Definition

CoreOS rkt

Contributor(s): Emily Mell

CoreOS rkt (pronounced rocket) is a containerization software engine for running application workloads in isolation from the underlying infrastructure. It is a major competitor to the Docker container engine.

CoreOS rkt is based on the Application Container Image (ACI) as defined by the App Container spec (appc). An ACI is a tarball consisting of a root file system, which contains all necessary files to execute an application, and an image manifest. Most of the default settings are editable upon runtime; the rkt run command enables users to write custom execution parameters to a given image. Docker images must use the docker2aci command to convert from Docker format images to ACI format; CoreOS rkt does this conversion automatically. As of mid-year 2017, the appc standard is no longer valid, and CoreOS is restructuring rkt images to follow Open Container Initiative format.

CoreOS rkt containers operate in most major Linux OS distributions as a binary file that integrates with Linux init systems and scripts, and operates according to the standard Unix process model, which is a parent-child relationship. Rkt containers comply to this model through a simple API that directly interacts with production environments, rather than a daemon that translates commands from input to output.  Every CoreOS rkt updated version release  also builds self-contained installable packages, which are available as part of a Kubernetes repository.

CoreOS rkt structure

CoreOS rkt uses pods for container configuration, which are collections of any number of applications that execute simultaneously. A pod, which is structured similarly to a Kubernetes Pod, can contain separate configurations for different scopes, from pod-level down to particular applications within the pod. Pods run without a central daemon in self-contained and isolated environments.

CoreOS rkt pods are immutable by default, but CoreOS rkt also offers an exploratory mutable environment. Immutable runtimes are unalterable upon creation, but the mutable runtime, operable only in the rkt app subcommand set, enables application addition, removal, initiation and cessation while the pod is active. Both runtimes are internally managed by systemd.

CoreOS rkt pods execute in a series of stages:

Stage0: An admin invokes an execution process by running the rkt binary file. This binary file fetches designated APIs; generates the pod's universally unique identifier, manifest and file system; sets up stages 1 and 2 directories; unpacks the stage 1 ACI; and unpacks all ACIs to copy each included app into the stage 2 directories.

Stage1: A trusted binary takes the stage 0-created filesystem and sets up container isolation and any desired networks. This binary reads the image and the manifests for the image and pod. The image manifest specifies default application execution; the pod manifest defines unit order and overrides. This binary also executes the pod's isolation environment, described as flavors, of which there are several.

Stage2: This is the actual container production environment launched in stage 1.

CoreOS rkt execution process
CoreOS rkt containers execute in a three-step process.

CoreOS rkt vs Docker

Docker Engine runs as an API daemon, whereas CoreOS rkt launces containers via client commands and lacks a centralized daemon. This makes rkt compatible with systemd, upstart and other init daemons.

CoreOS rkt and Docker operate similarly, such that rkt can operate both Docker images and ACIs.

Comparison of CoreOS rkt and Docker
CoreOS rkt and Docker containers function similarly, but have some fundamental differences.

In March 2017, CoreOS rkt donated the rkt container execution engine to the Cloud Native Computing Foundation (CNCF). Rkt uses the Container Network Interface (CNI), which is a CNCF project pertaining exclusively to container network connectivity and resource dispersal upon container deletion.

This was last updated in October 2017

Continue Reading About CoreOS rkt

Dig Deeper on Managing Virtual Containers

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you ensure security on container deployments?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchDataCenter

SearchAWS

SearchServerVirtualization

SearchCloudApplications

SearchCloudComputing

DevOpsAgenda

Close