Rkt (or Rocket) is an open source container runtime developed and maintained by CoreOS. It’s focused on security and composability, meeting high requirements for production environments. Its installation and utilization is clearer and more simple than that of other similar containers.
Understanding rkt
Rkt is a good alternative because you can build an App Container Image (ACI)—the native rkt image format—from different sources. And registration isn’t necessary to distribute the image, which facilitates internal utilization and improves security. It is possible to access an ACI hosted on any server by direct URL.
Installing
It’s possible to install rkt directly on Linux and CoreOS. Or run via Vagrant to cover MacOS and Windows. In the steps below, Vagrant will be used for building the environment. Download and install Vagrant according to your operating system.
Get CoreOS rkt directly from GitHub:
$ git clone
Access the rkt folder:
$ cd rkt
Start and provision the Vagrant environment:
$ vagrant up
Connects to machine via SSH:
$ vagrant ssh
Adding App Container Images
CoreOS provides app container Images from your open source projects. One of these projects is etcd—Etcd is a distributed key value store that allows you to serve data between machines, and it’s easy to add to rkt.
To add an etcd ACI, run it by name:
$ sudo rkt run coreos.com/etcd:v2.0.0
Another way to obtain and add an ACI is Quay. Quay is a tool to store containers safely and privately.
To add an ACI from Quay, find the desirable ACI and copy the name to run:
$ sudo rkt run quay.io/coreos/etcd
You can also add an ACI from Docker:
$ sudo rkt --insecure-options=image run docker://quay.io/coreos/etcd:v2.0.0
Creating an App Container Image
To create an ACI, you’ll need a build tool for container images. One of these tools is acbuild. Acbuild works only on Linux, and you will need to install Go to use it.
Add the new repository to install Go:
$ sudo add-apt-repository ppa:ubuntu-lxc/lxd-stable
Update your operating system:
$ sudo apt-get update
Then, install Go:
$ sudo apt-get install golang -y
Now, clone acbuild from GitHub:
$ git clone https://github.com/containers/build acbuild
Access the project folder:
$ cd acbuild
And run the build:
$ ./build
Edit your ~/.bashrc and add these lines to the end of the file:
export ACBUILD_BIN_DIR=~/acbuild/bin export PATH=$PATH:$ACBUILD_BIN_DIR
Reload the bash:
$ source ~/.bashrc
To test the ACI, you’ll need bash scripts, Go, or C to start the image. In this test, we will use a C file just to confirm the ACI works.
Create a C file named aci.c:
#includeint main (int argc, char** argv) { printf("### ACI\n"); return 0; }
Compile the C file:
$ gcc -o aci -static aci.c
Start the acbuild:
$ acbuild begin
Define a name for the ACI:
$ acbuild set-name aci
Copy the executable of the C file to the ACI:
$ acbuild copy aci /app/aci
Set working directory:
$ acbuild set-working-directory /app
Set the executable to run in boot:
$ acbuild set-exec -- /app/aci
Define a name for the ACI file:
$ acbuild write --overwrite aci-0.0.1-linux-amd64.aci
Finish the creation of the ACI:
$ acbuild end
Finally, run the image with rkt:
$ sudo rkt --insecure-options=image run aci-0.0.1-linux-amd64.aci
The result is a displayed string defined in the C file:
[167009.154294] aci[5]: ### ACI
Now we can share the ACI file privately, or publicly with anyone.
Conclusion
Rkt is an easy and fast solution to containerize images, distribute them to development teams, and make them available to anyone who needs them. Rkt is not as well known as Docker, but works very similarly with safety in mind. As DevOps becomes mandatory, rkt is a tool I recommend people learn and use.
