CNAB Specification for Deploying Apps Advances

A Cloud Native Application Bundle (CNAB) specification that promises to make it easier to deploy software has now become an official project within the Joint Development Foundation, an arm of the Linux Foundation dedicated to defining open source standards.

Originally proposed by Microsoft, Docker Inc., HashiCorp and Bitnami, the CNAB specification provides a format for describing how the artifacts that a cloud-native distributed application needs should be installed, along with how to install, upgrade and delete an entire application. The CNAB core 1.0 specification has now reached formal draft status, with additional support now coming from Pivotal Software, Intel and Datadog.

The current reference implementation of the specification, dubbed Duffle, soon will be updated to comply with the latest version of the CNAB core specification. There is also a CNAB Registry specification that describes how bundles can be stored in remote locations and exported and a CNAB Security specification describing how to use The Update Framework (TUF) to build more secure OCI registries.

In the meantime, vendors already are moving forward with tools that comply with the CNAB specification.

Microsoft has released Porter, an opinionated development and deployment tool based on CNAB that is integrated with Terraform and Kubernetes to simplify the deployment of distributed applications based on containers. It also has the Visual Studio Code Porter extension and graphical installer for bundles, which provides access to graphical user interfaces for interacting with CNAB bundles.

Docker Inc. has Docker App, an opinionated CNAB builder and installer that leverages the Docker Compose format to define applications. CNAB is also employed with the application templates provided within Docker Desktop Enterprise.

Pivotal has created the Pivotal Build Service, available in alpha, to provide a declarative way to build an OCI-compatible container image from source code that uses CNAB to deploy the service on Kubernetes clusters.

Jenny Fong, senior director of product marketing for Docker Inc., says the CNAB specification has moved beyond the initial experimentation phase to become stable enough for developers to start employing more broadly. CNAB reduces much of the workflow pain and agony that developers encounter when trying to implement continuous delivery across hybrid cloud computing environments, she says.

CNAB also will soon play a critical role in making it easier to reuse microservices based on containers across applications, adds Fong. That capability alone should significantly reduce the amount of time and effort associated with building applications that, in many cases, employ a common set of functions.

It may be a while yet before CNAB transforms software delivery as organizations have long known it. However, significant changes are on the way. While most organizations have invested in continuous integration/continuous deployment (CI/CD) platforms, achieving continuous delivery has remained an elusive goal. Obviously, there’s a lot more that needs to go into achieving that specification. However, an open specification describing how distributed applications should be installed, upgraded and deleted represents a significant foundational advance.

Mike Vizard

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 660 posts and counting. See all posts by Mike Vizard