Very Early Review - Rocket(CoreOS)
-
Upload
chungsub-kim -
Category
Technology
-
view
2.060 -
download
0
Transcript of Very Early Review - Rocket(CoreOS)
![Page 1: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/1.jpg)
Very Early Review - Rocket (App Container runtime)
Dec 3, 2014
by @subicura (Chungsub Kim)
![Page 2: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/2.jpg)
![Page 3: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/3.jpg)
from 2013/06
Alex Polvi
Brandon Philips
Michael Marineau
![Page 4: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/4.jpg)
dockerCoreOS use docker docker contributor
A highly-available key value store standalone
widespread adoption and use outside CoreOS itself
etcd
A Distributed init System
fleetd
![Page 5: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/5.jpg)
OpenSource
CoreOS ❤️ OpenSource
many open source = about 100 github projects
![Page 6: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/6.jpg)
quay.ioSecure hosting for private Docker repositories
![Page 7: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/7.jpg)
client
+ …
![Page 8: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/8.jpg)
new container runtime
![Page 9: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/9.jpg)
composability
Unix philosophy independent and composable
clean integration points
building images running images
uploading downloading
overlay networking all compiled into one monolithic binary running primarily as root on your server
central daemon
docker container -> docker platform
App Container Runtime
rkt - fetch/run/…
actool - build/validation/…
![Page 10: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/10.jpg)
security
isolation crypto
image auditing application identity
docker process model - where everything runs through a central daemon - is “fundamentally flawed”. so rewrite!
unique identity
signing
central daemon
Metadata Server
![Page 11: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/11.jpg)
standard
standard specification proposing a standard
app-container tar/gzip/bzip2/xz/…
The standard container manifesto was removed in docker.
docker spec
App Container Image
![Page 12: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/12.jpg)
discovery
simple golang’s vanity URL convention
without running their own registry alternative protocol
such BitTorrent
simple docker hub
docker registry
App Container Discovery
simple & support alternative protocol
![Page 13: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/13.jpg)
DEMO
![Page 14: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/14.jpg)
$ curl -L https://github.com/coreos/rocket/releases/download/v0.1.0/rocket-v0.1.0.tar.gz -o rocket-v0.1.0.tar.gz$ tar xzvf rocket-v0.1.0.tar.gz$ cd rocket-v0.1.0$ mv rkt /usr/local/bin$ mv actool /usr/local/bin$ rkt help$ actool help
install rocketos ubuntu 14.04.1 id root library sudo apt-get install libseccomp-dev
![Page 15: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/15.jpg)
$ mkdir sample$ cd sample$ mkdir -p rootfs/bin$ cd rootfs/bin$ curl -L https://github.com/subicura/sample-go-server/releases/download/1.0.0/sample-go-server -o sample$ chmod +x sample$ cd ../..$ vi manifest.json$ actool validate manifest.json #manifest.json: valid AppManifest$ actool build --app-manifest manifest.json rootfs sample.aci$ actool validate sample.aci #sample.aci: valid app container image
create ACI
![Page 16: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/16.jpg)
{ "acVersion": "1.0.0", "acKind": "AppManifest", "name": "subicura.com/sample-1.0.0", "os": "linux", "arch": "amd64", "exec": [ "/bin/sample" ], "ports": [ { "name": "www", "protocol": "tcp", "port": 5000 } ], "annotations": { "authors": "Chungsub Kim <[email protected]>" }}
manifest.json
![Page 17: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/17.jpg)
$ mv sample.aci sample.tar # no type returned from DetectFileType issue$ gzip sample.tar -c > sample.aci # use gzip$ rkt run sample.aci
$ curl http://localhost:5000
fly rocket!
$ rkt run https://github.com/subicura/sample-go-server/releases/download/1.0.0/sample.aci
or
![Page 18: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/18.jpg)
$ docker pull coreos/etcd$ mkdir -p etcd/rootfs$ cd etcd$ docker run --name=etcd coreos/etcd$ docker export etcd | sudo tar -x -C rootfs -f -$ docker kill etcd$ docker rm etcd$ vi manifest.json$ actool build --app-manifest manifest.json rootfs etcd.aci$ mv etcd.aci etcd.tar # no type returned from DetectFileType issue$ gzip etcd.tar -c > etcd.aci # use gzip$ rkt run etcd.aci
$ curl http://localhost:4001/version
docker migration???
![Page 19: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/19.jpg)
{ "acVersion": "1.0.0", "acKind": "AppManifest", "name": "coreos.com/etcd", "os": "linux", "arch": "amd64", "exec": [ "/etcd -name node0" ], "ports": [ { "name": "etcdclient", "protocol": "tcp", "port": 4001 }, { "name": "etcdclieetcdraftnt", "protocol": "tcp", "port": 7001 } ], "annotations": { "authors": "Chungsub Kim <[email protected]>" }}
manifest.json
![Page 20: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/20.jpg)
CONTAINER WARS
![Page 21: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/21.jpg)
Github Star
![Page 22: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/22.jpg)
Docker’s response
![Page 23: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/23.jpg)
News
![Page 24: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/24.jpg)
use Docker
use ACI Spec?
Rocket & Docker
![Page 25: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/25.jpg)
Link
• https://github.com/coreos/rocket
• https://coreos.com/blog/rocket/
• http://www.youtube.com/watch?v=U3UmFQbUsN8
• http://blog.docker.com/2014/12/initial-thoughts-on-the-rocket-announcement/
• https://github.com/subicura/sample-go-server
![Page 26: Very Early Review - Rocket(CoreOS)](https://reader034.fdocuments.net/reader034/viewer/2022042614/559f74f01a28abdb718b4751/html5/thumbnails/26.jpg)
Rocket is rocket?
THANK YOU