The OCI (Open Container Initiative), the Linux Foundation's project for developing and maintaining standards in the software container community, has expanded its scope to include a spec for container images.
The OCI Image Format Spec answers a long-standing criticism of the group's efforts: that the standards for containers have thus far not extended to the container images.
It's what's inside that counts
CoreOS made this point late last year when the OCI formalized its efforts. "The OCI has solely focused on the runtime," wrote CoreOS CEO Alex Polvi, "which is more narrowly focused than we anticipated for the project."
The new specification, hosted on GitHub, proposes using the Docker 2.2 image format as a starting point for a common container image type, but the plan is not to remain fixed on it. The next steps will be to "improve any remaining technical concerns, and standardize and improve the understood properties of a container image format."
Under the new format, containers will have up to four layers: a base layer that's the actual image format itself, another layer for "integrity and content-addressing" (presumably to address some of CoreOS's concerns about security), and optional layers to support image signing and federated naming based on DNS.
Making existing Docker images obsolete isn't part of the plan and would be ill-received by all those who already have Docker in their production workflow. Instead, the idea is to ensure future images will share a common base and can be supported across runtimes.
A previous attempt by CoreOS to merge its and Docker's container image formats didn't take off. The two formats are more similar than different, but Docker objected to CoreOS using a pull request for Docker to signal its intentions.
With the OCI, the idea is to have an organization broader than either CoreOS or Docker alone to provide the format. As noted in the OCI's blog post, "[S]oon both Docker and [CoreOS's] rkt [runtime] will support a shared, standard container image format, with an open specification housed at the OCI."
Getting Docker and CoreOS's rkt to support the new image format shouldn't be too hard, since they've already done a lot of work to decouple the image format from the runtime. But they'll have to support previous image versions side by side with the next-generation ones for some time. If they're wise, the next revision of their tool sets ought to include some kind of conversion system to allow old-style images to be upgraded as painlessly as possible.