Two key platforms for operating containerised applications have reached new milestones: CoreOS has declared its rkt container runtime ready for production workloads, while Docker 1.10 has added a host of security, networking and orchestration improvements.
Docker has gained the most acceptance among corporate developers as the container platform of choice for deploying applications and services, but it faces competition from rivals including CoreOS which develops a stripped-down version of Linux for hosting containers.
Known as rkt ('rocket'), the platform has been under development since 2014, but has now reached version 1.0 and been declared ready for deployment in production environments. It is being pitched as an alternative to Docker, giving organisations more choice for container development.
CoreOS said that the rkt container runtime has enterprise-grade security through features such as KVM-based isolation between containers and SELinux support, while being compatible with standards-based container images, including existing Docker images.
"We've worked hard to make rkt fit readily and flexibly into real-world architectures, while enabling the best security practices, and the community's input and support has been instrumental. After 15 months of continuous development, rkt has incorporated more than 3,000 commits from more than 100 contributors," said CoreOS chief executive Alex Polvi.
Meanwhile, Docker is also pushing security as one of the areas of improvement in Docker 1.10. This includes new capabilities that address policy and access control via user namespaces, separating container and Docker daemon-level privileges so that only the Docker daemon containers have root access on the host.
Orchestration features for building and managing complex distributed applications have also been upgraded, and the Docker Swarm technology now includes native clustering support as well as integration with third-party tools.
Meanwhile, a new Docker Compose file format pulls together definitions for application services, network topologies and storage volumes, all into a single file. This feature allows developers to create complex, multi-container applications and run them anywhere from the desktop to the cloud, according to Docker.
Other enhancements include an embedded DNS server in the Docker daemon as the default DNS provider for service discovery, while containers can now have custom IP addresses.
Docker said that the improvements in Docker 1.1 give developers more flexibility and options, while enabling IT operations to use the same network topology used by the developer to manage networked containers in the production environment.
"With advances in our orchestration tooling, networking and security, Docker is enabling developers to build more complex applications that can be delivered at scale from the desktop to the cloud, regardless of the underlying infrastructure," said Docker founder and chief technology officer Solomon Hykes.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment