Rocket Containers: How CoreOS Plans To Challenge Docker - InformationWeek
IoT
IoT
Cloud // Infrastructure as a Service
News
2/20/2015
01:06 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Rocket Containers: How CoreOS Plans To Challenge Docker

As containers rise in importance for data center innovation, the Rocket project has attracted 50 contributors in its bid against today's de facto option, Docker.

10 Hot Cities For IT Pros In 2015
10 Hot Cities For IT Pros In 2015
(Click image for larger view and slideshow.)

Containers are a hot trend in data center innovation, so we should expect some tough competition among companies looking to cash in on that trend. That competition was on display this week as CoreOS co-founders used the Linux Collaboration Summit as a chance to tout their Rocket open source code project as an alternative to the fast-growing Docker container approach.

CoreOS has attracted 50 developers to the Rocket project since its launch Dec. 1. The project took some flak as proponents of the well-established Docker project criticized the way its organizers made the launch.

The contributions include people from IBM and Google, and developers associated with the Mesos, Cloud Foundry, and Kubernetes projects, said Alex Polvi, co-founder and CEO of CoreOS, in an interview.

CoreOS supplies a lightweight version of Linux for running containers on a host server. Containers let IT launch and run many applications on a single server box, generally doing so more quickly and simply than they can with virtual machines. Red Hat is working on its own container Linux distribution, Atomic Server, due to be announced shortly.

Polvi appeared on a panel about containers on Wednesday, the first day of the Linux Collaboration Summit in Santa Rosa, Calif. Thursday, CoreOS's CTO and co-founder, Brandon Philips, gave a talk, "Rocket and the App Container Specification," giving Rocket a higher profile at the event than Docker, which starred in no sessions.

Yet Docker is by far the leader today. Many Linux developers, kernel process representatives, and container users attending the conference acknowledged that Docker Inc. has established a near de facto standard for Linux containers in less than two years.

[Want to learn more about how a rivalry between Docker and Rocket might play out? See Rocket Vs. Docker Will Come Down To DevOps.]

Rocket's founders contend they can differentiate from Docker on factors such as being more secure, modular, and lightweight. Polvi said CoreOS, as sponsor of the project, is committed to producing a more secure container runtime than Docker and offering a way to build containers that are "composable," meaning they can serve as a component embedded in other systems.

Rocket Will Be Modular, But Not Easier to Use

When Rocket backers announced the project, they said the Docker container formatting system, while highly successful, had branched out to become more of a workflow- and deployment-process-driven project. Docker has many useful tools, but Rocket creators contend developers want something more modular and thus lighter weight.

"Rocket's internals are more modular," said Philips during his summit session. "Its execution will be divided into stages," he said, drawing on a rocket launch metaphor.

Core OS CTO Brandon Philips, at the summit

(Image: Charles Babcock)

Core OS CTO Brandon Philips, at the summit

(Image: Charles Babcock)

In our interview, Polvi said, "We're trying to follow the Unix philosophy. The goal is for a tool to do one job and do it well, so that it's reusable by other tools."

Polvi acknowledged Rocket will not be as easy to use as Docker, which has made building a container a smooth process for most developers through its graphical user interface. Rocket remains a command line tool and will stay that way, Polvi said.

In terms of security, "it’s programming 101 stuff," said Polvi. Rocket developers think the contents of a container should be verified as coming from the expected source and as remaining untampered with, before the package is considered ready to ship. That means "cryptographically verifying the content before adding it to the container." In other words, downloaded code accompanied by a private key should be checked against the registered holder of the key to verify the code came from the party that is assumed to be the source.

Containers share many resources at the heart of a server, including memory, CPU, and storage. The Docker container daemon, which controls background Docker processes without the knowledge of the user, runs with root or administrator status on a server. That means if malicious code is able to get into the container, it sits in a prime place to cause problems.

Polvi claims Philips and other CoreOS developers raised the issue early in the Docker project, but it did not get either accepted or rejected at the time. "We tried to bring it to their attention for a year and half," before launching their own project, Polvi said.

"It's all about prioritization. Ease of use is good for adoption," he said, and security is sometimes a barrier to ease of use.

Philips added his own footnote to the security discussion. With open source and other frequently downloaded code going into containers to help an application do what it needs to do, developers are frequently turning to GitHub and online libraries to retrieve their code.

"We're downloading things over the Internet. Turns out, you can't trust everyone on the Internet," Philips said.

Want to discuss data center innovation with peers? Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/20/2015 | 6:44:53 PM
Google willing to inspect Rocket for future use
Google decided to standardize on Docker containers and has geared Kubernetes to work with Docker containers. So what does Google's Craig McLuckie, Compute Engine product lead, say about CoreOS' Rocket? At the Linux Collaboration Summit, he said: "Everything we do is based on Docker. When the Rocket guys bring out Rocket 1.0, we'll take a look at that." The Rocket project, which started Dec. 1 with release .1, is on release .3 now and moving rapidly toward a 1.0 release. CoreOS Alex Polvi hazarded a guess: 1.0 will be ready late in the first half or early second half. Then he added, there'll be a 1.0 release "when it's ready."
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll