CNAB: a cloud-agnostic format for packaging and running distributed applications announced by Microsoft.

CNAB relies on a handful of technologies you are already familiar with – JSON, Docker containers, and OpenPGP – and describes a format for packaging, installing, and managing distributed applications. By design, it is cloud agnostic. It works with everything from Azure to on-prem OpenStack, from Kubernetes to Swarm, and from Ansible to Terraform. It can execute on a workstation, a public cloud, an air-gapped network, or a constrained IoT environment. And it is flexible enough to accommodate an array of platform needs, from customer-facing marketplaces to internal build pipelines.

Broadly, CNAB brings several features that aren’t currently in the ecosystem:

  • Manage discrete resources as a single logical unit that comprises an app.
  • Use and define operational verbs for lifecycle management of an app (install, upgrade, uninstall).
  • Sign and digitally verify a bundle, even when the underlying technology doesn’t natively support it.
  • Attest (or attach a signature to any moment in the lifecycle of that bundle) and digitally verify that the bundle has achieved that state to control how the bundle can be used.
  • Enable the export of the bundle and all dependencies to reliably reproduce in another environment, including offline environments (IoT edge, air-gapped environments).
  • Store bundles in repositories for remote installation.