rkt v0.9.0 发布，此版本值得关注的改进：
- The on-disk format for pod trees has changed slightly, meaning that
rkt run-preparedmay not work for pods created by previous versions of rkt. To work around this, we recommend removing the pods with an older version of rkt.
--private-netflag has been renamed to
--netand its semantic has changed (in particular, it is now enabled by default) – see below for details.
- Several changes to CLI output (e.g. column names) from the
rkt image listsubcommands.
- The image fetching behaviour has changed, with the introduction of new flags to
rkt fetchand the removal of
--local– see below for details.
新特性和 UX 改进
--net, and networking is now private by default
- New image fetching behaviour
- Unprivileged users
- /etc/hosts 支持
- rkt now supports setting supplementary group IDs on processes (#1514).
- rkt’s use of cgroups has been reworked to facilitate rkt running on a variety of operating systems like Void and older non-systemd distributions (#1437, #1320, #1076, #1042)
rkt runis used with an image that does not have an app section, rkt will now create one if the user provides an
- A new
rkt image gccommand adds initial support for garbage collecting images from the store (#1487). This removes treeStores not referenced by any non-GCed rkt pod.
rkt listnow provides more information including image version and hash (#1559)
rkt image listoutput now shows shortened hash identifiers by default, and human readable date formats. To use the previous output format, use the
rkt preparegained the
--execflag, which restores flag-parity with
- lkvm stage1 backend has experimental support for
- rkt now supports empty volume types (#1502)
- An early, experimental read-only API definition has been added (#1359, #1518).
- Fixed bug in
--stage1-imageoption which prevented it from using URLs (#1524)
- Fixed bug in
rkt trust‘s handling of
- Fixed bug when decompressing xz-compressed images (#1462, #1224)
- In earlier versions of rkt, hooks had an implicit timeout of 30 seconds, causing some pre-start jobs which took a long time to be killed. This implicit timeout has been removed. (#1547)
- When running with the lkvm stage1, rkt now sets
$HOMEif it is not already set, working around a bug in the lkvm tool (#1447, #1393)
- Fixed bug preventing
run-preparedfrom working if the metadata service was not available (#1436)
- Bumped appc spec to 0.7.1 (#1543)
- Bumped CNI and netlink dependencies (#1476)
- Bumped ioprogress to a version which prevents the download bar from being drawn when rkt is not drawing to a terminal (#1423, #1282)
- Significantly reworked rkt’s internal use of systemd to orchestrate apps, which should facilitate more granular control over pod lifecycles (#1407)
- Reworked rkt’s handling of images with non-deterministically dependencies (#1240, #1198).
- rkt functional tests now run appc’s ACE validator, which should ensure that rkt is always compliant with the specification. (#1473)
- A swathe of improvements to the build system
- Various internal improvements to the functional test suite to improve coverage and consolidate code
- The “ACI” field header in
rkt imageoutput has been changed to “IMAGE NAME”
rkt image rmnow exits with status 1 on any failure (#1486)
- Fixed permissions in the default stage1 image (#1503)
- Added documentation for
- rkt should now report more helpful errors when encountering manifests it does not understand (#1471)
Rocket （也叫 rkt）是 CoreOS 推出的一款容器引擎，和 Docker 类似，帮助开发者打包应用和依赖包到可移植容器中，简化搭环境等部署工作。Rocket 和 Docker 不同的地方在于，Rocket 没有 Docker 那些为企业用户提供的“友好功能”，比如云服务加速工具、集群系统等。反过来说，Rocket 想做的，是一个更纯粹的业界标准。
CoreOS 把它的容器称为 App Containers，里面包含 app container image、runtime、container-discovery 协议等。其中，App Container Image 和 Docker 里的 Image 比较类似，包含应用必需的元素组成，如源代码和二进制文件。Rocket runtime 则是依照 App Container 标准规格打造的，旨在将容器真正的变成一款命令行工具。