Introducing a container packaging specification: Container Application Software for Enterprises (CASE)
A common packaging definition for many ways to install, manage, operate, upgrade, and uninstall complex software
On our team at IBM, we have a large number of containerized software products that are released every day, built using different packaging requirements, cluster requirements, and personas. At the same time, these products need to be consistent and have a common look and feel that shows they all come from the same company. We needed a packaging standard that can provide the structure needed for consistency but also be flexible and easy to use, not just for our own products, but for containerized software products anywhere. We created a container packaging specification called Container Application Software for Enterprises (CASE) to solve these issues, and now we want to share it with the larger developer community.
Like many people writing containerized software, we started with Helm charts. What we found is that while Helm is a great entry point into the world of containerized software, it is not extensible enough to handle all of the enterprise use cases we threw at it. We needed something different.
We know we’re not unique in this venture and that there are several new packaging specifications appearing across the industry. We hoped that one of them would be able to cover all of our use cases. We looked several, including Helm, Operator Lifecycle Manager (OLM), CNAB, and Docker. While most solve a lot of the problems we saw, none of them are agile or extensible enough today for our intended use. We knew that we needed something new, something that could address enterprise use cases:
- Install, manage, operate, upgrade, and uninstall complex software using multiple roles and personas.
- Manage software over multiple namespaces, in a multi-tenant cluster, or in a multi-cluster cloud.
- Provide the flexibility to allow for both simple and complex use cases. (We need both an “easy button” and to provide advanced configuration parameters.)
- Have a transparent and obvious security posture.
- Clearly state the product’s pedigree.
- Support consistency with prescriptive patterns and also be flexible.
If you’re struggling with the same issues that we were and not finding a total solution, take a closer look at what we created as CASE.
What is CASE?
The CASE specification defines metadata and structure for packaging a containerized application independent of the technology used to install and manage that software. I like to say that a CASE sits beside an application. It does not encompass it. What I mean is that you find references to Helm charts, container images, and even other CASEs within a CASE, but not the actual images, Helm charts, or CASEs themselves. It is a lightweight specification meant to be flexible and portable.
CASE is the preferred container packaging mechanism of IBM Cloud Paks. It provides first-class citizenship to Kubernetes resources, Helm charts, and Operator Lifecycle Manager artifacts.
Each CASE includes overall information about the application, one or more inventory items, a set of actor roles, a list of prerequisites, and a license for the CASE. Optionally, it can provide product licenses, product certifications, a signature to validate the contents of the CASE, and a digest to validate the artifacts that are referenced by the CASE.
You can see the full technical specification at github.com/ibm/case. We wanted to share it with teams that are struggling to find common ground across different containerized software packaging solutions.
Divide and conquer with inventory items
Inventory items contain the required or optional entities that make up a CASE and provide the ability to separate your product into consumable pieces. An inventory item can be as small as a README file or as large as your entire product. It defines a set of possible actions and also the roles, resources, and other prerequisites needed to complete that action.
Consider some sample scenarios:
- Does your product require pre-installation steps that a system administrator needs to complete? What about post-installation scripts for initializing a database or collecting logs? Create an inventory item that defines that action, specifies that the system administrator must execute that action, and include any scripts needed.
- Do you have a set of optional add-ons that can be installed after the product? Include them in a separate inventory item and make the product installation a prerequisite.
- Do you want to provide both a Helm-based version of your product and an operator version with OLM metadata? Define separate inventory items for both.
Inventory items are designed to be flexible enough to allow products to define the best way to package their products while also providing the stability of a well-defined structure.
Define as many roles as are needed to describe the personas involved in the installation and management of the product. Associate those roles with actions in the inventory items to clearly state who is responsible for what.
Prerequisites are compiled at the CASE level and then referenced in an inventory item. Define required Kubernetes resources and their versions, Kubernetes distributions such as IBM Cloud or Red Hat OpenShift, Helm and Tiller versions, and client-side prerequisites. Then combine prerequisites in an inventory item to create a simple or complex set of prerequisites for the product.
Transparent and obvious security
Security is of the utmost importance in today’s computing environment. CASE provides peace of mind with mechanisms that ensure the software you receive is the software you expect. Each CASE has the ability to provide a signature file to validate the contents of the CASE and a digest to validate the Helm charts, container images, and CASEs that the CASE references.
One CASE for multiple target clouds
Enterprise software is complicated and might require spanning multiple clouds and regions within a cloud infrastructure. Define the Kubernetes distributions required to manage your containerized software and assign them to inventory items to ensure that your product runs where it needs to.
Now that we introduced you to CASE, what’s next? Here are a few items you can look forward to:
- Tools! We are working on tools for creating, viewing, packaging, and managing a CASE.
- Offline and airgap solutions. How does a container-based workload install and update in a private, enterprise environment?
- Open sourcing of all of the above.
CASE provides first-class citizenship to Kubernetes resources, Helm charts, and Operator Lifecycle Manager artifacts. It is the preferred container packaging mechanism of IBM Cloud Paks. With CASE, you can install, manage, operate, upgrade, and uninstall complex software using multiple roles and personas. It is complex but lightweight. Review the CASE specification and see if it makes sense for use with your next containerized software project.