CoreOS 的容器引擎,Rocket 0.9.0 发布

jopen 9年前

Rocket (也叫 rkt)是 CoreOS 推出的一款容器引擎,和 Docker 类似,帮助开发者打包应用和依赖包到可移植容器中,简化搭环境等部署工作。Rocket 和 Docker 不同的地方在于,Rocket 没有 Docker 那些为企业用户提供的“友好功能”,比如云服务加速工具、集群系统等。反过来说,Rocket 想做的,是一个更纯粹的业界标准。

CoreOS 把它的容器称为 App Containers,里面包含 app container image、runtime、container-discovery 协议等。其中,App Container Image 和 Docker 里的 Image 比较类似,包含应用必需的元素组成,如源代码和二进制文件。Rocket runtime 则是依照 App Container 标准规格打造的,旨在将容器真正的变成一款命令行工具。

rkt v0.9.0 发布,此版本值得关注的改进:

  • The on-disk format for pod trees has changed slightly, meaning that rkt gc and rkt run-prepared may not work for pods created by previous versions of rkt. To work around this, we recommend removing the pods with an older version of rkt.

  • The --private-net flag has been renamed to --net and its semantic has changed (in particular, it is now enabled by default) - see below for details.

  • Several changes to CLI output (e.g. column names) from the rkt list and rkt image list subcommands.

  • The image fetching behaviour has changed, with the introduction of new flags to rkt run and rkt fetch and the removal of --local - see below for details.

新特性和 UX 改进

  • --private-net --> --net, and networking is now private by default

  • New image fetching behaviour

  • Unprivileged users

  • /etc/hosts 支持

其他新特性

  • rkt now supports setting supplementary group IDs on processes (#1514).

  • rkt's use of cgroups has been reworked to facilitate rkt running on a variety of operating systems like Void and older non-systemd distributions (#1437, #1320, #1076, #1042)

  • If rkt run is used with an image that does not have an app section, rkt will now create one if the user provides an --exec flag (#1427)

  • A new rkt image gc command adds initial support for garbage collecting images from the store (#1487). This removes treeStores not referenced by any non-GCed rkt pod.

  • rkt list now provides more information including image version and hash (#1559)

  • rkt image list output now shows shortened hash identifiers by default, and human readable date formats. To use the previous output format, use the --full flag. (#1455)

  • rkt prepare gained the --exec flag, which restores flag-parity with rkt run (#1410)

  • lkvm stage1 backend has experimental support for rkt enter (#1303)

  • rkt now supports empty volume types (#1502)

  • An early, experimental read-only API definition has been added (#1359, #1518).

Bug 修复

  • Fixed bug in --stage1-image option which prevented it from using URLs (#1524)

  • Fixed bug in rkt trust's handling of --root (#1494)

  • Fixed bug when decompressing xz-compressed images (#1462, #1224)

  • In earlier versions of rkt, hooks had an implicit timeout of 30 seconds, causing some pre-start jobs which took a long time to be killed. This implicit timeout has been removed. (#1547)

  • When running with the lkvm stage1, rkt now sets $HOME if it is not already set, working around a bug in the lkvm tool (#1447, #1393)

  • Fixed bug preventing run-prepared from working if the metadata service was not available (#1436)

其他改进

  • Bumped appc spec to 0.7.1 (#1543)

  • Bumped CNI and netlink dependencies (#1476)

  • Bumped ioprogress to a version which prevents the download bar from being drawn when rkt is not drawing to a terminal (#1423, #1282)

  • Significantly reworked rkt's internal use of systemd to orchestrate apps, which should facilitate more granular control over pod lifecycles (#1407)

  • Reworked rkt's handling of images with non-deterministically dependencies (#1240, #1198).

  • rkt functional tests now run appc's ACE validator, which should ensure that rkt is always compliant with the specification. (#1473)

  • A swathe of improvements to the build system

    • make clean should now work

    • Different rkt stage1 images are now built with different names (#1406)

    • rkt can now build on older Linux distributions (like CentOS 6) (#1529)

  • Various internal improvements to the functional test suite to improve coverage and consolidate code

  • The "ACI" field header in rkt image output has been changed to "IMAGE NAME"

  • rkt image rm now exits with status 1 on any failure (#1486)

  • Fixed permissions in the default stage1 image (#1503)

  • Added documentation for prepare and run-prepared subcommands (#1526)

  • rkt should now report more helpful errors when encountering manifests it does not understand (#1471)

    • </ul>

    下载: