Tech Insights

Containers enable consistent deployment and execution

Containers are popular with both developers and operators because they offer a simpler way to achieve deployment and execution consistency. They can also help to improve development and operations (DevOps) team handoffs.

Containers at Pivotal

The Cloud Foundry project has been working with containers since 2011. We’ve been running containers in production since the initial commercial product launch—first with Warden, then Garden, and now Garden-runC.

Most recently, we launched Pivotal Container Service (PKS), production-grade Kubernetes that allow enterprises to reliably deploy and run containerized workloads across private and public clouds. PKS eases Day 2 operations burdens for container orchestration with built-in high availability, monitoring, automated health checks, and more.

Commitment to OCI

Pivotal was a founding member of the Open Container Initiative (OCI), a lightweight, open governance structure (project), formed in 2015 for the express purpose of creating open industry standards around container formats and runtime. The OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.

Pivotal’s work with containers is completely aligned with the purpose of the OCI. The first important milestone was to adopt OCI runC as Cloud Foundry’s core container runtime. All applications on Pivotal Web Services and all supported versions of Pivotal Platform use runC. Learn more about OCI and Pivotal.

A Complete Platform for Container Deployment

Cloud Foundry’s elastic runtime is a proven solution for container orchestration, scaling today to nearly 250,000 containers in a single cluster. Pivotal Platform is a complete platform that takes payloads from developers—either as compiled artifacts like jar and war files, or as pre-built container images—and provides a complete system to schedule and run these payloads.

Pivotal Platform provides all the auxiliary services of a platform (e.g., load balancing, high availability, auto scaling, and unified logging). Developers can deploy (and redeploy) their apps manually using the cf push command. Increasingly, teams want to automate this process with continuous integration/continuous delivery (CI/CD) pipelines.

Pivotal Platform utilizes containers extensively (after all, Pivotal is an active contributor and supporter of the OCI). However, containers are only a part of the system. Pivotal Platform orchestrates containers with ease—and of course, a cloud-native platform is much more than container orchestration. Pivotal Platform includes many sub-systems acting together to coordinate, monitor, and support containers.

Cloud Foundry’s secure containerization is also part of a platform-wide, industry-leading security system for protecting apps in the cloud. The addition of AppArmor (a Mandatory Access Control System (MAC) and part of the mainline linux kernel that restricts a given program’s access inside a container to system resources like network, disk, etc.) and Seccomp (a Secure Computing Mode that is also part of the mainline linux kernel and restricts the set of system calls a program inside a container can access) to Pivotal Platform’s existing container security and platform security, together with practices like Rotate, Repave, and Repair, can combine for dramatic improvement to default security postures and operational security.

Containers are an embedded
component of a cloud-native platform

Ready to learn more about containers and Pivotal Platform? Review this comprehensive white paper, a recent blog post, and a useful podcast.

Considering containers?
Containers next steps