SingularityCE 3.11 broadens HPC workflows with OCI compatibility
Sylabs has announced the latest release of SingularityCE 3.1. The newest update adds a variety of features, including improvements to container builds, broadened workflows for signing and verification of images, and monitoring and applying limits to services run in container instances.
These additions to Singularity will provide users with greater flexibility, security, and control over their container-based applications and services. Sylabs provides professional tools and services for high-performance container runtime technology.
Adam Hughes, Chief Technology Officer at Sylabs: “SingularityCE 3.11 further cements Singularity's position as the preferred solution for organisations who want to package their performance-based applications and libraries into scalable containers. Singularity is ideal for computing environments that prioritise reproducibility, mobility of compute, validated data integrity and trusted dev-ops workflows. With its unique security model, compatibility with existing runtimes and container ecosystems, and ease of use, Singularity is unmatched in the multi-tenant environment. It's exciting to see the platform continue to evolve and meet the growing needs of various industries as their workloads evolve to require performance computing.”
Features of the 3.11 release include:
OCI Compatibility Mode - With the new experimental ‘--oci’ mode, users can run containers from a native OCI on-disk layout, making it easier for HPC and enterprise users in key industries to adopt containers and work with existing Dockerfiles. Users can run containers using the familiar Singularity commands in a way that is compatible with the industry standard for containers (OCI). Developers can use Singularity containers with other systems and allow for more flexible use. Additionally, the behaviour of the new mode closely mirrors the existing runtime, making it more convenient to use.
Broadening and Securing Workflows - Singularity has added new security features to help verify and protect the integrity of container images. PEM keys and X.509 certificates can be used to sign and verify the images, providing a secure way to ensure that only authorised images are used. The addition of OCSP support also allows organisations to perform online checks to make sure that the images have not been revoked. These new features can easily integrate with the existing security infrastructure used by many organisations, providing an extra layer of protection for the containers.
Instance Resource Limits & Monitoring - SingularityCE 3.11 now has the ability to monitor and control the resources used by the containers. When a container is run, it will be started in a special environment called a cgroup, which allows monitoring of its resource usage, such as CPU and memory, using the new singularity instance stats command. This feature is particularly important for organisations that want to ensure that their containers do not consume too many resources and negatively impact other applications or systems.
Rootless Builds Without User Namespaces / ID Mapping - SingularityCE now allows users to build containers without being a root user or using a special user mapping system. This means that building containers can be done in a simplified and more straightforward way, without adding unnecessary complexity or potential compatibility issues. This new "proot" flow makes unprivileged builds possible for many different definition files, and does not require special configurations to be in place on the host system.
"Singularity provides a broad range of utility for HPC and enterprise users in key industries looking to enhance their container workflow and run their most demanding workloads," said Hughes. "With its full OCI compatibility, advanced monitoring, and expanded workflows, Singularity simplifies the way users work with containers."
The SingularityCE 3.11 Release is immediately available, download and documentation information can be found on the Sylabs website.