Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CNAB: Packagaging for Applications with Multipl...

CNAB: Packagaging for Applications with Multiple Toolchains

Talk from Skills Matter in London introducing CNAB, the Cloud Native Application Bundles specification, and associated tooling.

Gareth Rushgrove

January 23, 2019
Tweet

More Decks by Gareth Rushgrove

Other Decks in Technology

Transcript

  1. This talk - A little background What is the user

    need behind CNAB? - Diving into the CNAB specification Core concepts and state of play - Emerging CNAB tools What tools have been built so far? An introduction to Cloud Native Application Bundles
  2. Helm, Kustomize, Docker, Compose, Kubernetes configs, Puppet, Chef, Salt, Ansible,

    Ksonnet, Pulumi, Pallet, Kops, Terraform, Kubespray, AWS CDK, Cloudformation, Serverless Framework, Azure Resource Manager, ...
  3. Helm, Kustomize, Docker, Compose, Kubernetes configs, Puppet, Chef, Salt, Ansible,

    Ksonnet, Pulumi, Pallet, Kops, Terraform, Kubespray, AWS CDK, Cloudformation, Serverless Framework, Azure Resource Manager, ...
  4. Helm, Kustomize, Docker, Compose, Kubernetes configs, Puppet, Chef, Salt, Ansible,

    Ksonnet, Pulumi, Pallet, Kops, Terraform, Kubespray, AWS CDK, Cloudformation, Serverless Framework, Azure Resource Manager, ...
  5. Multi-service apps often use multiple toolchains Which means distributing lots

    of versions of lots of tools, often separately from the application
  6. Large organisations often have a diversity of toolchains Which means

    distributing lots more versions of lots more tools
  7. CNAB isn’t trying to solve the whole problem Just the

    bits we can build agreement around
  8. Metadata Fundamental parts What do we mean when we say

    package On-disk representation Execution Distribution
  9. Terraform Cloud Formation Azure Resource Manager Compose Helm Pulumi etc.

    Terraform Module None None None Helm Chart None etc. Terraform Module Registry None None None Helm Chart Repository None etc.
  10. Terraform Cloud Formation Azure Resource Manager Compose Helm Pulumi etc.

    Terraform Module None None None Helm Chart None etc. CNAB compatible registries Compatibility between repositories/registries should reduce the upfront cost for adopting new technologies that utilise CNAB. You’ll already have a compatible package registry in place.
  11. Terraform Cloud Formation Azure Resource Manager Compose Helm Pulumi etc.

    Standard tools for creating packages for different toolchains Today not all tools have a package concept, CNAB makes that easier to implement in a standard way, either in technology-specific tooling (better UX) or generic tooling (no need to wait for integration) CNAB compatible registry
  12. CNAB is more like MSI than Helm Charts or Terraform

    Modules It’s not tool specific, it’s about compatibility between tools
  13. Metadata CNAB parts What do we mean when we say

    package On-disk representation Execution bundle.json Specified file system layout OCI runtime with specified entry point and arguments Distribution OCI image and distribution specifications
  14. Invocation Image - A file system hierarchy following a defined

    pattern - A executable entry point responsible for translating action requests (install, upgrade,...) to a sequence of tasks - Runtime metadata - The material necessary for reproducing the invocation image Referenced in the bundle.json
  15. Building a CNAB with duffle $ duffle build ./examples/helloworld/ Step

    1/5 : FROM alpine:latest ---> 196d12cf6ab1 Step 2/5 : RUN apk add -u bash ---> Using cache ---> 54b3a85c5c2e Step 3/5 : COPY Dockerfile /cnab/Dockerfile ---> Using cache ---> cd6f4ff8d83d Step 4/5 : COPY app /cnab/app ---> 38a482447ffd Step 5/5 : CMD ["/cnab/app/run"] ---> Running in 8b22055f0a37 ---> e5c795c2a1f4 Successfully built e5c795c2a1f4 Successfully tagged deislabs/helloworld-cnab:64dfc7c4d825fe87506dbaba6ab038eafe2a486d ==> Successfully built bundle helloworld:0.1.0
  16. Installing a CNAB with duffle $ duffle install helloworld-demo -c

    helloworld-creds helloworld:0.1.0 Executing install action... hello world Install action Action install complete for helloworld-demo
  17. Start with a Compose file $ cat docker-compose.yml version: '3.6'

    services: hello: image: hashicorp/http-echo:${version} command: ["-text", "${text}"] ports: - ${port}:5678
  18. Provide metadata and parameters $ cat metadata.yml version: 0.1.0 name:

    hello description: sample app for DockerCon maintainers: - name: garethr email: [email protected] $ cat parameters.yml port: 8765 text: hello DockerCon version: latest
  19. Install and upgrade your application $ docker-app install Waiting for

    the stack to be stable and running... hello: Ready Stack hello is stable and running $ docker-app status ID NAME MODE REPLICAS IMAGE PORTS 38e1cec8-f88 hello_hello replicated 0/0 hashicorp/http-echo:latest *:8765->5678/tcp $ docker-app upgrade hello --set port=9876 --set text="hello again" Waiting for the stack to be stable and running... hello: Ready Stack hello is stable and running
  20. Get information about your bundle $ docker-app inspect hello 0.1.0

    Maintained by: garethr <[email protected]> sample app for DockerCon Service (1) Replicas Ports Image ----------- -------- ----- ----- hello 1 8765 hashicorp/http-echo:latest Parameters (3) Value -------------- ----- port 8765 text hello DockerCon version latest
  21. Push bundles to Docker Hub $ docker-app push --namespace garethr

    The push refers to repository [docker.io/garethr/hello] b86b3b8bd0d3: Pushed 6b91c6b22046: Mounted from garethr/myapp ead7fcac6d91: Mounted from garethr/myapp df64d3292fd6: Mounted from garethr/myapp 0.1.0-invoc: digest: sha256:9f5fa85893cc87024a74b2261d19a309e5de55dff5e43d19fcf1d2f2657dbe2a size: 1157 Successfully pushed garethr/hello:0.1.0@sha256:1f7f2ac9ce061f7727addce5843d65fb052382f4e5f92dd38dd519b5e9b1e60a $ docker-app install garethr/hello:0.1.0 Waiting for the stack to be stable and running... hello: Ready Stack hello is stable and running
  22. bundle.json and Invocation Image $ docker-app bundle Invocation image "hello:0.1.0-invoc"

    successfully built $ docker image ls hello REPOSITORY TAG IMAGE ID CREATED SIZE hello 0.1.0-invoc cfd34904554c 6 days ago 40.1MB $ cat bundle.json { "name": "hello", "version": "0.1.0", "description": "sample app for DockerCon", "maintainers": [ { "name": "garethr", "email": "[email protected]", "url": "" }
  23. By creating CNAB bundles we get a GUI installer for

    free, in the form of duffle-bag Why we adopted CNAB?
  24. We can also more easily add support for different toolchains,

    all in the same signed package Why we adopted CNAB?
  25. Describe actions using mixins $ cat porter.yaml mixins: - exec

    name: hello version: 0.1.0 invocationImage: porter-hello:latest install: - description: "Say Hello" exec: command: bash arguments: - -c - echo Hello World uninstall: - description: "Say Goodbye"
  26. Write Bundle configuration in Python import json from cnab import

    Bundle, InvocationImage bundle = Bundle( name="hello", version="0.1.0", invocation_images=[ InvocationImage( image_type="docker", image="technosophos/helloworld:0.1.0", digest="sha256:aaaaaaa...", ) ], ) print(json.dumps(bundle.to_dict(), indent=4))
  27. Running a CNAB from Python from cnab import CNAB app

    = CNAB("fixtures/hellohelm/bundle.json") # list available actions print(app.actions) # list available parameters print(app.parameter) # list required credentials print(app.credentials) # Here we pass the value for the required credential # in this case by reading the existing configuration from disk with open("/home/garethr/.kube/config") as f: print(app.run("status", credentials={"kubeconfig": f.read()}))
  28. Conclusions - CNAB is a specification first Think MSI or

    OSI rather than Helm Charts - Early days, but lots of hacking potential Client libraries, contribute to existing tools, integrate your own software - Get involved #cnab on CNCF Slack, or open issues on the GitHub repository If all you remember is...