SlideShare a Scribd company logo

RKT

Yutaka Matsubara
Yutaka Matsubara

This document discusses the app container runtime rkt. It provides an overview of rkt, including what it is, its goals, and how it differs from Docker. Key points include: - Rkt implements the Application Container (appc) specification and allows running containerized applications. - Its goals are fast downloads/starts, verifiable/cacheable images, composability, and using common technologies like DNS for discovery. - It differs from Docker in being more composable without a central daemon, focusing more on security through image verification, and using an open standard for images instead of Docker's format. - The document demonstrates downloading images, verifying signatures, running containers in pods with options like

1 of 36
Download to read offline
rkt Yutaka Matsubara April 9, 2015 CoreOS Meetup Tokyo #1
who ? Yutaka Matsubara Abby CTO twitter @mopemope github @mopemope 1
rkt
what is rkt ? App Container Runtime 3
rkt rkt implements the two runtime components of the App Container specification ∙ Application Container Executor (ACE) ∙ Metadata Service 4
app container
what is app container ? App Container is a specification of an image format runtime, and discovery protocol for running applications in containers. 6
app container spec ∙ Building App Container ∙ Validating App Container ∙ Validating App Container Executors ∙ Discovery App Container Image Discovery 7
goal The core goals of the specification ∙ Designing for fast downloads and starts of App Containers ∙ Ensuring images are cryptographically verifiable and highly cacheable ∙ Designing for composability and independent implementations ∙ Using common technologies for cryptography, archiving, compression and transport ∙ Using the DNS namespace to name and discover images 8
keyword ∙ App Container Image ∙ App Container Image Discovery ∙ App Container Pod ∙ App Container Executor 9
manifest App Container Manifest is json format 10
image manifest { ”acKind”: ”ImageManifest”, ”acVersion”: ”0.5.1”, ”name”: ”xxxxx/xxxxxx”, ”app”: { ”exec”: [ ”/usr/bin/reduce-worker”, ”--quiet” ], ”user”: ”100”, ”group”: ”300”, ”workingDirectory”: ”/opt/work”, ”environment”: [ { ”name”: ”REDUCE_WORKER_DEBUG”, ”value”: ”true” } ], }, } 11
pod manifest { ”acVersion”: ”0.5.1”, ”acKind”: ”PodManifest”, ”apps”: [ { ”name”: ”main”, ”image”: { ”name”: ”example.com/xxxxxx”, }, ”app”: { ”exec”: [ ], }, }, { ”name”: ”backup”, ”image”: { ”name”: ”example.com/zzzzzzzz”, }, 12
diffrence docker
what is difference between rkt and docker? ∙ Composable ∙ Security ∙ Image disribution ∙ Open 14
composable ∙ central daemon ∙ pull image docker format ∙ push image docker format ∙ monolithic binary ∙ no daemon ∙ download common format ∙ upload common format ∙ independent and composable 15
security ∙ central daemon ∙ docker spec ∙ https certificate ∙ isolation ∙ crypto ∙ image auditing 16
image distribution ∙ docker spec ∙ docker hub ∙ docker registry ∙ standard and open spec ∙ simple ∙ without registry 17
open ∙ developed by a community ∙ docker spec ... ∙ developed by a community ∙ format and runtime specification 18
detail rkt
rkt ∙ Download ACI and Docker Image ∙ Verify Signatures ∙ Launching Container and Pod ∙ Enter Container ∙ Private Network ∙ Metadata Service 20
rkt Architecture 21
trust Get trusted key $ sudo rkt trust --prefix storage.coreos.com 22
fetch Download Container Image and Verify ∙ Localfile ∙ HTTP, HTTPS ∙ Docker Image 23
fetch $ sudo rkt --insecure-skip-verify fetch docker://httpd docker://mysql rkt: fetching image from docker://httpd sha512-73e53da5b22e08e3ebf5eeb47d8c3113 rkt: fetching image from docker://mysql sha512-8ea09fa7718553967e8b6fe50b72df68 24
prepare Holding an exclusive lock on the pod directory $ sudo rkt --insecure-skip-verify prepare docker://httpd rkt: fetching image from docker://httpd ea5cf47a-6b5b-4118-be9d-91d50e7258cb 25
prepare $ rkt list UUID ACI STATE NETWORKS ea5cf47a index.docker.io/httpd prepared 26
run Run Container run run container (prepare and run) run-prepared run prepared container ∙ set and override environment ∙ run interactively ∙ mount volume ∙ setup container network 27
run $ sudo rkt --insecure-skip-verify --debug run --private-net docker://httpd rkt: fetching image from file:///home/ma2/bin/stage1.aci rkt: fetching image from docker://httpd ... AH00557: httpd: apr_sockaddr_info_get() failed for rkt-50beacf8-d43d-4a79-8d40-a5938d71ddba AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ’ServerName’ directive globally to suppress this message AH00557: httpd: apr_sockaddr_info_get() failed for rkt-50beacf8-d43d-4a79-8d40-a5938d71ddba AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ’ServerName’ directive globally to suppress this message [Wed Apr 08 06:17:15.107888 2015] [mpm_event:notice] [pid 5:tid 139942464178048] AH00489: Apache/2.4.12 (Unix) configured -- resuming normal operations [Wed Apr 08 06:17:15.107956 2015] [core:notice] [pid 5:tid 139942464178048] AH00094: Command l D FOREGROUND’ 28
run $ rkt list UUID ACI STATE NETWORKS 50beacf8 index.docker.io/httpd running default:ip4=172.16.28.3 29
private network Support Private Network (only static) ∙ private (NAT) ∙ bridge ∙ macvlan 30
port forward Exposing container ports on the host ”ports”: [ { ”name”: ”http”, ”port”: 80, ”protocol”: ”tcp” } ] 31
port forward Exposing container ports on the host $ sudo rkt --insecure-skip-verify run --port=http:8888 --private-net docker://httpd 32
demo
DEMO 34
Questions? 35

Recommended

Docker 進階實務班
Docker 進階實務班Docker 進階實務班
Docker 進階實務班
Philip Zheng
 
Cloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep DiveCloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep DiveKazuto Kusama
 
Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)
Lalatendu Mohanty
 
Using docker to develop NAS applications
Using docker to develop NAS applicationsUsing docker to develop NAS applications
Using docker to develop NAS applications
Terry Chen
 
猿でもわかるコンテナ
猿でもわかるコンテナ猿でもわかるコンテナ
猿でもわかるコンテナ
Tsuyoshi Miyake
 
Windows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep diveWindows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep dive
Docker, Inc.
 
桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作
Philip Zheng
 
[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode
Akihiro Suda
 

Recommended

Docker 進階實務班
Docker 進階實務班Docker 進階實務班
Docker 進階實務班
Philip Zheng
 
Cloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep DiveCloud Foundry V2 | Intermediate Deep Dive
Cloud Foundry V2 | Intermediate Deep DiveKazuto Kusama
 
Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)
Lalatendu Mohanty
 
Using docker to develop NAS applications
Using docker to develop NAS applicationsUsing docker to develop NAS applications
Using docker to develop NAS applications
Terry Chen
 
猿でもわかるコンテナ
猿でもわかるコンテナ猿でもわかるコンテナ
猿でもわかるコンテナ
Tsuyoshi Miyake
 
Windows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep diveWindows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep dive
Docker, Inc.
 
桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作
Philip Zheng
 
[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode
Akihiro Suda
 
Docker & GitLab
Docker & GitLabDocker & GitLab
Docker & GitLab
Philip Zheng
 
Docker研習營
Docker研習營Docker研習營
Docker研習營
Philip Zheng
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
Docker, Inc.
 
What’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerWhat’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, Docker
Docker, Inc.
 
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, DockerSecuring Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Docker, Inc.
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloud
Ladislav Prskavec
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)
佑介 九岡
 
容器與資料科學應用
容器與資料科學應用容器與資料科學應用
容器與資料科學應用
Philip Zheng
 
Docker 1.11
Docker 1.11Docker 1.11
Docker 1.11
Maciej Lasyk
 
Microservices at scale with docker and kubernetes - AMS JUG 2017
Microservices at scale with docker and kubernetes - AMS JUG 2017Microservices at scale with docker and kubernetes - AMS JUG 2017
Microservices at scale with docker and kubernetes - AMS JUG 2017
Arjen Wassink
 
Docker on Google App Engine
Docker on Google App EngineDocker on Google App Engine
Docker on Google App EngineDocker, Inc.
 
Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016
Walid Shaari
 
Dockerin10mins
Dockerin10minsDockerin10mins
Dockerin10mins
Dawood M.S
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
William Stewart
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
Docker, Inc.
 
Using Containers for Continuous Integration and Continuous Delivery
Using Containers for Continuous Integration and Continuous DeliveryUsing Containers for Continuous Integration and Continuous Delivery
Using Containers for Continuous Integration and Continuous Delivery
Carlos Sanchez
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
HungWei Chiu
 
Automatically Renew Certificated In Your Kubernetes Cluster
Automatically Renew Certificated In Your Kubernetes ClusterAutomatically Renew Certificated In Your Kubernetes Cluster
Automatically Renew Certificated In Your Kubernetes Cluster
HungWei Chiu
 
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
Docker, Inc.
 
Spring on Kubernetes
Spring on KubernetesSpring on Kubernetes
Spring on Kubernetes
Jay Lee
 
Dockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best PracticesDockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best Practices
Kontena, Inc.
 

More Related Content

What's hot

Docker & GitLab
Docker & GitLabDocker & GitLab
Docker & GitLab
Philip Zheng
 
Docker研習營
Docker研習營Docker研習營
Docker研習營
Philip Zheng
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
Docker, Inc.
 
What’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerWhat’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, Docker
Docker, Inc.
 
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, DockerSecuring Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Docker, Inc.
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloud
Ladislav Prskavec
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)
佑介 九岡
 
容器與資料科學應用
容器與資料科學應用容器與資料科學應用
容器與資料科學應用
Philip Zheng
 
Docker 1.11
Docker 1.11Docker 1.11
Docker 1.11
Maciej Lasyk
 
Microservices at scale with docker and kubernetes - AMS JUG 2017
Microservices at scale with docker and kubernetes - AMS JUG 2017Microservices at scale with docker and kubernetes - AMS JUG 2017
Microservices at scale with docker and kubernetes - AMS JUG 2017
Arjen Wassink
 
Docker on Google App Engine
Docker on Google App EngineDocker on Google App Engine
Docker on Google App EngineDocker, Inc.
 
Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016
Walid Shaari
 
Dockerin10mins
Dockerin10minsDockerin10mins
Dockerin10mins
Dawood M.S
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
William Stewart
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
Docker, Inc.
 
Using Containers for Continuous Integration and Continuous Delivery
Using Containers for Continuous Integration and Continuous DeliveryUsing Containers for Continuous Integration and Continuous Delivery
Using Containers for Continuous Integration and Continuous Delivery
Carlos Sanchez
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
HungWei Chiu
 
Automatically Renew Certificated In Your Kubernetes Cluster
Automatically Renew Certificated In Your Kubernetes ClusterAutomatically Renew Certificated In Your Kubernetes Cluster
Automatically Renew Certificated In Your Kubernetes Cluster
HungWei Chiu
 
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
Docker, Inc.
 

What's hot (20)

Docker & GitLab
Docker & GitLabDocker & GitLab
Docker & GitLab
 
Docker研習營
Docker研習營Docker研習營
Docker研習營
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
 
What’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerWhat’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, Docker
 
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, DockerSecuring Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, Docker
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloud
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)
 
容器與資料科學應用
容器與資料科學應用容器與資料科學應用
容器與資料科學應用
 
Docker 1.11
Docker 1.11Docker 1.11
Docker 1.11
 
Microservices at scale with docker and kubernetes - AMS JUG 2017
Microservices at scale with docker and kubernetes - AMS JUG 2017Microservices at scale with docker and kubernetes - AMS JUG 2017
Microservices at scale with docker and kubernetes - AMS JUG 2017
 
Docker on Google App Engine
Docker on Google App EngineDocker on Google App Engine
Docker on Google App Engine
 
Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016
 
Dockerin10mins
Dockerin10minsDockerin10mins
Dockerin10mins
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
 
Using Containers for Continuous Integration and Continuous Delivery
Using Containers for Continuous Integration and Continuous DeliveryUsing Containers for Continuous Integration and Continuous Delivery
Using Containers for Continuous Integration and Continuous Delivery
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
 
Automatically Renew Certificated In Your Kubernetes Cluster
Automatically Renew Certificated In Your Kubernetes ClusterAutomatically Renew Certificated In Your Kubernetes Cluster
Automatically Renew Certificated In Your Kubernetes Cluster
 
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
On-Demand Image Resizing from Part of the monolith to Containerized Microserv...
 

Similar to RKT

Spring on Kubernetes
Spring on KubernetesSpring on Kubernetes
Spring on Kubernetes
Jay Lee
 
Dockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best PracticesDockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best Practices
Kontena, Inc.
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - Technical
Patrick Chanezon
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Marc Müller
 
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
UA DevOps Conference
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
Araf Karsh Hamid
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 
Successful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsSuccessful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped Environments
KubernetesCommunityD
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?
strikr .
 
containerD
containerDcontainerD
containerD
strikr .
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Docker engine - Indroduc
Docker engine - IndroducDocker engine - Indroduc
Docker engine - Indroduc
Al Gifari
 
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Radulescu Adina-Valentina
 
Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure
Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure
Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure
Patrick Chanezon
 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
Imesh Gunaratne
 
Docker and SDL Web/Tridion - SDL UK User Group April 2017
Docker and SDL Web/Tridion - SDL UK User Group April 2017Docker and SDL Web/Tridion - SDL UK User Group April 2017
Docker and SDL Web/Tridion - SDL UK User Group April 2017
rsleggett
 
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on AzureDocker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Patrick Chanezon
 
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Docker, Inc.
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Velocidex Enterprises
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
Sreenivas Makam
 

Similar to RKT (20)

Spring on Kubernetes
Spring on KubernetesSpring on Kubernetes
Spring on Kubernetes
 
Dockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best PracticesDockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best Practices
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - Technical
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
 
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
ОЛЕГ МАЦЬКІВ «Crash course on Operator Framework» Lviv DevOps Conference 2019
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
Successful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsSuccessful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped Environments
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?
 
containerD
containerDcontainerD
containerD
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
Docker engine - Indroduc
Docker engine - IndroducDocker engine - Indroduc
Docker engine - Indroduc
 
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019Docker Timisoara: Dockercon19 recap slides, 23 may 2019
Docker Timisoara: Dockercon19 recap slides, 23 may 2019
 
Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure
Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure
Docker New York Meetup May 2015 - The Docker Orchestration Ecosystem on Azure
 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
 
Docker and SDL Web/Tridion - SDL UK User Group April 2017
Docker and SDL Web/Tridion - SDL UK User Group April 2017Docker and SDL Web/Tridion - SDL UK User Group April 2017
Docker and SDL Web/Tridion - SDL UK User Group April 2017
 
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on AzureDocker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
Docker Seattle Meetup April 2015 - The Docker Orchestration Ecosystem on Azure
 
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 

Recently uploaded

2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Hivelance Technology
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
XfilesPro
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
MayankTawar1
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 

Recently uploaded (20)

2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 

RKT

  • 1. rkt Yutaka Matsubara April 9, 2015 CoreOS Meetup Tokyo #1
  • 2. who ? Yutaka Matsubara Abby CTO twitter @mopemope github @mopemope 1
  • 3. rkt
  • 4. what is rkt ? App Container Runtime 3
  • 5. rkt rkt implements the two runtime components of the App Container specification ∙ Application Container Executor (ACE) ∙ Metadata Service 4
  • 7. what is app container ? App Container is a specification of an image format runtime, and discovery protocol for running applications in containers. 6
  • 8. app container spec ∙ Building App Container ∙ Validating App Container ∙ Validating App Container Executors ∙ Discovery App Container Image Discovery 7
  • 9. goal The core goals of the specification ∙ Designing for fast downloads and starts of App Containers ∙ Ensuring images are cryptographically verifiable and highly cacheable ∙ Designing for composability and independent implementations ∙ Using common technologies for cryptography, archiving, compression and transport ∙ Using the DNS namespace to name and discover images 8
  • 10. keyword ∙ App Container Image ∙ App Container Image Discovery ∙ App Container Pod ∙ App Container Executor 9
  • 11. manifest App Container Manifest is json format 10
  • 12. image manifest { ”acKind”: ”ImageManifest”, ”acVersion”: ”0.5.1”, ”name”: ”xxxxx/xxxxxx”, ”app”: { ”exec”: [ ”/usr/bin/reduce-worker”, ”--quiet” ], ”user”: ”100”, ”group”: ”300”, ”workingDirectory”: ”/opt/work”, ”environment”: [ { ”name”: ”REDUCE_WORKER_DEBUG”, ”value”: ”true” } ], }, } 11
  • 13. pod manifest { ”acVersion”: ”0.5.1”, ”acKind”: ”PodManifest”, ”apps”: [ { ”name”: ”main”, ”image”: { ”name”: ”example.com/xxxxxx”, }, ”app”: { ”exec”: [ ], }, }, { ”name”: ”backup”, ”image”: { ”name”: ”example.com/zzzzzzzz”, }, 12
  • 15. what is difference between rkt and docker? ∙ Composable ∙ Security ∙ Image disribution ∙ Open 14
  • 16. composable ∙ central daemon ∙ pull image docker format ∙ push image docker format ∙ monolithic binary ∙ no daemon ∙ download common format ∙ upload common format ∙ independent and composable 15
  • 17. security ∙ central daemon ∙ docker spec ∙ https certificate ∙ isolation ∙ crypto ∙ image auditing 16
  • 18. image distribution ∙ docker spec ∙ docker hub ∙ docker registry ∙ standard and open spec ∙ simple ∙ without registry 17
  • 19. open ∙ developed by a community ∙ docker spec ... ∙ developed by a community ∙ format and runtime specification 18
  • 21. rkt ∙ Download ACI and Docker Image ∙ Verify Signatures ∙ Launching Container and Pod ∙ Enter Container ∙ Private Network ∙ Metadata Service 20
  • 23. trust Get trusted key $ sudo rkt trust --prefix storage.coreos.com 22
  • 24. fetch Download Container Image and Verify ∙ Localfile ∙ HTTP, HTTPS ∙ Docker Image 23
  • 25. fetch $ sudo rkt --insecure-skip-verify fetch docker://httpd docker://mysql rkt: fetching image from docker://httpd sha512-73e53da5b22e08e3ebf5eeb47d8c3113 rkt: fetching image from docker://mysql sha512-8ea09fa7718553967e8b6fe50b72df68 24
  • 26. prepare Holding an exclusive lock on the pod directory $ sudo rkt --insecure-skip-verify prepare docker://httpd rkt: fetching image from docker://httpd ea5cf47a-6b5b-4118-be9d-91d50e7258cb 25
  • 27. prepare $ rkt list UUID ACI STATE NETWORKS ea5cf47a index.docker.io/httpd prepared 26
  • 28. run Run Container run run container (prepare and run) run-prepared run prepared container ∙ set and override environment ∙ run interactively ∙ mount volume ∙ setup container network 27
  • 29. run $ sudo rkt --insecure-skip-verify --debug run --private-net docker://httpd rkt: fetching image from file:///home/ma2/bin/stage1.aci rkt: fetching image from docker://httpd ... AH00557: httpd: apr_sockaddr_info_get() failed for rkt-50beacf8-d43d-4a79-8d40-a5938d71ddba AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ’ServerName’ directive globally to suppress this message AH00557: httpd: apr_sockaddr_info_get() failed for rkt-50beacf8-d43d-4a79-8d40-a5938d71ddba AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ’ServerName’ directive globally to suppress this message [Wed Apr 08 06:17:15.107888 2015] [mpm_event:notice] [pid 5:tid 139942464178048] AH00489: Apache/2.4.12 (Unix) configured -- resuming normal operations [Wed Apr 08 06:17:15.107956 2015] [core:notice] [pid 5:tid 139942464178048] AH00094: Command l D FOREGROUND’ 28
  • 30. run $ rkt list UUID ACI STATE NETWORKS 50beacf8 index.docker.io/httpd running default:ip4=172.16.28.3 29
  • 31. private network Support Private Network (only static) ∙ private (NAT) ∙ bridge ∙ macvlan 30
  • 32. port forward Exposing container ports on the host ”ports”: [ { ”name”: ”http”, ”port”: 80, ”protocol”: ”tcp” } ] 31
  • 33. port forward Exposing container ports on the host $ sudo rkt --insecure-skip-verify run --port=http:8888 --private-net docker://httpd 32
  • 34. demo