Very Early Review - Rocket (App Container runtime)

Dec 3, 2014

by @subicura (Chungsub Kim)

from 2013/06

Alex Polvi

Brandon Philips

Michael Marineau

dockerCoreOS use docker docker contributor

A highly-available key value store standalone

widespread adoption and use outside CoreOS itself

etcd

A Distributed init System

fleetd

OpenSource

CoreOS ❤️ OpenSource

many open source = about 100 github projects

quay.ioSecure hosting for private Docker repositories

client

+ …

new container runtime

composability

Unix philosophy independent and composable

clean integration points

building images running images

uploading downloading

overlay networking all compiled into one monolithic binary running primarily as root on your server

central daemon

docker container -> docker platform

App Container Runtime

rkt - fetch/run/…

actool - build/validation/…

security

isolation crypto

image auditing application identity

docker process model - where everything runs through a central daemon - is “fundamentally flawed”. so rewrite!

unique identity

signing

central daemon

Metadata Server

standard

standard specification proposing a standard

app-container tar/gzip/bzip2/xz/…

The standard container manifesto was removed in docker.

docker spec

App Container Image

discovery

simple golang’s vanity URL convention

without running their own registry alternative protocol

such BitTorrent

simple docker hub

docker registry

App Container Discovery

simple & support alternative protocol

DEMO

$ curl -L https://github.com/coreos/rocket/releases/download/v0.1.0/rocket-v0.1.0.tar.gz -o rocket-v0.1.0.tar.gz$ tar xzvf rocket-v0.1.0.tar.gz$ cd rocket-v0.1.0$ mv rkt /usr/local/bin$ mv actool /usr/local/bin$ rkt help$ actool help

install rocketos ubuntu 14.04.1 id root library sudo apt-get install libseccomp-dev

$ mkdir sample$ cd sample$ mkdir -p rootfs/bin$ cd rootfs/bin$ curl -L https://github.com/subicura/sample-go-server/releases/download/1.0.0/sample-go-server -o sample$ chmod +x sample$ cd ../..$ vi manifest.json$ actool validate manifest.json #manifest.json: valid AppManifest$ actool build --app-manifest manifest.json rootfs sample.aci$ actool validate sample.aci #sample.aci: valid app container image

create ACI

{ "acVersion": "1.0.0", "acKind": "AppManifest", "name": "subicura.com/sample-1.0.0", "os": "linux", "arch": "amd64", "exec": [ "/bin/sample" ], "ports": [ { "name": "www", "protocol": "tcp", "port": 5000 } ], "annotations": { "authors": "Chungsub Kim <subicura@subicura.com>" }}

manifest.json

$ mv sample.aci sample.tar # no type returned from DetectFileType issue$ gzip sample.tar -c > sample.aci # use gzip$ rkt run sample.aci

$ curl http://localhost:5000

fly rocket!

$ rkt run https://github.com/subicura/sample-go-server/releases/download/1.0.0/sample.aci

or

$ docker pull coreos/etcd$ mkdir -p etcd/rootfs$ cd etcd$ docker run --name=etcd coreos/etcd$ docker export etcd | sudo tar -x -C rootfs -f -$ docker kill etcd$ docker rm etcd$ vi manifest.json$ actool build --app-manifest manifest.json rootfs etcd.aci$ mv etcd.aci etcd.tar # no type returned from DetectFileType issue$ gzip etcd.tar -c > etcd.aci # use gzip$ rkt run etcd.aci

$ curl http://localhost:4001/version

docker migration???

{ "acVersion": "1.0.0", "acKind": "AppManifest", "name": "coreos.com/etcd", "os": "linux", "arch": "amd64", "exec": [ "/etcd -name node0" ], "ports": [ { "name": "etcdclient", "protocol": "tcp", "port": 4001 }, { "name": "etcdclieetcdraftnt", "protocol": "tcp", "port": 7001 } ], "annotations": { "authors": "Chungsub Kim <subicura@subicura.com>" }}

manifest.json

CONTAINER WARS

Github Star

Docker’s response

News

use Docker

use ACI Spec?

Rocket & Docker

Link

• https://github.com/coreos/rocket

• https://coreos.com/blog/rocket/

• http://www.youtube.com/watch?v=U3UmFQbUsN8

• http://blog.docker.com/2014/12/initial-thoughts-on-the-rocket-announcement/

• https://github.com/subicura/sample-go-server

Rocket is rocket?

THANK YOU