CoreOS's Rocket 1.0 will run containers, regardless of whether they are built to run on Docker's dominant platform or the industry standard AppContainer spec.
12 Ways To Connect Data Analytics To Business Outcomes
(Click image for larger view and slideshow.)
CoreOS has worked on its Rocket runtime system for 14 months, and today it pronounced its 1.0 version ready for prime time. It's one of the few examples of a container runtime that meets the AppContainer image specification, the only industry standard available, and also runs Docker, the closest thing containers have to a de facto standard.
It can do so because CoreOS has figured out how to accept a Docker formatted container and transform it into an AppContainer image.
"Rocket will convert the Docker image on the fly to the standard spec," said Alex Polvi, CEO of CoreOS, in an interview ahead of the Feb. 4 announcement. "Develop with Docker, run on CoreOS," he added at another point.
The AppContainer spec was agreed to by the Open Container Initiative, the cross-vendor effort to erase barriers to shared container tools and images.
So far, OCI has concerned itself with just the runtime side of the issue, said Polvi, both a competitor and occasional critic of Docker's influence in the market. Docker is by far the most popular system for building containers and providing a runtime environment.
Both the Docker formatted image and Docker runtime are popular enough to be called de facto standards among developers.
But containers are supposed to be mobile, and one of their assumed roles is to serve as vehicles for application code that has to move from one side of the data center to another, from development teams, through testing and staging, into operations. Even more important, containers are believed to be a leading vehicle for moving applications from on-premises into the cloud.
For that to be true, both the container image -- the files of an application assembled and connected in particular ways -- will need to be standard, as will the runtime environment in which they will function.
The founding of the Open Container Initiative last June was hailed as a burying-the-hatchet event among parties competing over how containers should run.
"We shouldn't still be arguing about the width of the railroad tracks anymore," said Docker CEO Ben Golub in an InformationWeek interview last June. "We should be building faster trains."
So far, however, something short of that has been achieved, Polvi claimed. In a Dec. 8 blog post entitled "Making Sense of Container Standards and Foundations" on the CoreOS site, he expressed some disappointment in the work done to date. "We believe there is more work to do for the container specification to be complete and achieve true interoperability."
Polvi wrote, "The OCI has solely focused on the runtime, which is more narrowly focused than we anticipated for the project. Our efforts to bring in container image and image distribution of appc have not been incorporated, but we still believe these are important parts of a container standard."
That leaves Rocket 1.0 as a runtime that is one of the few that can run both a containerized application that meets the spec and also a Dockerized container (which does not).
Right now that detail is probably more significant to CoreOS than it is to the average container user. In the long run, however, it may become significant if a large, multivendor set of tools grows up around the AppContainer spec, and DevOps teams start relying on easy handoffs to other parts of the data center team who are not necessarily standardized on only Docker.
Rocket, for example, makes a good container embedded system in other enterprise systems.
For now, Polvi has to be content plugging CoreOS's ambidextrous approach to supporting container image formats and its architectural approach to security. Don't forget its ability to wrap a Linux container in a thin, KVM virtual machine with what it calls Rocket's Stage 1.
Stage 1 will do little to slow the initiation or teardown of containers, even though a virtual machine is involved. But because of the VM, it supplies a harder layer of isolation around a container through the short list of 30 commands that can be passed through the VM's hypervisor.
In addition, Polvi emphasized the following Rocket 1.0 features:
It works with CoreOS's container host Linux system, CoreOS and other Linuxes too, including Ubuntu and Red Hat Fedora.
CoreOS's Quay Enterprise can be used with Rocket to register containers, scan them for vulnerabilities and notify the owner of any exposures found. It can also create an audit trail, logging each time the container is run and where it’s run.
It leverages the Container Networking Interface developed at CoreOS and used by the open source projects Kubernetes, Calico, and Weaveworks.
Does your company offer the most rewarding place to work in IT? Do you know of an organization that stands out from the pack when it comes to how IT workers are treated? Make your voice heard. Submit your entry now for InformationWeek's People's Choice Award. Full details and a submission form can be found here.
Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.