Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CoreOS rkt fly

Josh Wood
January 27, 2016

CoreOS rkt fly

CoreOS rkt fly: Pluggable container isolation.
https://coreos.com/rkt/
https://github.com/coreos/rkt/

(CoreOS SF meetup, Geekdom SF)

Josh Wood

January 27, 2016
Tweet

More Decks by Josh Wood

Other Decks in Technology

Transcript

  1. CoreOS rkt and rkt fly Many ways to contain a

    container Josh Wood DocOps at CoreOS @joshixisjosh9
  2. CoreOS is running the world’s containers We’re hiring: [email protected] [email protected]

    90+ Projects on GitHub, 1,000+ Contributors coreos.com Support plans, training and more OPEN SOURCE ENTERPRISE
  3. rkt A modern, secure container runtime Simple CLI tool -

    exorcism (no daemon) Implements AppC container spec
  4. appc spec in a nutshell - Image Format (ACI) -

    what does an application consist of? - Image Discovery - how can an image be located? - Pods - how can applications be grouped and run? - Executor (runtime) - what does the execution environment look like?
  5. rkt run • Isolates containers with the linux container primitives,

    systemd-nspawn • Container apps in a machine slice PID namespace • Manage with standard init tools: systemd • Network isolation
  6. $ rkt run quay.io/josh_wood/caddy rkt: using image from local store

    for image name coreos.com/rkt/stage1-coreos:0.15.0 rkt: using image from local store for image name quay.io/josh_wood/caddy [ 1161.330635] caddy[4]: Activating privacy features... done. [ 1161.333482] caddy[4]: :2015 $ rkt run
  7. rkt fly • Leverages the packaging, discovery, distribution, and validation

    features of rkt/appc • Reduced isolation for privileged components • chroot file system isolation only • Has access to host-level mount, network, PID name spaces • Method for shipping k8s kubelet in CoreOS
  8. $ rkt run \ --stage1-image=/usr/share/rkt/stage1-fly.aci \ quay.io/josh_wood/caddy rkt: using image

    from local store for image name coreos.com/rkt/stage1-fly:0.15.0 rkt: using image from local store for image name quay.io/josh_wood/caddy [ 1161.333482] caddy[4]: :2015 $ rkt run stage1=fly
  9. May 9 & 10, 2016 | Berlin, Germany • Early

    bird tickets • Sponsorships are still available • Submit a talk before February 29th! coreos.com/fest @coreosfest