Today CoreOS and Docker made a combined proposal to add rkt and containerd as new projects for inclusion in the Cloud Native Computing Foundation (CNCF). During today's CNCF Technical Oversight Committee (TOC) meeting, Jonathan Boulle, a rkt project lead and co-founder, proposed rkt, and Michael Crosby, a containerd project lead and co-founder, proposed containerd.
Intel's Clear Containers technology allows admins to benefit from the ease of container-based deployment without giving up the security of virtualization. For more than a year, rkt's KVM stage1 has supported VM-based container isolation, but we can build more advanced security features atop it.
At Tectonic Summit on Monday, we discussed the core premise of CoreOS: securing the internet and applying operational knowledge into software. We shared how CoreOS makes infrastructure run well and update itself automatically, from Container Linux by CoreOS, to CoreOS Tectonic – what we refer to as self-driving infrastructure.
This video shows how to use rkt’s modular stage1 isolation mechanism to choose the process isolation model that makes the most sense for your application. By executing alternate stage1s, you can either expose more host resources to your application, or segment it away from your host further by running it inside of a rkt-managed virtual machine.
This week’s spotlight on CoreOS rkt explores how rkt’s cryptographic image signing and verification works. This video will walk through creating a GPG keypair, signing an image with it, and using rkt to verify the image’s signature.
Today at CoreOS Fest 2016 in Berlin, we recognize the hard work of the community that helped get us where we are, and dive into the latest news about some of our most beloved projects and products, including etcd, rkt, Clair, and more.
The latest edition of rkt, the modern, secure container engine required to assemble and secure today’s infrastructure at scale, introduces a number of updates to highlight. rkt version 1.3.0 improves handling of errors within app containers, tightens security for rkt’s modular stage1 images, and provides a more compatible handling of volumes when executing Docker container images rather than rkt’s native ACI image format.
In the past few months we’ve been working on rkt, an implementation of the App Container (appc) spec and a pod runtime designed for security and composability. In the specification and in rkt itself, common application "containers" are grouped into a pod that can contain one or more applications. A pod is the unit of execution in rkt, and we use "pod" in this sense throughout this post.