Compatibility of Container Images: A Key to Reliability in Cloud Environments

In industries where systems must operate with utmost reliability and stringent performance requirements, such as telecommunications, high-performance, or AI computing, containerized applications often require specific operating system configurations or hardware. It is common practice to demand certain versions of the kernel, its configuration, device drivers, or system components.

Despite the existence of the Open Container Initiative (OCI), a community that defines standards and specifications for container images, there was a gap in expressing such compatibility requirements. The need to address this issue led to various proposals and ultimately to an implementation in the Kubernetes project Node Feature Discovery (NFD).

NFD is an open-source Kubernetes project that automatically detects and reports hardware and system features of cluster nodes. This information helps users schedule workloads on nodes that meet specific system requirements, which is particularly useful for applications with strict hardware or operating system dependencies.

The Need for an Image Compatibility Specification

Dependencies Between Containers and Host OS

A container image is built on a base image that provides a minimal runtime environment, often a stripped-down Linux userland that is completely empty or distroless. When an application requires specific features from the host OS, compatibility issues arise. These dependencies can manifest in various ways:

• Drivers: Host driver versions must match the supported range of a library version within the container to avoid compatibility issues. Examples include GPUs and network drivers.
• Libraries or Software: The container must be delivered with a specific version or range of versions for a library or software to function optimally in the environment. Examples from high-performance computing include MPI, EFA, or Infiniband.
• Kernel Modules or Functions: Certain kernel functions or modules must be present. Examples include support for read-only large page faults or the presence of VFIO.
• And more…

While containers in Kubernetes likely represent the most common abstraction unit for these needs, the definition of compatibility can extend further to include other container technologies like Singularity as well as other OCI artifacts such as binaries from a Spack binary cache.

Challenges in Multi-Cloud and Hybrid-Cloud Environments

Containerized applications are deployed across various Kubernetes distributions and cloud providers, with different host operating systems presenting compatibility challenges. Often, these must be pre-configured before deploying workloads or are immutable.

Different cloud providers offer different operating systems such as:

• RHCOS/RHEL
• Photon OS
• Amazon Linux 2
• Container-Optimized OS
• Azure Linux OS
• And more…

Each OS comes with unique kernel versions, configurations, and drivers, making compatibility for applications requiring specific features a non-trivial matter. It must be possible to quickly assess whether a container is suitable to run in a particular environment.

The new specification for container image compatibility can be crucial here. By improving transparency and the ability to validate system requirements, the reliability of applications in cloud environments is significantly enhanced.

At ayedo, we support companies in overcoming these challenges and using Kubernetes efficiently to fully leverage the benefits of a containerized architecture.

Source: Kubernetes Blog