OCI Image Compatibility Working Group
Weekly on Monday
Pacific Time, 1000 PST (1900 CET; 1300 EST; 0400 AEST; 1200 CST)
Dial by your location
+1 646 558 8656 US (New York)
+1 669 900 6833 US (San Jose)
877 369 0926 US Toll-free
855 880 1246 US Toll-free
Meeting ID: 644 941 5895
Find your local number: https://zoom.us/u/aLDk4OXTu
template at the bottom
October 7, 2024
Recording: https://youtu.be/bx1xI_jKPYA
Attendees
- Marcin Franczyk
- Brandon Mitchell
- Vanessa Sochat
- add yourself
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Plan for testing with Containerd and Kubernetes
Notes
Notes from the zoom chat:
00:38:12 Marcin Franczyk: https://github.com/kubernetes-sigs/node-feature-discovery/tree/master/source
00:53:48 Marcin Franczyk: https://github.com/containerd/platforms/blob/main/platforms.go#L146
September 16, 2024
Recording: https://youtu.be/A6ntgBjFKzo
Attendees
- Brandon Mitchell
- Vanessa Sochat
- Marcin Franczyk
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Prefer field for image selection
- Image Compatibility prototype under NFD
- Status of the working group
Notes
July 15, 2024
Canceled - empty agenda.
July 8, 2024
Recording: https://youtu.be/Gvb83iiz7p8
Attendees
- Marcin Franczyk
- Brandon Mitchell
- Christian Kniep
- add yourself
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Image selection prototype
- Registry's sub-indexes created for each tag vs index size limit
- Artifact prototype outside of OCI
Notes
July 1, 2024
Canceled - no topics.
June 24, 2024
Recording: https://youtu.be/Z9BJ-rXlwzw
Attendees
- Brandon Mitchell
- Christian Kniep
- Victor Lu
- Dirk Müller
Notes
- What is the actual role of the wg-compatibility in the overall picture (for example interaction with the kubernetes scheduler)?
- could be on runtime and on scheduling level
- focus is on building a POC to convince downstream consumers before OCI group pushes a new standard
- Compared to fluid (https://www.cnfci.io/projects/fluid), which aims to optimize data locality and caching, how does it relate?
- OCI aims wider than just kubernetes
June 17, 2024
Recording: https://youtu.be/0QiRKKzkpZ4
Attendees
- Brandon Mitchell
- Marcin Franczyk
- Dirk Müller
- Victor Lu
- Vanessa Sochat
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
June 10, 2024
Recording: https://youtu.be/TPzRyi8tF9I
Attendees
- Dirk Müller
- Marcin Franczyk
- Patrik Flykt
- Vanessa Sochat
- add yourself
Actionable Agenda Items
Presentation/Discussion Agenda Items
June 3, 2024
Canceled - no topics.
May 27, 2024
Canceled - a holiday in the US.
May 20, 2024
Recording: https://youtu.be/IawP_05firA
Attendees
- Marcin Franczyk
- Brandon Mitchell
- Joe Huang
- Patrik Flykt
- add yourself
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Telco perspective on the image compatibility problem by Joe
- Proposals recording
- add your items
Notes
May 13, 2024
Recording: https://youtu.be/I332zIsTwTs
Attendees
- Marcin Franczyk
- Brandon Mitchell
- Victor Lu
- Vanessa Sochat
- add yourself
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Feedback from OCI maintainers - let's talk about how best to bring them into the loop
- Final design of compatibility artifact part 2 - let's talk about the scope and general feedback so far
- add your items
Notes
May 6, 2024
Recording: https://youtu.be/V9N4qpsRqjY
Attendees
- Marcin Franczyk
- Brandon Mitchell
- Victor Lu
- Christian Kniep
- Vanessa Sochat
- Dirk Müller
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
April 29, 2024
Recording: https://youtu.be/4HITIoTWuxA
Attendees
- Marcin Franczyk
- Brandon Mitchell
- Dirk Müller
- Victor Lu
- add yourself
Actionable Agenda Items
- Repurpose https://github.com/oci-playground for this working group - Brandon
- Create a Google doc for the final design of the artifact approach - Marcin
- add your items
Presentation/Discussion Agenda Items
- Proposals E and H review
- Containerd platforms matcher for improved image selection
- Plan to create the final design of an artifact approach
- We may repurpose https://github.com/oci-playground for this working group.
- Discussion on UXL and OneAPI
Notes
April 22, 2024
Recording: https://youtu.be/UfoxD_xFynk
Attendees
- Brandon Mitchell
- Dirk Müller
- Marcin Franczyk
- Bjorn Neergaard
- Victor Lu
- Vanessa Sochat
- Christian Kniep
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
April 15, 2024
Canceled - Container Plumbing Days
April 8, 2024
Recording: https://youtu.be/EErZRLWgDgU
Attendees
- Dirk Müller
- Patrik Flykt
- Marcin Franczyk
- Vanessa Sochat
- Stephen Day
- Christian Kniep
- Victor Lu
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Review of new proposals F and H
- OCI-defined labels vs community labels
Notes
April 1, 2024
Canceled
March 25, 2024
Recording: https://youtu.be/lM2CECFxH94
Attendees
- Marcin Franczyk
- Dirk Müller
- Brandon Mitchell
- Vanessa Sochat
- Victor Lu
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
March 18, 2024
- Meeting canceled for KubeCon EU.
March 11, 2024
Recording: https://youtu.be/tkOOGwTiorA
Attendees
- Marcin Franczyk
- Brandon Mitchell
- Victor Lu
- Patrik Flykt
- add yourself
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- The meeting has been canceled. Not enough participants.
March 4, 2024
Recording: https://youtu.be/mjbXRF5_OIA
Attendees
- Nathan Rini
- Bjorn Neergaard
- Patrik Flykt
- Marcin Franczyk
- Brandon Mitchell
- Vanessa Sochat
- add yourself
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Received feedback so far.
- Schema and spec for the final design - based on proposals B and D.
Notes
- Most in the group don't like the idea (from proposal B) of including a graph in the spec
February 26, 2024
Recording: https://youtu.be/vVexEmodAYI
Attendees
- Bjorn Neergard
- Victor Lu
- Brandon Mitchell
- Marcin Franczyk
- Vanessa Sochat
- Patrik Flykt
Actionable Agenda Items
- Make a list of OCI people who should provide us feedback - Marcin, Vanessa
- Schedule meetings with container runtime maintainers to get feedback about the artifact way for the image selection - Marcin
Presentation/Discussion Agenda Items
- Next steps for the working group.
Notes
- We try to get feedback from specific people about the proposals (OCI and other opinionated personas).
In the meantime, we try to consolidate the proposals.
We delay the decision to roll out a survey to external communities.
February 19, 2024
Recording: https://youtu.be/ftyFFYhChjA
Attendees
- Marcin Franczyk
- Patrik Flykt
- Brandon Mitchell
- Christian Kniep
- Victor Lu
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- Proposal A:
- Proposal B:
- Proposal D will be reviewed next week
- Next steps include
- Internal attempt to consolidate the proposals
- Presentation to external groups (e.g. runtime implementations) to gather their opinions
- Creating implementations in a sandbox (possibly reusing https://github.com/oci-playground)
February 12, 2024
Recording: https://youtu.be/FaYQ07Fye38
Attendees
- Christian Kniep
- Brandon Mitchell
- Bjorn Neergaard
- Marcin Franczyk
- Victor Lu
- Vanessa Sochat
Actionable Agenda Items
- Resolve all threads in the proposals.
Presentation/Discussion Agenda Items
Notes
February 5, 2024
Recording: https://youtu.be/JHeFbV5V_20
Attendees
- Christian Kniep
- Marcin Franczyk
- Brandon Mitchell
- Nathan Rini
Actionable Agenda Items
- Convert use cases to the requirements and push to the repo. - Marcin
- add your items
Presentation/Discussion Agenda Items
Notes
February 5, 2024
Recording: https://youtu.be/JHeFbV5V_20
Attendees
- Christian Kniep
- Marcin Franczyk
- Brandon Mitchell
- Nathan Rini
Actionable Agenda Items
- Convert use cases to the requirements and push to the repo. - Marcin
- add your items
Presentation/Discussion Agenda Items
Notes
January 29, 2024
Recording: https://youtu.be/dbJlO4dQLO8
Attendees
- Brandon Mitchell
- James Sturtevant
- Victor Lu
- Nathan Rini
- Marcin Franczyk
- Vanessa Sochat
- Dirk Müller
- Patrik Flykt
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Drawing the line between user configuration of applications and image compatibility on a node.
- Continue reviewing use cases
- add your items
Notes
January 22, 2024
Recording: https://youtu.be/nT47fo8Jr2o
Attendees
- Brandon Mitchell
- Vanessa Sochat
- Dirk Müller
- Christian Kniep
- Patrik Flykt
- Victor Lu
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Christian has a FOSDEM lightening talk that will cover image compatibility
- Continue reviewing use cases
- add your items
Notes
January 15, 2024
Recording: https://youtu.be/nDHQAEAzllc
Attendees
- Till Wegmueller
- Dirk Müller
- Christian Kniep
- Patrik Flykt
- Christian Kniep
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
January 8, 2024
Recording: https://youtu.be/8CjovCI3z64
Attendees
- Brandon Mitchell
- Vanessa Sochat
- Till Wegmueller
- Dirk Müller
- Marcin Franczyk
- Patrik Flykt
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
December 18, 2023 - Americas
Recording: https://youtu.be/JwxO6B7Rv0U
Attendees
- Brandon Mitchell
- Dirk Müller
- Victor Lu
- Marcin Franczyk
- Christian Kniep
- Wayne Mesard
- Vanessa Sochat
- Jason Du
- Patrik Flykt
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- Jan 8th is the next meeting.
- Vanessa and Marcin volunteers to be potential maintainers of tools/libs in the future.
December 18, 2023 - EU/AP
Recording: https://youtu.be/4cicm3RdH50
Attendees
- Marcin Franczyk
- Joe Huang
- Patrik Flykt
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- The meeting has been cancelled. Not enough participants.
December 11, 2023 - Americas
Recording: https://youtu.be/o8m420ET59U
Attendees
- Christian Kniep
- Dirk Muller
- Marcin Franczyk
- Wayne Mesard
- Brandon Mitchell
- Vanessa Sochat
- Victor Lu
- Patrik Flykt
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- We are still waiting for the repository permissions.
- FOSDEM talk has been submited.
- Use cases
- "As an image maintainer, I want to update compatibility without having to re-release and re-distribute my image." - runtime maintainers can have some objections with that.
December 11, 2023 - EU/AP
Recording: https://youtu.be/lPukR-IM9vA
Attendees
- Marcin Franczyk
- Joe Huang
- Patrik Flykt
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- The meeting has been cancelled. Not enough participants.
December 4, 2023 - Americas
Recording: https://youtu.be/g3w7yoYnuG4
Attendees
- Wayne Mesard
- Bjorn Neergaard
- Victor Lu
- Christian Kniep
- Dirk Muller
- Brandon Mitchell
- Marcin Franczyk
- Vanessa Sochat
- Eduardo Arango Gutierez
- Jason Du
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- Christian or Eduardo will submit a lightning talk for FOSDEM
- Compatibility could be validated also against a host footprint
- Consider restricted namespaces in the compatibility spec
- for instance restricted GPU namespaces that could be maintained by specific group
- We can extend platform variants for other architectures similar to ARM
- Brandon described a potential implementation for runtime image selection:
- Platform could be extended for some very common use cases (e.g. CPU chipset)
- Everything else can be delegated to attestations on the descriptor listed in the Index
- Attestations can be defined by 3rd parties that manage their own prefix (Nvidia, MPI, HPC/supercomputers, etc).
- Runtimes can be configured to prefer images with specific attestations (provisioning a node with an Nvidia GPU would have the Nvidia attestation listed in its runtime preferences).
- Image builders, when they create more than one image for a specific platform, would include specific attestations for those additional builds that are used by runtimes to pick alternative options.
- Runtimes always default to picking the first matching image if they have no preference between multiple matches (allowing a generic linux/amd64 image to be listed before one optimized for a specific CPU chipset).
December 4, 2023 - EU/AP
Recording: https://youtu.be/djRGEz_hHdI
Attendees
- Marcin Franczyk
- Patrik Flykt
- Joe Huang
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
- The meeting has been cancelled. Not enough participants.
November 27, 2023 - Americas
Recording: https://youtu.be/LKc6K4iW5KI
Attendees
- Marcin Franczyk
- Victor Lu
- Patrik Flykt
- James Sturtevant
- Vanessa Sochat
- Brandon Mitchell
Actionable Agenda Items
- add your items
- start google doc with use cases - Marcin
- get Brandon access to repo
Presentation/Discussion Agenda Items
- KubeCon Europe talk (19 – 22 March, 2024 · Paris, France) - "OCI Image Compatibility: Current Status And Expectations"
- Framework proposals: progress, deadlines etc.
Notes
- Before framework proposals we should come up with use cases.
- High level use cases:
- Cluster provisioning
- Node selection
- Image selection (from a multi-platform manifest)
- May want to define how tools can annotate their images and how runtimes can leverage those annotations without defining all the possible annotation values. -Brandon
- It's possible we'll have more than one output (one for image selection and another for node provisioning). -Brandon
November 27, 2023 - EU/AP
Recording: https://youtu.be/Yb2-vswMwgo
Attendees
- Marcin Franczyk
- Dirk Müller
- Patrik Flykt
- Zvonko Kaiser
- Till Wegmuller
- Joe Huang
Actionable Agenda Items
Presentation/Discussion Agenda Items
- KubeCon Europe talk (19 – 22 March, 2024 · Paris, France) - "OCI Image Compatibility: Current Status And Expectations"
- Framework proposals: progress, deadlines etc.
- UEFI/BIOS validation
Notes
- Signing and certification for encrypted images
- each time you you update the annotation you have to go through the procedure which is not ideal
- ideal to have artifact for independence
- for confidental use cases we should encrypt all image metadata
- if we go artifacts we should sign artifacts as well. Should the validation tool verify if artifact is signed?
- We should come up with deadline for framework proposals and discuss them on the meeting
- maybe 2 weeks would work?
- We should create validation tool that is vendor agnostic but should produce standard results
- The burden of configuring the host versus configuring the operating system should rest with the engineer configuring the host
November 20, 2023 - Americas
Recording: https://youtu.be/Kw7v6IyO1go
Attendees
- Vanessa Sochat
- Brandon Mitchell
- Bjorn Neergaard
- Patrik Flykt
- Marcin Franczyk
- Christian Kniep
- James Sturtevant
- Victor Lu
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Common compatibility fields
Notes
- Adding a platform to artifacts is supported, but also images should be anything that can run on a container runtime, so verify what is meant by artifact.
- Archspec: https://github.com/archspec/archspec
- Consider creating proposals, similar to the referrers working group.
- Consider building a framework instead of trying to describe all use cases and subjects for compatibility. Specific groups could express what they need over the framework.
November 20, 2023 - EU/AP
Recording: https://youtu.be/eiKe1PjmcMU
Attendees
- Marcin Franczyk
- Dirk Müller
- Zvonko Kaiser
- Patrik Flykt
Actionable Agenda Items
Presentation/Discussion Agenda Items
- Common compatibility fields
Notes
- Use Cases:
- Confidential Computing requirements
- Should we allow to define compatibility also for artifacts - the confidential computing requirements to pull distinct runtime artifacts, like SEV, TDX etc. based on hardware.
- Extensibility - provide the ability to define additional constraints in the compatibility schema
- Should we verify BIOS settings, some kernel configuration will not matter if specific BIOS settings are not set. This can result in false positive checks.
- Maybe we should set boundaries, for instance if kvm module is loaded we assume that the BIOS has enabled virtualization.
November 13, 2023 - Americas
Recording: https://youtu.be/yqIBLBvLYMs
Attendees
- Christian Kniep
- Bjorn Neergaard
- Vanessa Sochat
- Victor Lu
- Marcin Franczyk
- Joe Huang
- Brandon Mitchell
- James Sturtevant
- Till
Actionable Agenda Items
- Discuss what participants expect from the working group
- Discuss Image Compatibility use cases
Presentation/Discussion Agenda Items
Notes
- Is this for the index, image manifest, or even at the layer level?
- Disagreement on whether this applies to layers, image builders tend to output a collection of layers, desire to mix layers for some use cases
- Scheduling on nodes vs selecting image from index
- What level of detail is needed?
- Kernel
- features exposed some illumos branches/forks expose different capabilities
- versions required. allows retiering and updating of interfaces exposed by the kernel (we have versioned API's)
- Out of tree modules / hardware
- symbol versions, illumos API interface boundry is libc, thus it may be needed to inform the runtime about the type of libc required.
- Where will it be used?
- runtime image selection
- image distribution - discoverability
- scheduling (k8s scheduler)
- as metadata for the cluster admin to understand how to configure the cluster
- diagnostics/compatibility checks
- new tools, maybe back into other existing tools
- Where does this info live?
- artifact?
- baked into descriptor or index or manifest
- annotations: key/value pairs
- platform: can extend the json with needed structure
- Amending platform details after the image push?
- Would need to push a new index, but image manifest could be unchanged.
From the chat:
00:16:06 Bjorn Neergaard: They moved it under “Reactions” 😄
00:21:45 Bjorn Neergaard: Aha
00:21:49 Bjorn Neergaard: https://www.cyphar.com/blog/post/20190121-ociv2-images-i-tar is a pretty good writeup
00:25:06 Brandon Mitchell: "lazy loading"
00:28:34 Christian Kniep: Expectation of the container wrt to the host… correct
00:28:58 Bjorn Neergaard: Talked about Spack pretty extensively 😄
00:30:55 Vanessa Sochat: spack uses archspec to do similar assessments like that
00:32:14 Vanessa Sochat: lol this literally just happened to me
00:32:18 Bjorn Neergaard: 😄
00:32:19 Vanessa Sochat: just with arm :)
00:32:33 Bjorn Neergaard: Yeah, it’s the thing that is really painful for me with CRI
00:32:55 Bjorn Neergaard: Allegedly it was omitted on purpose so that it could be runtime-specific with annotations, but nobody has ever implemented, and good luck encoding that all into crictl
00:33:06 Vanessa Sochat: "wild west" of labels and annotations (brandon's phrasing)
00:33:10 Bjorn Neergaard: 100%
00:33:21 Bjorn Neergaard: I don’t think the K8s everything is an annotation makes sense to the runtime layer
00:33:44 Bjorn Neergaard: *sense all the way to the
00:36:05 Brandon Mitchell: First match, unless you know another entry is better, is what the spec defines.
00:36:17 Christian Kniep: So we need a matching object that describes the capabilities and needs of a system…
00:36:27 Bjorn Neergaard: Yeah, that’s what I call the “halfway” approach between spec-defined and implementation-defined 😄
00:38:32 Brandon Mitchell: I don't think runtimes want to query/pull artifacts of each index entry to determine which entry is best to run locally.
00:38:39 Bjorn Neergaard: I’m reminded of https://github.com/moby/moby/blob/master/contrib/check-config.sh
00:38:54 Bjorn Neergaard: And yes, as a runtime maintainer I’d want everything labeled on the package; I don’t want to have to open the box.
00:39:00 Christian Kniep: Replying to "I don't think runtim…"
I like to think we would like
00:39:07 Christian Kniep: Replying to "I don't think runtim…"
🙂
00:39:39 Brandon Mitchell: Reacted to "And yes, as a runtim…" with ➕
00:40:40 Bjorn Neergaard: Three main cases I can think of:
* Orchestrator scheduling (swarm/k8s/nomad)
* Runtime platform selection (containerd, CRI-O)
* Compatibility checks (diagnostic/vendor validation tooling)
00:41:47 Vanessa Sochat: yes! And the spec would not be the specific annotations, but the skeleton in which they are delivered
00:42:47 Vanessa Sochat: picking on kubernetes is good :)
00:45:20 Bjorn Neergaard: But you have to run that anywhere… Is the feature test a container? 😄
00:45:45 Bjorn Neergaard: I need to convince my colleague that designing a WASI component for interacting with the kernel is a good idea 😂
00:45:45 Vanessa Sochat: lol good point. I haven't thought that far!
00:46:11 Vanessa Sochat: We have reached infinite recursion!
00:46:13 Bjorn Neergaard: (so someone else gets to deal with syscall numbers being variable, the calling convention changing, etc etc…)
00:47:30 Marcin Franczyk: https://docs.google.com/document/d/1eGlZOyJIp3ZLIcwblCK4WgfHskiOqAjpovWtDw9mMGU/edit
00:48:00 Marcin Franczyk: https://github.com/mfranczy/compat/tree/sync/pkg/scanner/linux
00:49:36 Vanessa Sochat: "bake" - containers are like cake
00:50:48 Bjorn Neergaard: I’m drawn back to https://github.com/moby/moby/blob/master/contrib/check-config.sh
00:53:24 Brandon Mitchell: I would say it's valid but many of us want to go further into the automation.
00:53:51 Bjorn Neergaard: 100%, there’s not a lot of value to me over the shell script if it’s not useful at the orchestrator level (bubbled up using NRI) or the runtime level.
00:54:27 Bjorn Neergaard: As an ISV, I just write a validation tool/image/script for customers to diagnose if their system is sane today. That’s more flexible than something that is a declarative manifest.
00:54:33 Bjorn Neergaard: (err, recovering ISV)
00:57:05 Vanessa Sochat: well you have to have tools agree on something
00:57:10 Vanessa Sochat: WILD WEST!
00:57:38 Bjorn Neergaard: My “more structured” should be “more constrained:” the data-model is very limited.
00:57:51 Bjorn Neergaard: (as opposed to allowing arbitrarily complex data structures)
00:58:06 Vanessa Sochat: lonely registries push to themselves
00:58:15 Marcin Franczyk: Reacted to "lonely registries …" with 😂
00:58:47 Brandon Mitchell: Reacted to "lonely registries pu…" with 😂
01:01:26 Bjorn Neergaard: I still like the idea of discussing the partitions first (the “compatibility things”)
01:01:31 Bjorn Neergaard: As opposed to how we’d encode them/action on them yet
November 13, 2023 - EU/AP
Recording: https://youtu.be/2fZiZBM3_24
Attendees
- Christian Kniep
- Marcin Franczyk
- Joe Huang
Actionable Agenda Items
Discuss what participants expect from the working groupDiscuss Image Compatibility use cases
Presentation/Discussion Agenda Items
Notes
- The meeting has been cancelled. Not enough participants.
Template
Meeting Date
Attendees
Actionable Agenda Items
Presentation/Discussion Agenda Items
Notes
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe