VMware, Red Hat, Canonical — there's no shortage of companies providing pared-down Linux operating systems for use in running containers.
But wait, there's more. CoreOS now has a commercial offering called Tectonic, which it says will make this whole containerization thing much simpler.
What is Tectonic? It's a stack of software that combines the CoreOS software portfolio, some proprietary software and Google's open-source Kubernetes platform, which orchestrates and manages clusters of containers. It's designed to provide an easily deployable container platform solution that packages up the best in container technology — in the opinion of CoreOS, at least.
"Our aim (with Tectonic) is to add value," Kelsey Hightower, CoreOS's chief advocate, explained to Virtually Speaking. As well as being easy and convenient to deploy, the proprietary software in the package makes the system easier to use as a whole, he claims.
For example, it includes a management console for workflows and dashboards, an integrated registry to build and share Linux containers, and tools to automate deployment. "Power users will always want to work from the command line, but the dashboard is intended as a viewpoint for everyone — they can quickly check that everything is green on the Tectonic dashboard," he says. "It will be an aggregation point for power users and also helpful for more novice users."
Tectonic will be available on subscription, and will include support for the CoreOS open-source and commercial components. At the moment, it's available for companies to try and "kick the tires," Hightower says. "Right now, we don't think it is production ready, mainly because Kubernetes itself is not production ready. Once it is, later in June, then we think that Tectonic will be production ready for up to about 100 servers and 1000 containers."
The Motive Behind Tectonic
Why is CoreOS putting Tectonic together? CoreOS CEO Alex Polvi has said in the past that he is concerned about how big Docker — the de-facto standard container system — has become and he has questioned its security. Hence the need for rkt and the App Container spec in the first place. Tectonic goes further, building an alternative to the wider Docker ecosystem.
"We wanted to be able to distribute (container) files in a way that is easy to see who assembled them," Hightower says. "I think users want signing, the way Apple signs apps in the AppStore. People have been asking for signing with Docker images and it has never happened.
"For us, that is a security problem because when you pull an image from a hub, you don't know who built it," Hightower continues. "No one knows why there is a delay with Docker. When you use rkt and you pull an App Container image you can decide if you trust the developer before running it. Rkt can also run Docker images, but they won't always be signed."
Hightower's Take on VMware's 'Better Together' Philosophy
While we have Hightower's attention, it's worth asking this question: what does he make of VMware's "better together" idea — that containers aren't an alternative to server virtualization, but rather they augment it?
His reply is rather interesting. Essentially, he makes the point that managing networking involves configuring hardware – like switches – which is hard. The easier alternative way of doing it is to virtualize your environment, and manage the networking of your machines through software. The same is true for all types of hardware.
"Most people have no desire to manage hardware, so they put it on to VMware and manage it in software," he says. "Containers change nothing. You can use containers, and if you don't want to manage the hardware, then you use virtualization as well."
There's also the potential security issue of running multiple containers on a single operating system, and he says that virtualization may help here too. "If you are worried about security, you can also build small VMs to run your containers."
Next Page: CoreOS Taking on Docker at Its Own Game
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.