CoreOS rkt and rkt fly Many ways to contain a container Josh Wood DocOps at CoreOS @joshixisjosh9
CoreOS is running the world’s containers We’re hiring: email@example.com OPEN SOURCE ENTERPRISE 90+ Projects on GitHub, 1,000+ Contributors Support plans, training and more coreos.com firstname.lastname@example.org
rkt A modern, secure container runtime Simple CLI tool - exorcism (no daemon) Implements AppC container spec
appc spec in a nutshell - Image Format (ACI) - what does an application consist of? - Image Discovery - how can an image be located? - Pods - how can applications be grouped and run? - Executor (runtime) - what does the execution environment look like?
rkt run ● Isolates containers with the linux container primitives, systemd-nspawn ● Container apps in a machine slice PID namespace ● Manage with standard init tools: systemd ● Network isolation
rkt run $ rkt run quay.io/josh_wood/caddy rkt: using image from local store for image name coreos.com/rkt/stage1-coreos:0.15.0 rkt: using image from local store for image name quay.io/josh_wood/caddy [ 1161.330635] caddy: Activating privacy features... done. [ 1161.333482] caddy: :2015 $
rkt fly ● Leverages the packaging, discovery, distribution, and validation features of rkt/appc ● Reduced isolation for privileged components ● chroot file system isolation only ● Has access to host-level mount, network, PID name spaces ● Method for shipping k8s kubelet in CoreOS
rkt run stage1=fly $ rkt run \ --stage1-image=/usr/share/rkt/stage1-fly.aci \ quay.io/josh_wood/caddy rkt: using image from local store for image name coreos.com/rkt/stage1-fly:0.15.0 rkt: using image from local store for image name quay.io/josh_wood/caddy [ 1161.333482] caddy: :2015 $
$ rkt run presentation # everyone claps # drink a beer $
@coreosfest coreos.com/fest May 9 & 10, 2016 | Berlin, Germany ● Early bird tickets ● Sponsorships are still available ● Submit a talk before February 29th!