Read more on "Server Virtualization Spotlight" »

CoreOS and the App Container Spec

By Sean Michael Kerner (Send Email)
Posted February 11, 2015

The open-source Docker application virtualization container project has become a defacto standard for applications containers over the course of the last year. But it's a defacto standard that isn't a real specification and is one that is being challenged by Linux distribution vendor CoreOS.

CoreOS is developing its own Docker replacement, CoreOS Rocketboth in terms of technology with Rocket and in terms of an actual specification for defining what an application container is all about. The App Container Specification (appc) is currently in development and has some important differences in contrast to Docker.

Brandon Philips, CoreOS CTO, explained to ServerWatch that the appc spec has three parts:

1) the App Container Image or "ACI"

2) the App Container execution environment, which specifies how to build something that can run an ACI

3) the Discovery process for how to take an image name like coreos.com/etcd:v2.0.0 and find that on the internet, download it and cryptographically verify it

Philips noted that with appc a process has access to a cryptographic identity.

"Today our servers have identity from a 'Trusted Platform Module' or TPM so we can know a given piece of hardware is actually who it says it is, and our Linux servers have identity through their SSH public key, but our processes do not have identity," Philips explained.

For more information on Virtualization Partner Offers

"With the appc spec we want to give every container an identity so that container A can take some message, sign it with its identity, and hand it to container B who can verify it actually comes from container A," Phillips continued.

Philips additionally explained that the naming of images implies a DNS namespace in appc. It's also his belief that containers will become an important piece of infrastructure for the internet and new protocols should start from a decentralized namespace like DNS.

"Today, the docker namespace starts at index.docker.io and is implied when you type something like 'docker push mycompany/secrets'," Philips said.

Another component of the appc spec is that an application can have multiple processes. Philips explained that often times an application will be made up of multiple processes working together.

"We are trying to tackle a number of other central issues with the appc spec," Philips said. "Over time, I really do hope that we can come together with Docker and share this spec, as these are important technical things that should be standardized outside of any single runtime."

Sean Michael Kerner is a senior editor at ServerWatch and InternetNews.com. Follow him on Twitter @TechJournalist.

Follow ServerWatch on Twitter and on Facebook

Page 1 of 1

Read more on "Server Virtualization Spotlight" »

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date