Now that CoreOS has delivered a production-ready version of its rkt container, the one thing that is apparent is that there is now enough critical mass surrounding rkt to guarantee there will be a credible alternative to Docker containers for some time to come.
CoreOS CEO Alex Polvi says the rkt container provides a more secure alternative to Docker containers and is capable of supporting both the emerging App Container Image format standard and Docker images. Because rkt supports features such as KVM-based container isolation, TPM integration, image signature validation, and privilege separation, Polvi expects IT organizations that require higher levels of application security to embrace it.
According to Polvi, a production ready version of rkt means that developers can now count on the fact that the application programming interfaces (APIs) surrounding rkt containers will not change going forward.
While much progress has been made in terms of creating a standard run-time environment for Docker containers, Polvi says much work still needs to be done in terms of making container images truly portable. Specifically, Polvi says, multiple tools need to be able to share a well-specified standard for how container images are built and packaged. Without that level of portability, Polvi says an IT organization can still find itself locked into one container format or another.
In terms of overall container adoption, it’s still early in the enterprise. But it’s already clear that usage of containers as a mechanism to better isolate applications from the vagaries of IT infrastructure will be broad. The next major challenge is finding ways to better manage and secure those containers before they actually get deployed.