CoreOS 容器引擎,Rocket 0.14.0 发布

mdfe 6年前

Rocket (也叫 rkt)是 CoreOS 推出的一款容器引擎,和 Docker 类似,帮助开发者打包应用和依赖包到可移植容器中,简化搭环境等部署工作。Rocket 和 Docker 不同的地方在于,Rocket 没有 Docker 那些为企业用户提供的“友好功能”,比如云服务加速工具、集群系统等。反过来说,Rocket 想做的,是一个更纯粹的业界标准。

CoreOS 把它的容器称为 App Containers,里面包含 app container image、runtime、container-discovery 协议等。其中,App Container Image 和 Docker 里的 Image 比较类似,包含应用必需的元素组成,如源代码和二进制文件。Rocket runtime 则是依照 App Container 标准规格打造的,旨在将容器真正的变成一款命令行工具。

Rocket 0.14.0 发布,此版本包括一些新特性,比如 kvm stage1 添加了资源隔离器;新 stage1 flavor fly。此外还有一些 bug 修复和文档改进,apc spec 版本更新至 v0.7.4。


新特性和 UX 改进:
  • The data directory that rkt uses can now be configured with a config file (#1806). See rkt's paths configuration documentation.

  • CPU and memory resource isolators can be specified on the command line to override the limits specified in the image manifest (#1851, #1874). See rkt's overriding isolators documentation.

  • CPU and memory resource isolators can now be used within the kvm stage1 (#1404)

  • The rkt image list command can now display the image size (#1865).

  • A new stage1 flavor has been added: fly; and it represents the first experimental implementation of the upcoming rkt fly feature. (#1833)


  • It is now possible to build rkt inside rkt (#1681). This should improve the reproducibility of builds. This release does not use it yet but it is planned for future releases.

  • Linux distribution packagers can override the version of stage1 during the build (#1821). This is needed for any Linux distributions that might carry distro-specific patches along the upstream release. See rkt's documentation about building stage1 flavors.

  • Smaller build improvements with dep generation (#1838), error messages on make clean (#1850), dependency checks in the kvm flavor (#1860)

Bug 修复

  • rkt is now able to override the application command with --exec when the application manifest didn't specify any command (#1843).

  • In some cases, user namespaces were not working in Linux distributions without systemd, such as Ubuntu 14.04 LTS. This is fixed by creating a unique cgroup for each pod when systemd is not used (#1844)

  • rkt's tar package didn't prefix the destination file correctly when using hard links in images. This was not a issue in rkt itself but was causing acbuild to misbehave (#1852).

  • ACIs with multiple dependencies can end up depending on the same base image through multiple paths. In some of those configuration with multiple dependencies, fetching the image via image discovery was not working. This is fixed and a new test ensures it will keep working (#1822).

  • The pod cgroups were misconfigured when systemd-devel is not installed. This was causing per-app CPU and memory isolators to be ineffective on those systems. This is now fixed but will require an additional fix for NixOS (#1873).

  • During the garbage collection of pods (rkt gc), all mounts will be umounted even when the pod is in an inconsistent state (#1828, #1856)


  • New documentation about configure flags (#1824). This also includes formatting and typos fixes and updates. The examples about rkt's configuration files are also clarified (#1847).

  • New documentation explaining how cgroups are used by rkt (#1870). This should make it easier for software developers to integrate rkt with monitoring software.

API 服务

  • The API service is meant to be used by orchestration tools like Kubernetes. The performance of the API service was improved by reducing the round-trips in the ListPods and ListImages requests (#1786). Those requests also gained multiple filters for more flexibility (#1853).