rkt

Discovering New Ways to Containerize with CoreOS rkt

2254 VIEWS

·

Rkt (or Rocket) is an open source container runtime developed and maintained by CoreOS. It’s focused on security and composability, meeting high requirements for production environments. Its installation and utilization is clearer and more simple than that of other similar containers.

Understanding rkt

Rkt is a good alternative because you can build an App Container Image (ACI)—the native rkt image format—from different sources. And registration isn’t necessary to distribute the image, which facilitates internal utilization and improves security. It is possible to access an ACI hosted on any server by direct URL.

Installing

It’s possible to install rkt directly on Linux and CoreOS. Or run via Vagrant to cover MacOS and Windows. In the steps below, Vagrant will be used for building the environment. Download and install Vagrant according to your operating system.

Get CoreOS rkt directly from GitHub:

$ git clone

https://github.com/coreos/rkt

Access the rkt folder:

$ cd rkt

Start and provision the Vagrant environment:

$ vagrant up

Connects to machine via SSH:

$ vagrant ssh
Adding App Container Images

CoreOS provides app container Images from your open source projects. One of these projects is etcd—Etcd is a distributed key value store that allows you to serve data between machines, and it’s easy to add to rkt.

To add an etcd ACI, run it by name:

$ sudo rkt run coreos.com/etcd:v2.0.0

Another way to obtain and add an ACI is Quay. Quay is a tool to store containers safely and privately.

To add an ACI from Quay, find the desirable ACI and copy the name to run:

$ sudo rkt run quay.io/coreos/etcd

You can also add an ACI from Docker:

$ sudo rkt --insecure-options=image run docker://quay.io/coreos/etcd:v2.0.0

Creating an App Container Image

To create an ACI, you’ll need a build tool for container images. One of these tools is acbuild. Acbuild works only on Linux, and you will need to install Go to use it.

Add the new repository to install Go:

$ sudo add-apt-repository ppa:ubuntu-lxc/lxd-stable

Update your operating system:

$ sudo apt-get update

Then, install Go:

$ sudo apt-get install golang -y

Now, clone acbuild from GitHub:

$ git clone https://github.com/containers/build acbuild

Access the project folder:

$ cd acbuild

And run the build:

$ ./build

Edit your ~/.bashrc and add these lines to the end of the file:

export ACBUILD_BIN_DIR=~/acbuild/bin
export PATH=$PATH:$ACBUILD_BIN_DIR

Reload the bash:

$ source ~/.bashrc

To test the ACI, you’ll need bash scripts, Go, or C to start the image. In this test, we will use a C file just to confirm the ACI works.

Create a C file named aci.c:

#include 

int main (int argc, char** argv) {
  printf("### ACI\n");
  return 0;
} 

Compile the C file:

$ gcc -o aci -static aci.c

Start the acbuild:

$ acbuild begin 

Define a name for the ACI:

$ acbuild set-name aci

Copy the executable of the C file to the ACI:

$ acbuild copy aci /app/aci

Set working directory:

$ acbuild set-working-directory /app

Set the executable to run in boot:

$ acbuild set-exec -- /app/aci

Define a name for the ACI file:

$ acbuild write --overwrite aci-0.0.1-linux-amd64.aci

Finish the creation of the ACI:

$ acbuild end

Finally, run the image with rkt:

$ sudo rkt --insecure-options=image run aci-0.0.1-linux-amd64.aci

The result is a displayed string defined in the C file:

[167009.154294] aci[5]: ### ACI

Now we can share the ACI file privately, or publicly with anyone.

Conclusion

Rkt is an easy and fast solution to containerize images, distribute them to development teams, and make them available to anyone who needs them. Rkt is not as well known as Docker, but works very similarly with safety in mind. As DevOps becomes mandatory, rkt is a tool I recommend people learn and use.


Software Engineer with experience in analysis and development of systems. Free software enthusiast and apprentice of new tech.


Discussion

Click on a tab to select how you'd like to leave your comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Menu