Cloud Native Application Bundles (CNAB) are a package format specification that describes a technology for bundling, installing, and managing distributed applications, that are by design, cloud agnostic.
The CNAB Working Group with the joint approval of the Executive Directors has approved the CNAB Core 1.2.0 specification for publication. CNAB Core 1.2.0 is complete.
For more information on the approval process, see the process documentation. Further changes to CNAB Core will be considered for CNAB Core 1.3.
- main is the current working draft of all specs
- cnab-core-1.2.0 is the CNAB Core 1.2.0 final draft
- cnab-core-1.1.0 is the CNAB Core 1.1.0 final draft
- cnab-core-1.0.1 is the CNAB Core 1.0.1 final draft
- cnab-core-1.0 is the CNAB Core 1.0.0 final draft
- cnab-claims-1.0.0 is the CNAB Claims 1.0.0 final draft
- cnab-security-1.0.0 is the CNAB Security 1.0.0 final draft
- Chapter 1: Cloud Native Application Bundle Core 1.0.0 (CNAB1)
- Chapter 2: Cloud Native Application Bundle Registry 1.0.0 (CNAB-Reg)
- Chapter 3: Cloud Native Application Bundles Security (CNAB-Sec) 1.0.0 GA
- Chapter 4: Cloud Native Application Bundle Claims 1.0.0 (CNAB-Claims1)
- Chapter 5: Cloud Native Application Bundle Dependencies 1.0.0 (CNAB-Deps)
- Chapter 8: Non-normative Content
- Chapter 9: Appendix
The specification is licensed under OWF Contributor License Agreement 1.0 - Copyright and Patent in the LICENSE file.
- Community Meeting: Every other Wednesday at 09:00 AM US Pacific
#cnab Slack channel for related discussion in CNCF's Slack workspace.
We operate a mailing list via the Joint Development Foundation.
CNAB Spec schema defined in this repo (under /schema) will be hosted for all tagged versions. This way, implementations can require specific schema versions for validation and assert compatibility with the corresponding versions.
Note that some tagged versions don't directly map to official schema versions. For instance, a Git SHA may be appended if the spec is still in a Draft state, e.g. cnab-claim-1.0.0-DRAFT+abc1234. Again, this facilitates the ability for implementations to pin to a certain tag whilst a spec is under heavy development with many breaking changes.
The schema files are hosted via https://cnab.io/schema/<VERSION>/<SCHEMA>.schema.json, e.g. https://cnab.io/schema/cnab-core-1.0/bundle.schema.json
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in RFC 2119.
The key words "unspecified", "undefined", and "implementation-defined" are to be interpreted as described in the rationale for the C99 standard.
An implementation IS compliant if it satisfies all the MUST, REQUIRED, and SHALL requirements.
An implementation IS NOT compliant if it fails to satisfy one or more of the MUST, REQUIRED, or SHALL requirements.
- The CNAB Core specification is contained in the 1xx documents.
- The CNAB Registry specification is contained in the 2xx documents.
- The CNAB Security specification reserves 3xx level documents.
- The Claims specification reserves 4xx documents.
- The CNAB Dependencies specification uses 5xx documents.
- The 8xx-level documents are reserved for non-normative guidance.
- The 9xx-level documents are reserved for process documents.
The top-level description of each specification is found in the x00 sections (e.g. 100 is the top of the CNAB Core specification, while 200 is the top of the CNAB Registry specification). Specifications may be broken down into subsections, which are numbered incrementally according to their section. Thus, the CNAB Core specification has a 100 (top-level) with four subsections (101, 102, 103, and 104). The 8XX section is entirely composed of non-normative documents, and each 8XX document stands alone.