Docker’s no longer the only game in the Linux container town. In December of 2014, CoreOs kicked off a new open-source container runtime project known as rkt. Today, that project reached version 1.0.
Rkt was designed for security and production readiness, said Alex Polvi, CEO of CoreOS. “We want to build a security-minded open-standards-based container runtime. We’ve done our best to follow decades of Unix philosophy out there. Rkt integrates really cleanly with systemd and Upstart. We allow you to do privilege restrictions, and you are not required to run rkt as root.”
(Related: Black Duck adds container-scanning abilities to Hub)
That’s a big change from the Docker world, where developers have long complained that many Docker tasks, such as downloading container images from Docker Hub, require the user to be logged in as root.
It’s also a shift away from Docker’s larger platform play. As a company obsessed with Unix, CoreOS has worked to make rkt act like a standard Linux or Unix tool. It does one thing and can be linked into other Unix tools in order to extend its functionality.
An example of this separation is the fact that rkt works with CoreOS’ etcd, an open-source key-value store designed to hold all the necessary security keys for a cluster’s containers. Instead of a single system tracking these keys, they’re simply stored in a database that can be accessed by all the systems involved.
“Another example of this is our TPM integration,” said Polvi. “TPM stands for the Trusted Platform Module. It provides a tamper-proof audit log of what ran on the machine by combining rkt with CoreOS Linux. You know exactly what’s running on that machine and have an immutable audit log.”
This 1.0 release is considered stable from an internal standpoint; the internal APIs should be unchanged as they have been for some time now.
“The goal of rkt is to stay security-focused and production ready, but also [decrease] weight,” said Polvi. “The goal is to not do what Docker has done; it’s to deliver on that promise of a standard shipping container. Shipping containers are the basis for the global economy, but that doesn’t mean we have to build the global economy from scratch.”