When you build code, you need to deliver it in a way it installs and runs with as little friction as possible. That’s easy in the traditional application world, where you can target an installer at the end of a build, delivering your code to repositories, stores, and system and service management platforms. But things are harder in the cloud, especially when you’re building distributed systems that rely on cloud-hosted orchestration platforms, running on Kubernetes, or deploying in a service mesh.

Tools like Terraform and Helm help with deployments that deliver to Kubernetes, Azure’s ARM templates handle building resource groups, and Dockerfiles are used to construct containers from libraries of images. What’s needed is a single tool that can bring all these elements together, describing an entire distributed application and then using that description to handle deployment to any cloud.

Introducing CNAB

Microsoft and Docker have been that handles both service description and deployment for container-based applications. The is a way of bundling the components needed to deliver an application, along with details of how the application should be installed.

One key aspect of CNAB is that it’s cloud-agnostic; there’s no requirement for it to work with a specific cloud platform. There’s also no requirement for it to target any specific orchestration layer. All that matters is that it uses containers, so your code can be delivered to on-premises systems running on IaaS or to cloud platforms. CNAB bundles can be thick, containing all the files needed to deploy and run your application, or they can be thin, with only a definition of the files and images that need to be deployed, along with locations for image repositories.

Both types of bundle have their place. If you’re treating CNAB like a traditional desktop installer for systems running on the edge of a network where connectivity may be an issue, you’re likely to want to use a thick bundle. If, however, you’re deploying onto Azure or Amazon Web Services, with high-bandwidth connections to your image repositories, a thin bundle will work well. Either way, bundles can be signed, ensuring that only trusted images are used to deploy an application.