It might seem like a lifetime ago, but it was only last December when Silicon Valley startup CoreOS dropped a bit of a bombshell with a full-frontal assault on Linux container kingpin Docker's hegemony. For those who didn't follow, CoreOS announced a breakaway container specification and, in a preemptive strike, timed it perfectly to correspond with Docker's European conference. CoreOS also came out with a serious statement critiquing its perceived Docker failings.
At the time, I voiced some major concerns about the strategy. Regardless of the justification or otherwise for CoreOS' perspective, I felt that, at this early stage in the broadening of container usage, it was damaging to have that degree of tension in the ecosystem. It took six months or so, but eventually someone listened to my cries for a detente and the two companies apparently kissed and made up.
Well, while it seemed at the time that they had, for in the past few days we have seen some announcements that perhaps open up a new flank or battle for the continued container war. Just last week CoreOS announced a new open source project, Clair. Clair is a tool that is designed to monitor the security of containers. CoreOS is also including Clair within Quay, its own container registry product. CoreOS hopes that its tool will "improve the security of the container layer, and help make CoreOS the most secure place to run containers."
Which is interesting, given that just this morning Docker, the eponymously-named company behind the open source container initiative, itself announced security enhancements designed to "safeguard and protect Dockerized distributed applications, while preserving developer agility." The new offering includes hardware signing of container images, content auditing through image scanning and vulnerability detection and expanded access control policies with user namespaces.
Let's look at this dispassionately for a moment. Security of containers has long been touted as the number one blocker to enterprise adoption of Docker. As such, it is fair to say that security is absolutely a core part of what Docker (the company) should be providing. Docker is doing what it must in order to remove all the impediments to organizations using its product. Prospective customers have a relevant question in that they don't know if they're running vulnerable containers. Given that Docker Hub is by far the most active repository of container images with over 1.1 billion pulls, it's Docker's responsibility to find a good solution to that. From that perspective, there is no tension here.
And yet... Docker (the open source project) is a community initiative with a myriad of members. Docker (the commercial entity) is only one of those. Some might say that this is another example of the company putting its own commercial interests before thoughts of what a vibrant and successful community project needs.
Maybe it's all a storm in a teacup but it seems more than a mere coincidence that here we are, only 12 months on from the last rumblings of discontent and it's the same two parties in each corner of the ring. A betting man would find it hard to place a wager against Docker -- it seems to have the momentum, the attention and the cash, but CoreOS has proven to be a wily player. It's time to get out the popcorn!