The containerization world heaved a sigh of relief earlier this year when Docker and CoreOS began to co-operate on the Open Container Initiative (then called the Open Container Project.)
That's because the OCI is creating a single standard for containers, which is very much in the public interest — after all, who wants to have to make a choice between two or more competing, incompatible container standards, with no guarantee you'll end up backing the right one?
Nevertheless, the OCI announcement came as something of a surprise. That's because CoreOS had previously made some fairly withering public criticism of Docker, its strategy, and its approach to security — or lack thereof.
And in one blog post last December, Alex Polvi, CoreOS's CEO, implied that Docker had lost its way and was becoming overly complex.
"We thought Docker would become a simple unit that we can all agree on. Unfortunately, a simple re-usable component is not how things are playing out," Polvi said.
"Docker now is building tools for launching cloud servers, systems for clustering, and a wide range of functions: building images, running images, uploading, downloading, and eventually even overlay networking, all compiled into one monolithic binary running primarily as root on your server," Polvi continued.
The launch of the OCI signaled a change of strategy for both companies. The OCI is to develop the basic technology for containerization, using Docker technology as a starting point but with input from CoreOS and others. Meanwhile Docker and CoreOS will both develop their own container platforms that are compatible with each other and that both use the OCI-generated container technology.
Docker and CoreOS Now BFFs?
So are the two companies now just friendly rivals and BFFs filled with mutual respect? That seems not entirely to be the case, as we shall shortly see…
Earlier this month CoreOS launched its Tectonic container environment, which promises to offer a consistent platform for securely deploying applications from development to the cloud and to data centers.
In the new spirit of co-operation, Tectonic doesn't tie users to any particular technology or force them to use CoreOS's own container image format with its rkt runtime, Polvi told Virtually Speaking.
"If customers want to build Docker images they can — Tectonic can be built to use Docker or rkt," he says.
But he also makes it quite clear which container runtime he thinks customers should be using. "In terms of rkt versus Docker, we continue to invest in rkt as the industry needs a secure runtime," he says.
The implication of this is that Docker is still not as secure as Polvi would like, despite him having outlined many of the problems he perceives in the container system over the last year, and despite the two companies co-operating on the OCI. And in fact he says this explicitly.
"We are aware of issues in Docker, and they have not been addressed in many ways," he says. "We haven't seen many changes out of Docker — but we hope that the issues will be fixed," he adds.
That begs the question of why CoreOS's Tectonic platform has been designed to work with Docker even though the company believes it to be insecure. Polvi's answer is pragmatic. "If customers are willing to take the risk, that's fine. They are the customer after all," he says.
With the November announcement of the general availability of Tectonic, CoreOS now describes itself as "the leader in container infrastructure." This is quite a grand claim, but Polvi believes it is justified.
"Tectonic is the first commercial product based on (Google's) Kubernetes. We may have made a strong statement, but this is a complete solution."
Google's open source Kubernetes and other open source container technologies are at the heart of Tectonic, but Polvi says CoreOS's proprietary apps that are built on top of it are what provide the real value to the platform.
"These are the apps that you need to really get going with containers," he says. "Imagine you bought a phone and it had no apps. It would be hard to get any value from it. That's what we add with our Tectonic apps."
The apps Polvi is talking about include:
- Tectonic Console, which provides a complete view of Tectonic container clusters.
- Tectonic Identity, which has been built with CoreOS's dex open source project and is designed to provide cluster-wide single sign-on based on the OpenID Connect standard, integrated into all Tectonic tools.
- CoreUpdate, which provides control over the update process of CoreOS machines
- Quay Enterprise, a secure container registry for companies that don't want to store their container images in the cloud.
Polvi expects Tectonic will appeal to enterprises that appreciate open source software but want a ready-to-run solution for container management. Smaller companies will just use the open source components such as Kubernetes and create their own solutions on the cheap, he believes.
As far as pricing goes, CoreOS does not disclose specifics, but Tectonic will be priced according to the aggregate memory in a Tectonic cluster.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.