Taking a major step forward in its quest to drive a Linux container standard that’s not created and controlled by Docker or any other company, CoreOS spun off management of its App Container project into a stand-alone foundation. Google, VMware, Red Hat, and Apcera have announced support for the standard.
Becoming a more formalized open source project, the App Container (appc) community now has a governance policy and has added a trio of top software engineers that work on infrastructure at Google, Twitter, and Red Hat as “community maintainers.”
When CoreOS founder and CEO Alex Polvi announced the appc standard late last year and in the same blog post slammed Docker for having a “broken security model” and for building tools into its container platform instead of focusing on the simple basic element, Docker supporters did not take kindly to his statements. Given how popular Docker had become in a very short period of time, the anger was understandable.
However, support by VMware, Red Hat, and Google demonstrates that there’s growing momentum behind appc, and that the alternative Linux container effort was not some sort of a sneak attack launched by a startup desperate to establish its market identity, as some at the time explained the CoreOS announcement. Polvi has always maintained that his team’s intentions were simply to address engineering issues Docker had not addressed.
Mesosphere and EMC’s Pivotal have supported appc from the beginning. Google Ventures recently invested $12 million in CoreOS. At the same time, the San Francisco-based startup unveiled its core commercial product: Tectonic, a platform that combines Google’s open source Linux container management system Kubernetes and CoreOS, the Linux distribution optimized for large-scale compute clusters the startup is best known for.
Standard Separate from Company or Product
You can’t really do an apples-to-apples comparison between Docker and appc, since Docker doesn’t necessarily have a container standard, CoreOS Product Manager Kelsey Hightower said. Docker’s technology is open source, and the company has started creating some documentation around things like image format, but there’s no company-independent foundation.
appc is a spec that now has its own name space and a governance structure that makes it independent from CoreOS. “That group of people will push the standard forward,” Hightower said. “We won’t be controlling the standard.”
Docker is a technology others can build on top of, which is what CoreOS has done early on, and so has Google’s Kubernetes team. This is different from what Apcera, for example, is doing with appc, building its own execution environment for running apps in containers using the spec, Hightower explained.
“appc is detached from any product,” he said. “It’s just an idea.”
No Plans to Stop Docker Support
CoreOS and its technologies still support Docker, and there are no plans to discontinue that support any time in the near future. “I ask that question a lot internally,” Hightower said about the possibility that one day the company might discontinue support for Docker altogether. “That’s one thing that can’t be on our radar right now. We have to offer choice on our platform.”
The company does, however, make it possible to use Docker containers on Rocket, its container runtime, without running the Docker daemon, he said. Users being forced to run the daemon was one of the things Polvi said was wrong with Docker last year. According to him, because the entire Docker platform is a daemon that runs as root, it is fundamentally unsecure.
Joyent, a San Francisco-based cloud infrastructure service provider, does a similar thing on its platform, giving users the ability to pull Docker images to a hard drive using the Docker client through an API but then execute on a different engine, Hightower said.
Not a Zero-Sum Game
With formal support from Google, which commands universal respect from engineers, and from VMware and Red Hat, two behemoths in the enterprise data center software space, appc joins the big league.
There are different kinds of Linux containers with differing functions and differing philosophies by companies behind them. One way CoreOS’s philosophy differs from Docker’s is CoreOS thinks there should be a basic container standard that’s independent from a software stack, Hightower said.
CoreOS doesn’t subscribe to Docker’s famous “batteries-included-but-removable” approach, where the technology comes with all the bells and whistles by default, and it’s up to the user to customize if they need to, he explained. Docker by default points to the Docker Hub for container image hosting, for example. You can change that default to store images anywhere you need to, but it takes a small workaround.
Hightower doesn’t think it will be a two-standards-enter-one-standard-leaves kind of a situation though. “There will always be multiple standards for everything,” he said.
Besides appc and Docker, there’s LXC, an OS-level virtualization environment for Linux containers with its own format. There’s also Oracle’s Solaris, which does container images differently from all of the above.
“There will always be more than one way of specifying utility of the container,” Hightower said.