The Cloud Foundry project has been working with containers since 2011. We’ve been running containers in production since the initial commercial product launch—first with Warden, then Garden, and now Garden-runC.
Most recently, we launched Pivotal Container Service (PKS), production-grade Kubernetes that allow enterprises to reliably deploy and run containerized workloads across private and public clouds. PKS eases Day 2 operations burdens for container orchestration with built-in high availability, monitoring, automated health checks, and more.
Pivotal was a founding member of the Open Container Initiative (OCI), a lightweight, open governance structure (project), formed in 2015 for the express purpose of creating open industry standards around container formats and runtime. The OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.
Pivotal’s work with containers is completely aligned with the purpose of the OCI. The first important milestone was to adopt OCI runC as Cloud Foundry’s core container runtime. All applications on Pivotal Web Services and all supported versions of Pivotal Cloud Foundry use runC. Learn more about OCI and Pivotal.
Cloud Foundry’s elastic runtime is a proven solution for container orchestration, scaling today to nearly 250,000 containers in a single cluster. Pivotal Cloud Foundry (PCF) is a complete platform that takes payloads from developers—either as compiled artifacts like jar and war files, or as pre-built container images—and provides a complete system to schedule and run these payloads.
PCF provides all the auxiliary services of a platform (e.g., load balancing, high availability, auto scaling, and unified logging). Developers can deploy (and redeploy) their apps manually using the
cf push command. Increasingly, teams want to automate this process with continuous integration/continuous delivery (CI/CD) pipelines.
PCF utilizes containers extensively (after all, Pivotal is an active contributor and supporter of the OCI). However, containers are only a part of the system. PCF orchestrates containers with ease—and of course, a cloud-native platform is much more than container orchestration. PCF includes many sub-systems acting together to coordinate, monitor, and support containers.
Cloud Foundry’s secure containerization is also part of a platform-wide, industry-leading security system for protecting apps in the cloud. The addition of AppArmor (a Mandatory Access Control System (MAC) and part of the mainline linux kernel that restricts a given program’s access inside a container to system resources like network, disk, etc.) and Seccomp (a Secure Computing Mode that is also part of the mainline linux kernel and restricts the set of system calls a program inside a container can access) to PCF’s existing container security and platform security, together with practices like Rotate, Repave, and Repair, can combine for dramatic improvement to default security postures and operational security.
component of a cloud-native platform