Docker announced that they have donated the cnab-to-oci library to the Cloud Native Application Bundle (CNAB) project. The library can convert and push CNAB application bundles to OCI-compliant registries by leveraging existing OCI abstractions.
The CNAB specification - originally co-developed by Docker, Microsoft, Hashicorp, Bitnami, Codefresh and others - is an attempt to be a cloud-agnostic solution for packaging and running distributed applications. Announced at DockerCon Europe 2018, CNAB uses the concept of a "bundle" to describe applications made up of multiple components, which can also utilize Helm charts, Kubernetes manifests, template/resource descriptions and Dockerfiles. The cnab-to-oci tool is a reference implementation for sharing these bundles using an OCI-compliant or Docker registry. It uses the OCI index from the OCI image specification - which is open about the kind of media that can be stored in it - to hold the CNAB bundle metadata and its referenced images in the registry.
A CNAB bundle is made up of the descriptor (bundle.json), the invocation image and a list of bundle repositories. The bundle.json is metadata that includes versioning information and configurable parameters. The actual logic - the installer - which has the workflow necessary for installing the application is in the invocation image. This can have declarative configurations from various tools like Helm charts and K8S manifests, and is used to manage the bundle lifecycle - install, upgrade and uninstall. The bundle repositories section is information about where to store and retrieve the referenced images.
The Open Containers Initiative (OCI) image spec has an "OCI image index", which is typically used by clients to fetch the list of supported manifests (or container images) for its platform. However, it can also be used to store other media, and is leveraged by the cnab-to-oci tool to store the bundle, the invocation image and the component images referenced by the bundle. The tool currently uses OCI annotations - which are optional - in the index to communicate the media type. There is a proposal to add a "mediaType" field to OCI which will obviate the use of annotations for this.
Although the primary goal of the cnab-to-oci tool is to package the bundle.json file into a format that can be stored in registries, it also attempts to ensure that all associated images in a bundle are stored in the same registry and can be transferred atomically between different registries. This would help end-users to have a consistent view of bundles.
cnab-to-oci is used by Docker App (which implements CNAB), Porter and duffle (a reference implementation of CNAB). There is no recommended way to distribute CNAB bundles - which is by design - but the CNAB Registries specification has a proposal to standardize the way OCI registries can be used for such distribution.