Docker vs CoreOS Rkt

Unless you've been hiding under a rock in a datacenter from the last century, chances are you've heard of Docker, the leading software container solution on the market. And if so, you've likely heard of its chief competitor CoreOS as well. Let's see how the two stack up in this comparison.

The DevOps zeitgeist has played a big part in propelling these two vendors into the IT mainstream—for practitioners, containers offer unprecedented consistency and portability for testing and shipping modern software applications. Traditionally, you'd spin up a virtual machine to test and deploy applications; these days, containers offer a more lightweight, easy-to-manage option for delivering ready-to-run applications, irrespective of environment.

Get the Digital Resilience eBook

CoreOS Rocket (rkt) is the first credible challenger to Docker's dominance in the container space. Simply put, rkt is a more secure container technology, designed to alleviate many of the flaws inherent in Docker's container model. CoreOS' Alex Polvi cites his company's motivations for building a more secure container alternative to Docker:

“From a security and composability perspective, the Docker process model – where everything runs through a central daemon – is fundamentally flawed. To ‘fix’ Docker would essentially mean a rewrite of the project, while inheriting all the baggage of the existing implementation.”

It's worth noting that Docker has since remediated some of its more critical security flaws—for example, its 1.10 release eliminated the need of running containers as root, addressing a longstanding security gripe among its adopters. 

Docker

Originally aimed at extending the capabilities of Linux Containers (LXC), Docker was created as an open-source project in 2013; the company's solution is now the leading software containerization platform on the market. Using LXC, Docker acts as a portable container engine for packaging applications and dependencies into containers easily deployable on any Linux system. 

Docker Kitematic UIThe Docker Kitematic UI. Source: docker.com.

Because Docker's technology is based on LXC, containers do not run an independent version of the OS kernel. Instead, all containers on a given host run under the same kernel, with other resources isolated per container. This allows for a great degree of isolation (though not as isolated as a full VM) with a lower resource overhead. 

CoreOS

CoreOS released rkt in 2014 as a more secure, interoperable, and open alternative to Docker. As mentioned previously, prior versions of Docker run as root—as a result, vulnerabilities existing inside of containers could potentially give an attacker super-user privileges. Another CoreOS strength is open operability: rkt uses an open source container format called appc, while Docker uses its own proprietary image format

CoreOS Tectonic UI
The CoreOS Tectonic UI. Source: coreos.com.

These days, CoreOS' suite of offerings (e.g.,Container Linux, Tectonic) is focused on container infrastructure management space; rkt clearly competes with Docker, but the two company's offerings are likely to be recommended as complementary technologies. Again, Docker has made great strides in addressing many of its perceived shortcoming vis-à-vis CoreOS. In regards to open operability, Docker 1.11 saw the adoption of the Open Container Initiative (OCI), a standard supported by RedHat, Google, AWS, VMware—as well as CoreOS. 

Side-by-Side Scoring: Docker vs. CoreOS

1. Capability Set

When it comes to all things containers, Docker and CoreOS are the dominant players in this space—both vendors have achieved market dominance through building a comprehensive ecosystem of capable offerings to augment their core container technologies. CoreOS positions rkt as a more security-focused container solution; additionally, its Container Linux by CoreOS is an open-source lightweight operating system based on the Linux kernel. For advanced capabilities, Docker's Datacenter solution offers enterprise container orchestration, application management and enterprise-grade security.

 

Docker score_570.png
CoreOS score_570.png


2. Ease of Use

Though neither of these technologies was designed for novices, both vendors have gone a long ways towards making containers more accessible to a broader IT audience. For example, Docker offers Kitematic as a GUI-based solution for managing Docker containers, while CoreOS' Tectonic platform allows for visual management of CoreOS containers and clusters.

Docker score_570.png
CoreOS score_570.png


3. Community Support

Both Docker and CoreOS have developed a strong community following due to their prominent, widely-adopted open source offerings. CoreOS maintains an active hub of community resources; similarly, Docker's Community portal and Forums are popular self-service resources among Docker users. 

Docker score_5.png
CoreOS score_570.png

4. Release Rate

Both vendors' products have seen regular updates and releases, though Docker's container solution—currently on version 1.13—is a more senior offering than CoreOS rkt. In fact, the latter just made its 1.0 release in February 2016, while Docker 1.0 made its debut back in early 2013.

Docker score_570.png
CoreOS score_570.png

5. Pricing and Support

Both Docker and CoreOS rkt are free, open source offerings, with various paid-for enterprise offerings consisting primarily of value-added services and support. Docker's commercial products include Docker Datacenter (starting at $150 monthl/instance) for vendor-support containers behind the firewall and Docker Cloud (staring at $7 month/5 repos) for building/shipping private repos. CoreOS' paid-for options are entirely support-related—for example, its Tectonic/Kubernetes support offering starts at $3000 for 10 servers.

 

 

Docker score_5.png
CoreOS

score_5.png

6. API and Extensibility

CoreOS uses gRPC—a high performance, open-source universal RPC framework—to give its offerings a RESTful API. Not to be outdone, Docker offers a full set of REST APIs and SDKs that enable developers to control every aspect of the container stack from custom applications. And both CoreOS and Docker are open source projects, with source code fully available and housed on GitHub.

Docker score_570.png
CoreOS score_570.png

7. 3rd Party Integrations

The Docker Hub is the company's cloud-hosted service that offers over 100,000 free apps, public, and private registries, with official repositories from leading third party vendors—from Nginx and Ubuntu to MongoDB and Redis. CoreOS is more DIY/barebones in this regard, though all of its projects are available on GitHub.

Docker score_570.png
CoreOS score_3.png

8. Companies that Use It

Docker is used by many of today's leading enterprises: ADP, PayPal, Ebay, BBC News, Spotify, Lyft, Expedia, Groupon, GE Appliances, ING, and Uber. Similarly, CoreOS is used by prominent firms such as CA Technologies, Verizon, Viacom, Salesforce.com, DigitalOcean, to name a few.

Docker score_570.png
CoreOS score_570.png

9. Learning Curve

Generally speaking, getting up to speed with containers is not a task for the technically challenged; a basic Linux proficiency certainly helps in this regard. Both offerings have steep learning curves, especially since they're compromised of several layers of moving parts. Fortunately, both Docker and CoreOS provide excellent website resources for learning how to use their respective technologies.

Docker score_4.png
CoreOS score_4.png

10. CSTAR

Despite its excellent CSTAR score of 929, Docker's resilience posture is marred by disabled DNSSEC. CoreOS also gets an exemplary 836 CSTAR rating, despite gaps in its website perimeter security like missing secure cookies, lack of HTTP strict transport security and disabled DNSSEC.

Docker

Screen Shot 2017-01-29 at 8.56.13 PM.png

CoreOS

Screen Shot 2017-01-29 at 8.58.12 PM.png


Scoreboard and Summary

  Docker CoreOS
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

Screen Shot 2017-01-29 at 8.56.13 PM.png

Screen Shot 2017-01-29 at 8.58.12 PM.png

Total  4.8 out of 5  4.6 out of 5

In short, both container offerings have their unique benefits—but aside from rkt and its diminishing security benefits over Docker, the two vendors' offerings are for the most part complementary. For example, it's quite common for enterprises to deploy Docker containers on CoreOS with its fleet cluster manager. And since the newly proposed OCI specification uses the Docker 2.2 image format as a basis for common container image types, Docker and CoreOS will ostensibly be less concerned about dualing container standards and more focused on building a comprehensive, interoperable suite of tools for managing the entire container ecosystem.

Free eBooks on DevOps and Security

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

Topics: devops, docker, coreos, containers, IT operations