How do you bundle a cloud native application?


On servers, we use packages like DEB and RPM to bundle software applications. With the rise of containers, we use Docker and CoreOS rkt to move and “install” our programs. But, now that we’re moving on to cloud native computing, how do you “bundle” a cloud native application?

That’s a darn good question. A cloud native application can consist of private and public clouds using Kubernetes for container orchestration, Prometheus for monitoring, Open Tracing for application flow monitoring, Fluentd for logging, and on and on. You get the idea. And — oh did I mention — each of these need to be managed separately. 

In a word: “Ow!” 

As Microsoft Principal Software Development Engineer Matt Butcher wrote about cloud native applications (which are by definition distributed applications), “We’ve gotten the ‘distributed’ thing down, but in doing so, we may have neglected the ‘application’ part.”

Microsoft and Docker think they have an open-source answer: Cloud Native Application Bundles (CNAB). A cloud package format specification, CNAB describes a cloud agnostic technology for bundling, installing, and managing distributed applications. 

Butcher went on, “When we talk about distributed applications, we are referring to an architecture for building applications using the rich array of cloud services and/or on-premises resources at our disposal. But distributed applications introduce a layer of complexity, using numerous resources, tracking different versions, and managing multiple environments.”

So, to treat a distributed application as a single app, CNAB addresses three pain points::

  1. We need to be able to describe our application as a single artifact, even when it is composed of a variety of cloud technologies;
  2. We must be able to provision our applications without having to master dozens of tools; and
  3. We need to manage the life cycle (particularly installation, upgrade, and deletion) of our application.

To do this, CNAB relies on already familiar technologies such as JSON, Docker containers, and OpenPGP. It uses these to describe a format for packaging, installing, and managing distributed applications. 

It will then:

  • Manage discrete resources as a single logical unit that comprises an app.
  • Use and define operational verbs for lifecycle management of an app (install, upgrade, uninstall).
  • Sign and digitally verify a bundle, even when the underlying technology doesn’t natively support it.
  • Attest (or attach a signature to any moment in the life cycle of that bundle) and digitally verify that the bundle has achieved that state to control how the bundle can be used.
  • Enable the export of the bundle and all dependencies to reliably reproduce in another environment, including offline environments (IoT edge, air-gapped environments).
  • Store bundles in repositories for remote installation.

Does it work? Well, it’s early days still but you can start playing with it now. Docker has implemented CNAB in its docker-app experimental tool for building, packaging and managing cloud-native applications.

Docker developer Patrick Chanezon says that this “lets you package CNAB bundles as Docker images, so you can distribute and share through Docker registry tools including Docker Hub and Docker Trusted Registry. Additionally, Docker will enable organizations to deploy and manage CNAB-based applications in Docker Enterprise in the upcoming months.”

Microsoft has also released Duffle, an open-source CNAB client reference implementation. It can install, upgrade, and uninstall CNAB bundles. It can create new bundles, cryptographically sign them, and verify their integrity. Microsoft is also releasing a VS Code extension and graphical installer that can turn a bundle installation into a simple point-and-click experience.

While CNAB isn’t a Cloud Native Computing Foundation (CNCF) project, it’s not just a two company deal. Bitnami and HashiCorp also are involved in its creation. 

The result? Brendan Burns, Microsoft software engineer and Kubernetes co-founder, tweeted that it could ultimately mean “Imagine installing a complete distributed application from a USB stick.” That’s the dream. Let’s see it if can become reality.

This will not be easy. On the other hand, we need CNAB, or something like it, if cloud native applications are to become as easy to distribute as all the other applications we rely on in our companies.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.