SingularityCE 3.11 Broadens HPC Workflows with OCI Compatibility and Advanced Security Features

By Staff

Feb 16, 2023 | News, SingularityCE Updates

Sylabs, the global leader in providing tools and services for performance-intensive container technology, today announced that it has released SingularityCE 3.11, taking a big step towards full OCI compatibility in the future 4.0 release. The newest update adds a variety of useful features, including improvements to container builds, broadened workflows for signing and verification of images, and monitoring and applying limits to services run in container instances. These additions to Singularity will provide users with greater flexibility, security, and control over their container-based applications and services.
“SingularityCE 3.11 further cements Singularity’s position as the preferred solution for organizations who want to package their performance-based applications and libraries into scalable containers,” said Adam Hughes, Chief Technology Officer at Sylabs. “Singularity is ideal for computing environments that prioritize reproducibility, mobility of compute, validated data integrity and trusted dev-ops workflows. With its unique security model, compatibility with existing runtimes and container ecosystems, and ease of use, Singularity is unmatched in the multi-tenant environment. It’s exciting to see the platform continue to evolve and meet the growing needs of various industries as their workloads evolve to require performance computing.”

Features of the 3.11 release include:

  • OCI Compatibility Mode – With the new experimental ‘–oci’ mode, users can run containers from a native OCI on-disk layout, making it easier for HPC and enterprise users in key industries to adopt containers and work with existing Dockerfiles. Users can run containers using the familiar Singularity commands in a way that is compatible with the industry standard for containers (OCI). Developers can use Singularity containers with other systems and allow for more flexible use. Additionally, the behavior of the new mode closely mirrors the existing runtime, making it more convenient to use.
  • Broadening and Securing Workflows – Singularity has added new security features to help verify and protect the integrity of container images. PEM keys and X.509 certificates can be used to sign and verify the images, providing a secure way to ensure that only authorized images are used. The addition of OCSP support also allows organizations to perform online checks to make sure that the images have not been revoked. These new features can easily integrate with the existing security infrastructure used by many organizations, providing an extra layer of protection for the containers.
  • Instance Resource Limits & Monitoring – SingularityCE 3.11 now has the ability to monitor and control the resources used by the containers. When a container is run, it will be started in a special environment called a cgroup, which allows monitoring of its resource usage, such as CPU and memory, using the new singularity instance stats command. This feature is particularly important for organizations that want to ensure that their containers do not consume too many resources and negatively impact other applications or systems.
  • Rootless Builds Without User Namespaces / ID Mapping – SingularityCE now allows users to build containers without being a root user or using a special user mapping system. This means that building containers can be done in a simplified and more straightforward way, without adding unnecessary complexity or potential compatibility issues. This new “proot” flow makes unprivileged builds possible for many different definition files, and does not require special configurations to be in place on the host system.
“Singularity provides a broad range of utility for HPC and enterprise users in key industries looking to enhance their container workflow and run their most demanding workloads,” said Hughes. “With its full OCI compatibility, advanced monitoring, and expanded workflows, Singularity simplifies the way users work with containers.”
The SingularityCE 3.11 Release is available immediately, with download and documentation information available at https://sylabs.io/singularity/.

Join Our Mailing List

Recent Posts

Related Posts