CoreOS Delivers rkt Container Runtime 1.0: Ready for Production

Software container infrastructure company delivers rkt container runtime 1.0 for security, efficiency and composability for production environments in the enterprise

Robust rkt ecosystem emerges to make running rkt in production simple  

San Francisco – February 4, 2016 – Continuing to execute on the mission towards a more secure Internet infrastructure, CoreOS today announced rkt, the secure and efficient open source container runtime for Linux, is production-ready. Reaching the version 1.0 milestone, rkt is open for companies to use in container environments with the most rigorous production requirements. In addition, a robust rkt ecosystem, including monitoring of rkt, networking with rkt, container registry support with CoreOS’ Quay, has emerged to make running rkt in production simple.

rkt is developed and maintained by CoreOS, the company that runs the world’s containers. First introduced in 2014, rkt developers have worked together with the cloud-native community to ready it for production environments. CoreOS first ignited the shift to the lightweight, container-based OS that delivers automatic, painless updates so companies can benefit in the increased security of running the most up-to-date version of software. Now with rkt in a stable release, developers, devops and operations professionals will be able to trust everything to run in containers. The result is that teams can better focus on innovating on their applications without the pain of interconnected dependencies.

“As container technologies become more and more widespread in the enterprise, technologists are looking for choice and compatibility in their environments,” said Fintan Ryan, industry analyst at RedMonk. “With the 1.0 release of rkt, CoreOS is providing a production ready solution, supported by an expanding ecosystem, to securely run containers with a level of granularity that matches their needs.”

“CoreOS added a key security element to application containers through its development and enhancement of the rkt container runtime,” said Jay Lyman, research manager with 451 Research. “Now with a production-ready rkt 1.0 and accompanying ecosystem support for registry, monitoring, networking and more with rkt, CoreOS is helping enterprises address critical container challenges such as security and stability.”

BlaBlaCar, a trusted ridesharing provider founded in 2006, has been an early proponent of the capabilities of rkt.

“Since rkt development began, we have been impressed by the stability and the flexibility of rkt even in very early versions,” said Simon Lallemand, system engineer at BlaBlaCar. “We are migrating all our services to rkt and CoreOS. As of today, 90 percent of our product already runs on this platform.”

Significant production-ready features of rkt include:

  • Stable interfaces and on-disk format: The rkt command-line UX and on-disk format are now stable and can be developed against. Any changes to these interfaces will be backwards compatible and subject to formal deprecation if changed.

  • Advanced security capabilities: With features such as KVM-based container isolation, SELinux support, Trusted Platform Module (TPM) integration, image signature validation, and basic privilege separation, rkt is the container engine of choice for the security-minded.

  • Run existing Docker images and standards-based App Container Images: While rkt is committed to standards, rkt remains compatible with the Docker specific image format. This means developers can build with Docker, run with rkt. Additionally, CoreOS will support the growing ecosystem of tools based around the App Container Image format.

  • A robust community: rkt’s ecosystem continues to grow into a strong community of developers and operators that are committed to providing a secure, composable, standards-based container engine. Today rkt runs on all modern Linux distributions, including Ubuntu, Fedora, and CoreOS, and is used by a growing number of products and users.

rkt will soon be an integral part of Tectonic with Distributed Trusted Computing, a secure platform from the application layer down to the hardware that is delivered by CoreOS.

Together with CoreOS partners, there is now a rkt ecosystem that helps companies run rkt in production with the necessary tools. Today, the following is available:

  • rkt monitoring: Sysdig has announced rkt monitoring to monitor rkt in production workloads.

  • rkt networking: rkt leverages the Container Networking Interface (CNI) standard for its networking subsystem. Developed at CoreOS, and emerging out of the original rkt networking plugins, CNI has now received widespread industry support, with integrations from Project Calico, Weaveworks and Kubernetes.

  • rkt container registry: Quay Enterprise securely hosts modern container runtime images, such as Docker or rkt repositories. With Quay, Docker images can also be transparently converted to rkt images on the fly.

  • rkt launched as a virtual machine: Intel has made it possible to launch rkt as a virtual machine to provide additional container security.

“Container based environments such as rkt offer incredible portability for data center workloads. Our work with CoreOS has optimized rkt to take full advantage of Intel platform technologies to deliver improved workload isolation and hardware based security capability, critical capabilities for broad market deployments. We look forward to working with CoreOS towards adoption of rkt based solutions in the marketplace,” said Das Kamhout, principal engineer and Software Defined Infrastructure architect, Intel Corporation.

“CoreOS believes that added security should never cost more, which is why we developed rkt in the open, free for all to use and take advantage of in their container environments,” said Alex Polvi, CEO of CoreOS. “With rkt now 1.0, the distributed chain of trust from the application layer all the way down to the hardware is at the fingertips of enterprises that are serious about running their applications in a secure and hyperscale environment.”

What the community is saying about rkt:

Apcera

“We applaud the 1.0 release of rkt because it is an important milestone for container runtime standards. rkt is the first 1.0 implementation of App Container (appc) spec that is production-ready,” said Ken Robertson, lead architect with Apcera. “Apcera continues to believe in the value of appc and container standards as seen by continued investment in our implementation, Kurma.”

Deis (Engine Yard)

“The rkt container runtime fills a big need in the market,” said Gabriel Monroy, CTO of Deis. “As we put containers into production on behalf of our customers, the more we value a container runtime that does one thing really well. The CoreOS team has proven they can deliver distributed systems building blocks that are stable and secure — and rkt is no exception.”

Giant Swarm

“We are big fans of rkt and excited to celebrate the rkt 1.0 launch,” said Timo Derstappen, founder and CTO of Giant Swarm. “CoreOS is leading the security conversation, not only with rkt, but with the CoreOS suite of products. As the industry builds out next generation infrastructure and moves towards microservices architecture, rkt is another step in the right direction.”

HashiCorp

“I’m happy to see that rkt is now 1.0,” said Mitchell Hashimoto, founder of HashiCorp. “We support rkt in Nomad alongside our other drivers, so companies can easily deploy rkt containers. Nomad makes it easy to deploy one to thousands of rkt containers.”

Huawei

“Congratulations to CoreOS for the official release of the container runtime, rkt v1.0. This is another milestone in the container technology world,” said Dr. Ying Xiong, chief architect of PaaS, Huawei. “Together with other technologies, rkt is part of our overall container technology stack, and this is important to our customers and partners.”

Kubernetes

“Supporting and integrating rkt embodies Kubernetes’ principles of openness and choice, and it is great to see it reach the 1.0 milestone,” said Dawn Chen, core contributor to Kubernetes. “We are excited to work with CoreOS and the rkt community to ensure a first-class integration in Kubernetes and give users a choice to use the image format that best meets their needs.”

Project Calico (Metaswitch Networks)

“We have believed in supporting the App Container spec and the corresponding CNI spec from the beginning to ensure the broadest possible set of options for container users to easily plug in their containers and have the networking they need for success,” said Andy Randall, evangelist and general manager of Project Calico at Metaswitch Networks. “Project Calico is proud to enable the development community to securely deploy container-based applications, thanks to the combination of rkt’s enhanced security measures and Calico’s fine-grained policy enforcement.”

Sysdig

“The rkt 1.0 milestone is a big achievement for the container community and is helping provide built-in security for application development and deployment,” said Loris Degioanni, CEO of Sysdig. “To help the rkt community bring their deployments into production, Sysdig now provides rkt monitoring, alerting, and troubleshooting in Sysdig Cloud and Sysdig open source.”

systemd

“I believe in the rkt model,” said Lennart Poettering, systemd lead developer. “Integrating container and service management, so that there’s a 1:1 mapping between containers and host services is an excellent idea. Resource management, introspection, life-cycle management of containers and services — all that tightly integrated with the OS; that’s how a container manager should be designed.”

Supporting Resources

About CoreOS, Inc.

CoreOS, Inc. is running the world’s containers securely on CoreOS, Tectonic and Quay. CoreOS is the creator of Tectonic, the universal Kubernetes solution, that combines Google’s Kubernetes and the CoreOS stack to deploy, manage and secure containers anywhere. CoreOS’ Quay technology allows companies to securely store Linux containers in private hosted repositories or behind customer’s firewalls. In addition, CoreOS is the creator and maintainer of open source projects CoreOS Linux, etcd, fleet, flannel and rkt. The strategies and architectures that influence CoreOS allow companies like Google, Facebook and Twitter to run their services at scale with high resilience. Learn more at https://coreos.com/ or follow CoreOS on Twitter @coreoslinux.

Miles Blatstein

Miles Blatstein is a Web Engineer with the parent company of cloudnativenow.com, MediaOps. As a Web Engineer, Miles is tasked with front and backend development/management of MediaOPS sites, social media marketing, SEO, and customer/client relations and services.

Miles Blatstein has 79 posts and counting. See all posts by Miles Blatstein