Release early, release often: rkt is currently a prototype and we are seeking your feedback via issues and pull requests

rkt (pronounced "rock-it") is a CLI for running app containers, and an implementation of the App Container Spec. The goal of rkt is to be composable, secure, and fast.

Read more about rkt in the launch announcement.

The CLI for rkt is called rkt, and is currently supported on amd64 Linux. A modern kernel is required but there should be no other system dependencies. We recommend booting up a fresh virtual machine to test out rkt.

To install the rkt binary, grab the latest release directly from GitHub:

wget https://github.com/coreos/rkt/releases/download/v0.5.3/rkt-v0.5.3.tar.gz
tar xzvf rkt-v0.5.3.tar.gz
cd rkt-v0.5.3
./rkt help

For Mac (and other Vagrant) users we have set up a Vagrantfile : Clone this repo and make sure you have Vagrant installed. vagrant up starts up a Linux box and installs via some scripts rkt and actool. With a subsequent vagrant ssh you are ready to go.

Keep in mind while running through the examples that right now rkt needs to be run as root for most operations.

rkt uses content addressable storage (CAS) for storing an ACI on disk. In this example, the image is downloaded and added to the CAS.

Since rkt verifies signatures by default, you will need to first trust the CoreOS public key used to sign the image:

$ sudo rkt trust --prefix coreos.com/etcd
Prefix: "coreos.com/etcd"
Key: "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
GPG key fingerprint is: 8B86 DE38 890D DB72 9186  7B02 5210 BD88 8818 2190
  CoreOS ACI Builder <[email protected]>
Are you sure you want to trust this key (yes/no)? yes
Trusting "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" for prefix "coreos.com/etcd".
Added key for prefix "coreos.com/etcd" at "/etc/rkt/trustedkeys/prefix.d/coreos.com/etcd/8b86de38890ddb7291867b025210bd8888182190"

A detailed, step-by-step guide for the signing procedure is here.

Now that we've trusted the CoreOS public key, we can fetch the ACI:

$ sudo rkt fetch coreos.com/etcd:v2.0.4
rkt: searching for app image coreos.com/etcd:v2.0.4
rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
Downloading aci: [==========================================   ] 3.47 MB/3.7 MB
Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.4-linux-amd64.aci.asc
rkt: signature verified: 
  CoreOS ACI Builder <[email protected]>
sha512-1eba37d9b344b33d272181e176da111e

These files are now written to disk:

$ find /var/lib/rkt/cas/blob/
/var/lib/rkt/cas/blob/
/var/lib/rkt/cas/blob/sha512
/var/lib/rkt/cas/blob/sha512/1e
/var/lib/rkt/cas/blob/sha512/1e/sha512-1eba37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62

Per the App Container Specification, the SHA-512 hash is of the tarball and can be reproduced with other tools:

$ wget https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
...
$ gzip -dc etcd-v2.0.4-linux-amd64.aci > etcd-v2.0.4-linux-amd64.tar
$ sha512sum etcd-v2.0.4-linux-amd64.tar
1eba37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62cce3daaee03ebd92dfbb596fe7879938374c671ae768cd927bab7b16c5e432e8  etcd-v2.0.4-linux-amd64.tar

After it has been retrieved and stored locally, an ACI can be run by pointing rkt at either the ACI's hash or URL.

# Example of running via ACI hash
$ sudo rkt run sha512-1eba37d9b344b33d272181e176da111e
...
Press ^] three times to kill container

# Example of running via ACI URL
$ sudo rkt run https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci
...
Press ^] three times to kill container

In the latter case, rkt will do the appropriate ETag checking on the URL to make sure it has the most up to date version of the image.

Note that the escape character ^] is generated by Ctrl-] on a US keyboard. The required key combination will differ on other keyboard layouts. For example, the Swedish keyboard layout uses Ctrl-å on OS X and Ctrl-^ on Windows to generate the ^] escape character.

rkt is an open source project under the Apache 2.0 license, and contributions are gladly welcomed! See the Hacking Guide for more information on how to build and work on rkt. See CONTRIBUTING for details on submitting patches and the contribution workflow.

• Mailing list: rkt-dev
• IRC: #coreos on freenode.org
• Planning/Roadmap: milestones