Advanced Computing in the Age of AI | Monday, June 24, 2024

CoreOS Adds New Rocket Container Features 

The latest release of Rocket application container software by hyperscale Linux operating system specialist CoreOS includes new user features and tweaks designed to improve application security and supply a more composable system design.

San Francisco-based CoreOS also highlighted an independent application container runtime called "Nose Cone" along with a handful of new tools for building application container images.

The version 0.3.1 release includes several new commands focusing on security features and a mechanism for tracking applications containers. According to a blog post by CoreOS developer Jonathan Boulle, an "rkt trust" command can be used to add keys to a public key store for application container image signatures. The feature supports retrieving public keys directly from a URL or a search to locate public keys.

Meanwhile, an "rkt list" tools provides a list of containers in a system. It leverages a previously used file-based locking approach, CoreOS noted.

The company also said the Nose Cone app runtime implements the app container spec and "makes no use of Rocket." This is encouraging, Boulle noted, since having multiple, alternative runtimes with different goals is an important part of building a robust specification."

The application container tools listed by Boulle include an image builder based on the existing infrastructure built around Docker application container images. The new tool and library "takes an existing Docker image and generates an equivalent [application container image]. This means the container can now be run in any implementation" of the application container specification, Broulle added.

The App Container defines the image format along with the image discovery mechanism and the execution environment using different implementations.

CoreOS also said it was adding "experimental support" for application container images in its hosted container registry.

"We are on a path to being able to create images with multiple, independent tools (from Docker conversion to native language tools), and have multiple ways to run them (with runtimes like Rocket and Nose Cone)," Boulle stressed.

CoreOS launched its alternative to Docker containers late last year and has since been steadily adding security and other developer features.

CoreOS was an early supporter of Docker when it launched in 2013. In December 2014, CoreOS CEO Alexi Polvi announced the formation of the Rocket project along with its App Container runtime and software image definition. Polvi argued that Rocket adheres more closely to the original Docker vision of a simple, reusable application container.

The addition of new Rocket application container features could help CoreOS differentiate Rocket from the much larger ecosystem growing up around Docker containers. CoreOS executives argue that the breadth of that ecosystem makes Docker more of a “platform” than a simple application delivery mechanism.

Boulle noted in his blog post that the goal is to "create a secure, composable and standards-based container runtime."