup per divice, bytes per second.
ThrottleWriteBpsDevice string `json:"blkioThrottleWriteBpsDevice"`
// IO read rate limit per cgroup per device, IO per second.
ThrottleReadIOpsDevice string `json:"blkioThrottleReadIopsDevice"`
// IO write rate limit per cgroup per device, IO per second.
ThrottleWriteIOpsDevice string `json:"blkioThrottleWriteIopsDevice"`
}
type CPU ¶
type CPU struct {
Shares int64 `json:"shares"`
// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
Quota int64 `json:"quota"`
// CPU period to be used for hardcapping (in usecs). 0 to use system default.
Period int64 `json:"period"`
// How many time CPU will use in realtime scheduling (in usecs).
RealtimeRuntime int64 `json:"realtimeRuntime"`
// CPU period to be used for realtime scheduling (in usecs).
RealtimePeriod int64 `json:"realtimePeriod"`
// CPU to use within the cpuset.
Cpus string `json:"cpus"`
// MEM to use within the cpuset.
Mems string `json:"mems"`
}
type HugepageLimit ¶
type IDMapping ¶
type IDMapping struct {
// HostID is the uid/gid of the host user or group.
HostID int32 `json:"hostID"`
// ContainerID is the uid/gid of the container's user or group.
ContainerID int32 `json:"containerID"`
// Size is the length of the range of IDs mapped between the two namespaces.
Size int32 `json:"size"`
}
IDMapping specifies uid/gid mappings.
type InterfacePriority ¶
type Linux ¶
type Linux struct {
// UidMapping specifies user mappings for supporting user namespaces on linux.
UidMappings []IDMapping `json:"uidMappings"`
// UidMapping specifies group mappings for supporting user namespaces on linux.
GidMappings []IDMapping `json:"gidMappings"`
// Rlimits specifies rlimit options to apply to the container's process.
Rlimits []Rlimit `json:"rlimits"`
// Sysctl are a set of key value pairs that are set for the container on start.
Sysctl map[string]string `json:"sysctl"`
// Resources contain cgroup information for handling resource constraints
// for the container.
Resources Resources `json:"resources"`
// Namespaces contains the namespaces that are created and/or joined by the container.
Namespaces []Namespace `json:"namespaces"`
// Capabilities are linux capabilities that are kept for the container.
Capabilities []string `json:"capabilities"`
// Devices are a list of device nodes that are created and enabled for the container.
Devices []string `json:"devices"`
}
Linux contains platform specific configuration for linux based containers.
type LinuxSpec ¶
type LinuxSpec struct {
Spec
// Linux is platform specific configuration for linux based containers.
Linux Linux `json:"linux"`
}
LinuxSpec is the full specification for linux containers.
type Memory ¶
type Memory struct {
// Memory limit (in bytes)
Limit int64 `json:"limit"`
// Memory reservation or soft_limit (in bytes)
Reservation int64 `json:"reservation"`
// Total memory usage (memory + swap); set `-1' to disable swap
Swap int64 `json:"swap"`
// Kernel memory limit (in bytes)
Kernel int64 `json:"kernel"`
// How aggressive the kernel will swap memory pages. Range from 0 to 100. Set -1 to use system default.
Swappiness int64 `json:"swappiness"`
}
type Mount ¶
type Mount struct {
// Type specifies the mount kind.
Type string `json:"type"`
// Source specifies the source path of the mount. In the case of bind mounts on
// linux based systems this would be the file on the host.
Source string `json:"source"`
// Destination is the path where the mount will be placed relative to the container's root.
Destination string `json:"destination"`
// Options are fstab style mount options.
Options string `json:"options"`
}
Mount specifies a mount for a container.
type Namespace ¶
type Namespace struct {
// Type is the type of linux namespace.
Type string `json:"type"`
// Path is a path to an existing namespace persisted on disk that can be joined
// and is of the same type.
Path string `json:"path"`
}
Namespace is the configuration for a linux namespace.
type Network ¶
type Network struct {
// Set class identifier for container's network packets.
ClassID string `json:"classId"`
// Set priority of network traffic for container.
Priorities []InterfacePriority `json:"priorities"`
}
type Platform ¶
type Platform struct {
// OS is the operating system.
OS string `json:"os"`
// Arch is the architecture
Arch string `json:"arch"`
}
Platform specifies OS and arch information for the host system that the container is created for.
type Process ¶
type Process struct {
// Terminal creates an interactive terminal for the container.
Terminal bool `json:"terminal"`
// User specifies user information for the process.
User User `json:"user"`
// Args specifies the binary and arguments for the application to execute.
Args []string `json:"args"`
// Env populates the process environment for the process.
Env []string `json:"env"`
// Cwd is the current working directory for the process and must be
// relative to the container's root.
Cwd string `json:"cwd"`
}
Process contains information to start a specific application inside the container.
type Resources ¶
type Resources struct {
// DisableOOMKiller disables the OOM killer for out of memory conditions.
DisableOOMKiller bool `json:"disableOOMKiller"`
// Memory restriction configuration.
Memory Memory `json:"memory"`
// CPU resource restriction configuration.
CPU CPU `json:"cpu"`
// BlockIO restriction configuration.
BlockIO BlockIO `json:"blockIO"`
// Hugetlb limit (in bytes)
HugepageLimits []HugepageLimit `json:"hugepageLimits"`
// Network restriction configuration.
Network Network `json:"network"`
}
type Rlimit ¶
type Rlimit struct {
// Type of the rlimit to set.
Type int `json:"type"`
// Hard is the hard limit for the specified type.
Hard uint64 `json:"hard"`
// Soft is the soft limit for the specified type.
Soft uint64 `json:"soft"`
}
Rlimit type and restrictions.
type Root ¶
type Root struct {
// Path is the absolute path to the container's root filesystem.
Path string `json:"path"`
// Readonly makes the root filesystem for the container readonly before the process is executed.
Readonly bool `json:"readonly"`
}
Root contains information about the container's root filesystem on the host.
type Spec ¶
type Spec struct {
// Version is the version of the specification that is supported.
Version string `json:"version"`
// Platform is the host information for OS and Arch.
Platform Platform `json:"platform"`
// Process is the container's main process.
Process Process `json:"process"`
// Root is the root information for the container's filesystem.
Root Root `json:"root"`
// Hostname is the containers host name.
Hostname string `json:"hostname"`
// Mounts profile configuration for adding mounts to the container's filesystem.
Mounts []Mount `json:"mounts"`
}
Spec is the base configuration for the container. It specifies platform independent configuration.
type User ¶
type User struct {
// Uid is the user id.
Uid int32 `json:"uid"`
// Gid is the group id.
Gid int32 `json:"gid"`
// AdditionalGids are additional group ids set the the container's process.
AdditionalGids []int32 `json:"additionalGids"`
}
User specifies linux specific user and group information for the container's main process.
Source Files