README
¶
rkt - App Container runtime
rkt (pronounced "rock-it") is a CLI for running app containers on Linux. rkt is designed to be composable, secure, and fast.
Some of rkt's key features and goals include:
- First-class integration with init systems (systemd, upstart) and cluster orchestration tools (fleet, Kubernetes)
- Compatibility with other container software (e.g. rkt can run Docker images)
- Modular and extensible architecture (network configuration plugins, swappable execution engines based on systemd or QEMU/KVM)
For more on the background and motivation behind rkt, read the original launch announcement.
App Container
rkt is an implementation of the App Container spec. rkt's native image format (ACI) and runtime/execution environment (pods) are defined in the specification.
Project status
rkt is at an early stage and under active development. We do not recommend its use in production, but we encourage you to try out rkt and provide feedback via issues and pull requests.
Check out the roadmap for more details on the future of rkt.
Trying out rkt
Using rkt on Linux
rkt consists of a single self-contained CLI, and is currently supported on amd64 Linux. A modern kernel is required but there should be no other system dependencies. We recommend booting up a fresh virtual machine to test out rkt.
To download the rkt binary, simply grab the latest release directly from GitHub:
wget https://github.com/coreos/rkt/releases/download/v0.7.0/rkt-v0.7.0.tar.gz
tar xzvf rkt-v0.7.0.tar.gz
cd rkt-v0.7.0
./rkt help
Trying out rkt using Vagrant
For Mac (and other Vagrant) users we have set up a Vagrantfile: clone this repository and make sure you have Vagrant 1.5.x or greater installed. vagrant up starts up a Linux box and installs via some scripts rkt and actool. With a subsequent vagrant ssh you are ready to go:
git clone https://github.com/coreos/rkt
cd rkt
vagrant up
vagrant ssh
Keep in mind while running through the examples that right now rkt needs to be run as root for most operations.
rkt basics
Building App Container Images (ACIs)
rkt's native image format is ACI, defined in the App Container spec.
To build ACIs, a simple way to get started is by using actool.
Another good resource is the appc build repository which has resources for building ACIs from a number of popular projects and languages.
There are also tools for converting Docker images to ACIs (although note that rkt can also run Docker images natively directly from Docker repositories by using this library internally).
The example below uses a pre-built ACI for etcd (you can see how this was built here).
Downloading an App Container Image (ACI)
rkt uses content addressable storage (CAS) for storing an ACI on disk. In this example, the image is downloaded and added to the CAS. Downloading an image before running it is not strictly necessary (if it is not present, rkt will automatically retrieve it), but useful to illustrate how rkt works.
Since rkt verifies signatures by default, you will need to first trust the CoreOS public key used to sign the image, using rkt trust:
$ sudo rkt trust --prefix=coreos.com/etcd
Prefix: "coreos.com/etcd"
Key: "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
GPG key fingerprint is: 8B86 DE38 890D DB72 9186 7B02 5210 BD88 8818 2190
CoreOS ACI Builder <release@coreos.com>
Are you sure you want to trust this key (yes/no)? yes
Trusting "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" for prefix "coreos.com/etcd".
Added key for prefix "coreos.com/etcd" at "/etc/rkt/trustedkeys/prefix.d/coreos.com/etcd/8b86de38890ddb7291867b025210bd8888182190"
A detailed, step-by-step guide for the signing procedure is here.
Now that we've trusted the CoreOS public key, we can fetch the ACI using rkt fetch:
$ sudo rkt fetch coreos.com/etcd:v2.0.4
rkt: searching for app image coreos.com/etcd:v2.0.4
rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
Downloading aci: [========================================== ] 3.47 MB/3.7 MB
Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.4-linux-amd64.aci.asc
rkt: signature verified:
CoreOS ACI Builder <release@coreos.com>
sha512-1eba37d9b344b33d272181e176da111e
For the curious, we can see the files written to disk in rkt's CAS:
$ find /var/lib/rkt/cas/blob/
/var/lib/rkt/cas/blob/
/var/lib/rkt/cas/blob/sha512
/var/lib/rkt/cas/blob/sha512/1e
/var/lib/rkt/cas/blob/sha512/1e/sha512-1eba37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62
Per the App Container Specification, the SHA-512 hash is of the tarball and can be reproduced with other tools:
$ wget https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
...
$ gzip -dc etcd-v2.0.4-linux-amd64.aci > etcd-v2.0.4-linux-amd64.tar
$ sha512sum etcd-v2.0.4-linux-amd64.tar
1eba37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62cce3daaee03ebd92dfbb596fe7879938374c671ae768cd927bab7b16c5e432e8 etcd-v2.0.4-linux-amd64.tar
Launching an ACI
After it has been retrieved and stored locally, an ACI can be run by pointing rkt run at either the original image reference (in this case, "coreos.com/etcd:v2.0.4"), the full URL of the ACI, or the ACI hash. Hence, the following three examples are equivalent:
# Example of running via ACI name:version
$ sudo rkt run coreos.com/etcd:v2.0.4
...
Press ^] three times to kill container
# Example of running via ACI hash
$ sudo rkt run sha512-1eba37d9b344b33d272181e176da111e
...
Press ^] three times to kill container
# Example of running via ACI URL
$ sudo rkt run https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
...
Press ^] three times to kill container
In the latter case, rkt will do the appropriate ETag checking on the URL to make sure it has the most up to date version of the image.
Note that the escape character ^] is generated by Ctrl-] on a US keyboard. The required key combination will differ on other keyboard layouts. For example, the Swedish keyboard layout uses Ctrl-å on OS X and Ctrl-^ on Windows to generate the ^] escape character.
Contributing to rkt
rkt is an open source project under the Apache 2.0 license, and contributions are gladly welcomed! See the Hacking Guide for more information on how to build and work on rkt. See CONTRIBUTING for details on submitting patches and the contribution workflow.
Contact
- Mailing list: rkt-dev
- IRC: #rkt-dev on freenode.org
- Planning: milestones
Directories
¶
| Path | Synopsis |
|---|---|
|
Godeps
|
|
|
_workspace/src/code.google.com/p/go-uuid/uuid
The uuid package generates and inspects UUIDs.
|
The uuid package generates and inspects UUIDs. |
|
_workspace/src/github.com/appc/cni/pkg/skel
Package skel provides skeleton code for a CNI plugin.
|
Package skel provides skeleton code for a CNI plugin. |
|
_workspace/src/github.com/appc/docker2aci/lib
Package docker2aci implements a simple library for converting docker images to App Container Images (ACIs).
|
Package docker2aci implements a simple library for converting docker images to App Container Images (ACIs). |
|
_workspace/src/github.com/appc/spec/aci
Package aci contains various functions for working with App Container Images.
|
Package aci contains various functions for working with App Container Images. |
|
_workspace/src/github.com/appc/spec/actool
Package main contains a tool for building and validating images and manifests that meet the App Container specifications.
|
Package main contains a tool for building and validating images and manifests that meet the App Container specifications. |
|
_workspace/src/github.com/appc/spec/discovery
Package discovery contains an experimental implementation of the Image Discovery section of the appc specification.
|
Package discovery contains an experimental implementation of the Image Discovery section of the appc specification. |
|
_workspace/src/github.com/appc/spec/pkg/tarheader
Package tarheader contains a simple abstraction to accurately create tar.Headers on different operating systems.
|
Package tarheader contains a simple abstraction to accurately create tar.Headers on different operating systems. |
|
_workspace/src/github.com/appc/spec/schema
Package schema provides definitions for the JSON schema of the different manifests in the App Container Specification.
|
Package schema provides definitions for the JSON schema of the different manifests in the App Container Specification. |
|
_workspace/src/github.com/appc/spec/schema/types
Package types contains structs representing the various types in the app container specification.
|
Package types contains structs representing the various types in the app container specification. |
|
_workspace/src/github.com/coreos/go-systemd/dbus
Integration with the systemd D-Bus API.
|
Integration with the systemd D-Bus API. |
|
_workspace/src/github.com/coreos/go-systemd/util
Package util contains utility functions related to systemd that applications can use to check things like whether systemd is running.
|
Package util contains utility functions related to systemd that applications can use to check things like whether systemd is running. |
|
_workspace/src/github.com/cznic/b
Package b implements the B+tree flavor of a BTree.
|
Package b implements the B+tree flavor of a BTree. |
|
_workspace/src/github.com/cznic/bufs
Package bufs implements a simple buffer cache.
|
Package bufs implements a simple buffer cache. |
|
_workspace/src/github.com/cznic/exp/lldb
Package lldb (WIP) implements a low level database engine.
|
Package lldb (WIP) implements a low level database engine. |
|
_workspace/src/github.com/cznic/fileutil
Package fileutil collects some file utility functions.
|
Package fileutil collects some file utility functions. |
|
_workspace/src/github.com/cznic/fileutil/falloc
WIP: Package falloc provides allocation/deallocation of space within a file/store (WIP, unstable API).
|
WIP: Package falloc provides allocation/deallocation of space within a file/store (WIP, unstable API). |
|
_workspace/src/github.com/cznic/fileutil/hdb
WIP: Package hdb provides a "handle"/value DB like store, but actually it's closer to the model of a process's virtual memory and its alloc, free and move methods.
|
WIP: Package hdb provides a "handle"/value DB like store, but actually it's closer to the model of a process's virtual memory and its alloc, free and move methods. |
|
_workspace/src/github.com/cznic/fileutil/storage
WIP: Package storage defines and implements storage providers and store accessors.
|
WIP: Package storage defines and implements storage providers and store accessors. |
|
_workspace/src/github.com/cznic/mathutil
Package mathutil provides utilities supplementing the standard 'math' and 'math/rand' packages.
|
Package mathutil provides utilities supplementing the standard 'math' and 'math/rand' packages. |
|
_workspace/src/github.com/cznic/mathutil/mersenne
Package mersenne collects utilities related to Mersenne numbers[1] and/or some of their properties.
|
Package mersenne collects utilities related to Mersenne numbers[1] and/or some of their properties. |
|
_workspace/src/github.com/cznic/ql
Package ql is a pure Go embedded (S)QL database.
|
Package ql is a pure Go embedded (S)QL database. |
|
_workspace/src/github.com/cznic/ql/design
Package design describes some of the data structures used in QL.
|
Package design describes some of the data structures used in QL. |
|
_workspace/src/github.com/cznic/ql/driver
Package driver registers a QL sql/driver named "ql" and a memory driver named "ql-mem".
|
Package driver registers a QL sql/driver named "ql" and a memory driver named "ql-mem". |
|
_workspace/src/github.com/cznic/ql/ql
Command ql is a utility to explore a database, prototype a schema or test drive a query, etc.
|
Command ql is a utility to explore a database, prototype a schema or test drive a query, etc. |
|
_workspace/src/github.com/cznic/sortutil
Package sortutil provides utilities supplementing the standard 'sort' package.
|
Package sortutil provides utilities supplementing the standard 'sort' package. |
|
_workspace/src/github.com/cznic/strutil
Package strutil collects utils supplemental to the standard strings package.
|
Package strutil collects utils supplemental to the standard strings package. |
|
_workspace/src/github.com/cznic/zappy
Package zappy implements the zappy block-based compression format.
|
Package zappy implements the zappy block-based compression format. |
|
_workspace/src/github.com/godbus/dbus
Package dbus implements bindings to the D-Bus message bus system.
|
Package dbus implements bindings to the D-Bus message bus system. |
|
_workspace/src/github.com/godbus/dbus/introspect
Package introspect provides some utilities for dealing with the DBus introspection format.
|
Package introspect provides some utilities for dealing with the DBus introspection format. |
|
_workspace/src/github.com/godbus/dbus/prop
Package prop provides the Properties struct which can be used to implement org.freedesktop.DBus.Properties.
|
Package prop provides the Properties struct which can be used to implement org.freedesktop.DBus.Properties. |
|
_workspace/src/github.com/google/gofuzz
Package fuzz is a library for populating go objects with random values.
|
Package fuzz is a library for populating go objects with random values. |
|
_workspace/src/github.com/gorilla/context
Package context stores values shared during a request lifetime.
|
Package context stores values shared during a request lifetime. |
|
_workspace/src/github.com/gorilla/mux
Package gorilla/mux implements a request router and dispatcher.
|
Package gorilla/mux implements a request router and dispatcher. |
|
_workspace/src/github.com/kballard/go-shellquote
Shellquote provides utilities for joining/splitting strings using sh's word-splitting rules.
|
Shellquote provides utilities for joining/splitting strings using sh's word-splitting rules. |
|
_workspace/src/github.com/kr/pty
Package pty provides functions for working with Unix terminals.
|
Package pty provides functions for working with Unix terminals. |
|
_workspace/src/github.com/petar/GoLLRB/llrb
A Left-Leaning Red-Black (LLRB) implementation of 2-3 balanced binary search trees, based on the following work: http://www.cs.princeton.edu/~rs/talks/LLRB/08Penn.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/LLRB.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/Java/RedBlackBST.java 2-3 trees (and the run-time equivalent 2-3-4 trees) are the de facto standard BST algoritms found in implementations of Python, Java, and other libraries.
|
A Left-Leaning Red-Black (LLRB) implementation of 2-3 balanced binary search trees, based on the following work: http://www.cs.princeton.edu/~rs/talks/LLRB/08Penn.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/LLRB.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/Java/RedBlackBST.java 2-3 trees (and the run-time equivalent 2-3-4 trees) are the de facto standard BST algoritms found in implementations of Python, Java, and other libraries. |
|
_workspace/src/github.com/spf13/cobra
Package cobra is a commander providing a simple interface to create powerful modern CLI interfaces.
|
Package cobra is a commander providing a simple interface to create powerful modern CLI interfaces. |
|
_workspace/src/github.com/spf13/pflag
pflag is a drop-in replacement for Go's flag package, implementing POSIX/GNU-style --flags.
|
pflag is a drop-in replacement for Go's flag package, implementing POSIX/GNU-style --flags. |
|
_workspace/src/github.com/syndtr/gocapability/capability
Package capability provides utilities for manipulating POSIX capabilities.
|
Package capability provides utilities for manipulating POSIX capabilities. |
|
_workspace/src/github.com/vishvananda/netlink
Package netlink provides a simple library for netlink.
|
Package netlink provides a simple library for netlink. |
|
_workspace/src/github.com/vishvananda/netlink/nl
Package nl has low level primitives for making Netlink calls.
|
Package nl has low level primitives for making Netlink calls. |
|
_workspace/src/golang.org/x/crypto/cast5
Package cast5 implements CAST5, as defined in RFC 2144.
|
Package cast5 implements CAST5, as defined in RFC 2144. |
|
_workspace/src/golang.org/x/crypto/openpgp
Package openpgp implements high level operations on OpenPGP messages.
|
Package openpgp implements high level operations on OpenPGP messages. |
|
_workspace/src/golang.org/x/crypto/openpgp/armor
Package armor implements OpenPGP ASCII Armor, see RFC 4880.
|
Package armor implements OpenPGP ASCII Armor, see RFC 4880. |
|
_workspace/src/golang.org/x/crypto/openpgp/clearsign
Package clearsign generates and processes OpenPGP, clear-signed data.
|
Package clearsign generates and processes OpenPGP, clear-signed data. |
|
_workspace/src/golang.org/x/crypto/openpgp/elgamal
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
|
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v. |
|
_workspace/src/golang.org/x/crypto/openpgp/errors
Package errors contains common error types for the OpenPGP packages.
|
Package errors contains common error types for the OpenPGP packages. |
|
_workspace/src/golang.org/x/crypto/openpgp/packet
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
|
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880. |
|
_workspace/src/golang.org/x/crypto/openpgp/s2k
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
|
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1. |
|
_workspace/src/golang.org/x/net/html
Package html implements an HTML5-compliant tokenizer and parser.
|
Package html implements an HTML5-compliant tokenizer and parser. |
|
_workspace/src/golang.org/x/net/html/atom
Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id".
|
Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id". |
|
_workspace/src/golang.org/x/net/html/charset
Package charset provides common text encodings for HTML documents.
|
Package charset provides common text encodings for HTML documents. |
|
_workspace/src/speter.net/go/exp/math/dec/inf
Package inf (type inf.Dec) implements "infinite-precision" decimal arithmetic.
|
Package inf (type inf.Dec) implements "infinite-precision" decimal arithmetic. |
|
Package common defines values shared by different parts of rkt (e.g.
|
Package common defines values shared by different parts of rkt (e.g. |
|
pkg
|
|
|
aci
Package aci implements helper functions for working with ACIs
|
Package aci implements helper functions for working with ACIs |
|
keystore
Package keystore implements the ACI keystore.
|
Package keystore implements the ACI keystore. |
|
keystore/keystoretest
Package keystoretest provides utilities for ACI keystore testing.
|
Package keystoretest provides utilities for ACI keystore testing. |
|
lock
Package lock implements simple locking primitives on a regular file or directory using flock
|
Package lock implements simple locking primitives on a regular file or directory using flock |
|
tar
Package tar contains helper functions for working with tar files
|
Package tar contains helper functions for working with tar files |
|
Package rkt (main) implements the command line interface to rkt
|
Package rkt (main) implements the command line interface to rkt |
|
Package store implements a content-addressable-store on disk.
|
Package store implements a content-addressable-store on disk. |
Click to show internal directories.
Click to hide internal directories.