Name: rkt
Owner: Clear Linux* Project for Intel Architecture
Description: rkt is an App Container runtime for Linux
Created: 2015-05-21 13:24:46.0
Updated: 2017-04-05 11:38:32.0
Pushed: 2015-06-09 09:49:22.0
Size: 6001
Language: Go
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
rkt (pronounced “rock-it”) is a CLI for running app containers on Linux. rkt is designed to be composable, secure, and fast.
Some of rkt's key features and goals include:
For more on the background and motivation behind rkt, read the original launch announcement.
rkt is an implementation of the App Container spec. rkt's native image format (ACI) and runtime/execution environment (pods) are defined in the specification.
rkt is at an early stage and under active development. We do not recommend its use in production, but we encourage you to try out rkt and provide feedback via issues and pull requests.
Check out the roadmap for more details on the future of rkt.
rkt consists of a single self-contained CLI, and is currently supported on amd64 Linux. A modern kernel is required but there should be no other system dependencies. We recommend booting up a fresh virtual machine to test out rkt.
To download the rkt binary, simply grab the latest release directly from GitHub:
https://github.com/coreos/rkt/releases/download/v0.5.5/rkt-v0.5.5.tar.gz
xzvf rkt-v0.5.5.tar.gz
kt-v0.5.5
t help
For Mac (and other Vagrant) users we have set up a Vagrantfile: clone this repository and make sure you have Vagrant installed. vagrant up starts up a Linux box and installs via some scripts rkt and actool. With a subsequent vagrant ssh you are ready to go:
clone https://github.com/coreos/rkt
kt
ant up
ant ssh
Keep in mind while running through the examples that right now rkt needs to be run as root for most operations.
rkt's native image format is ACI, defined in the App Container spec.
To build ACIs, a simple way to get started is by using actool.
Another good resource is the appc build repository which has resources for building ACIs from a number of popular projects and languages.
There are also tools for converting Docker images to ACIs (although note that rkt can also run Docker images natively directly from Docker repositories by using this library internally).
The example below uses a pre-built ACI for etcd (you can see how this was built here).
rkt uses content addressable storage (CAS) for storing an ACI on disk. In this example, the image is downloaded and added to the CAS. Downloading an image before running it is not strictly necessary (if it is not present, rkt will automatically retrieve it), but useful to illustrate how rkt works.
Since rkt verifies signatures by default, you will need to first trust the CoreOS public key used to sign the image, using rkt trust:
do rkt trust --prefix coreos.com/etcd
ix: "coreos.com/etcd"
"https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
key fingerprint is: 8B86 DE38 890D DB72 9186 7B02 5210 BD88 8818 2190
reOS ACI Builder <release@coreos.com>
you sure you want to trust this key (yes/no)? yes
ting "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" for prefix "coreos.com/etcd".
d key for prefix "coreos.com/etcd" at "/etc/rkt/trustedkeys/prefix.d/coreos.com/etcd/8b86de38890ddb7291867b025210bd8888182190"
A detailed, step-by-step guide for the signing procedure is here.
Now that we've trusted the CoreOS public key, we can fetch the ACI using rkt fetch:
do rkt fetch coreos.com/etcd:v2.0.4
searching for app image coreos.com/etcd:v2.0.4
fetching image from https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
loading aci: [========================================== ] 3.47 MB/3.7 MB
loading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.4-linux-amd64.aci.asc
signature verified:
reOS ACI Builder <release@coreos.com>
12-1eba37d9b344b33d272181e176da111e
For the curious, we can see the files written to disk in rkt's CAS:
nd /var/lib/rkt/cas/blob/
/lib/rkt/cas/blob/
/lib/rkt/cas/blob/sha512
/lib/rkt/cas/blob/sha512/1e
/lib/rkt/cas/blob/sha512/1e/sha512-1eba37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62
Per the App Container Specification, the SHA-512 hash is of the tarball and can be reproduced with other tools:
et https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
ip -dc etcd-v2.0.4-linux-amd64.aci > etcd-v2.0.4-linux-amd64.tar
a512sum etcd-v2.0.4-linux-amd64.tar
37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62cce3daaee03ebd92dfbb596fe7879938374c671ae768cd927bab7b16c5e432e8 etcd-v2.0.4-linux-amd64.tar
After it has been retrieved and stored locally, an ACI can be run by pointing rkt run at either the original image reference (in this case, “coreos.com/etcd:v2.0.4”), the full URL of the ACI, or the ACI hash. Hence, the following three examples are equivalent:
ample of running via ACI name:version
do rkt run coreos.com/etcd:v2.0.4
s ^] three times to kill container
ample of running via ACI hash
do rkt run sha512-1eba37d9b344b33d272181e176da111e
s ^] three times to kill container
ample of running via ACI URL
do rkt run https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
s ^] three times to kill container
In the latter case, rkt will do the appropriate ETag checking on the URL to make sure it has the most up to date version of the image.
Note that the escape character `^]is generated by ``Ctrl-]` on a US keyboard. The required key combination will differ on other keyboard layouts. For example, the Swedish keyboard layout usesCtrl-å`` on OS X and `Ctrl-^on Windows to generate the ``^]``` escape character.
rkt is an open source project under the Apache 2.0 license, and contributions are gladly welcomed! See the Hacking Guide for more information on how to build and work on rkt. See CONTRIBUTING for details on submitting patches and the contribution workflow.