Document more about intention/motivation vs. CNAB

[cbrunnkvist]

Just discovering this tool, one of the first things I'm struck by is that it mentions several times that it was inspired by something called CNAB. But it doesn't seem to explain why, or why one would choose one over the other?

[glyn]

How was sheaf inspired by CNAB?

Both sheaf and CNAB provide a packaging format for a collection, or bundle, of docker/OCI images and the means to install and optionally relocate these images.

Why was sheaf created?

sheaf was designed for packaging Kubernetes applications, whereas CNAB is a general standard for packaging software for various platforms, including Kubernetes.

A CNAB bundle declares an invocation image which is executed to perform various operations on the bundle including installation. This approach of executing "application" code during installation, etc. has security risks, analogous to those of ActiveX. A sheaf bundle on the other hand is purely declarative and avoids needing to run "application" code during installation, etc.

When would you choose CNAB?

CNAB is a standard, so a CNAB bundle can be processed by any CNAB implementation. CNAB is not Kubernetes specific and can be used to package software for multiple platforms. CNAB also has a number of features over and above those of sheaf.

When would you choose sheaf?

sheaf is specific to Kubernetes and is designed to work well with Kubernetes. It avoids the security risks associated with an invocation image. sheaf is a small tool and could easily be extended and/or adapted for specific use cases.