David Godlove: Singularity: simple, secure containers for HPC

Singularity is the most widely used container solution in high-performance computing (HPC). Instead of a layered filesystem, a Singularity container is stored in a single file. This simplifies the container management lifecycle and facilitates features such as image signing and verification to produce trusted containers. At runtime, Singularity blurs the lines between the container and the host system allowing users to read and write persistent data and leverage hardware like GPUs and Infiniband with ease. The Singularity security model is also unique among container solutions. Users build containers on resources they control or using a service like the Sylabs Remote Builder. Then they move their containers to a production environment where they may or may not have administrative access and the Linux kernel enforces privileges as it does with any other application. These features make Singularity a simple, secure container solution perfect for HPC workloads. Sylabs Inc maintains Singularity and fosters the open-source community. Sylabs also offers a professionally curated and supported version of Singularity called SingularityPRO with enhanced security and stability for production-grade centers.