A new open source container runtime for Linux is on the way, courtesy of the CoreOS team. The company, which aims to help improve the security and reliability of the Internet by developing open source server infrastructure, says the new runtime promises to be more secure and more efficient than other Linux container runtimes.
Called rkt, the new project is now production-ready and available for deployment in enterprise container environments. CoreOS said that its developers have been working on the runtime with members of the cloud infrastructure community since 2014 to make containers more secure and more stable.
“CoreOS first ignited the shift to the lightweight, container-based OS that delivers automatic, painless updates so companies can benefit in the increased security of running the most up-to-date version of software,” the company said in a statement. “Now with rkt in a stable release, developers, devops and operations professionals will be able to trust everything to run in containers.”
More Stable, More Secure
Among the features CoreOS is touting for rkt is its security capabilities, such as KVM-based container isolation, SELinux support, Trusted Platform Module integration, signature validation and basic privilege separation.
The company is also highlighting its stable user interfaces and an on-disk format, allowing them to be developed against. Changes to the interfaces are also backwards compatible and will be subject to formal deprecation, the company said.
Enterprises will also be able to run any existing Docker images and standards-based App Container Images. That means developers will be able to build with Docker and then run with rkt. Furthermore, the company said that it will continue to support the ecosystem of App Container Image format tools.
CoreOS said rkt also runs on all modern Linux distributions, including Ubuntu, Fedora, and CoreOS itself. “[R]kt will soon be an integral part of Tectonic with Distributed Trusted Computing, a secure platform from the application layer down to the hardware that is delivered by CoreOS,” the company said.
A Robust Ecosystem
The rkt ecosystem already has a number of tools available to help run it in production. The company pointed to several examples, such as a monitoring tool developed by Sysdig to monitor rkt in production workloads. Quay Enterprise, meanwhile, securely hosts container runtime images such as Docker or rkt repositories. It also allows Docker images to be converted to rkt images on the fly. And Intel has pitched in by making it possible to launch rkt as a virtual machine, to provide additional security.
"Container-based environments such as rkt offer incredible portability for data center workloads,” said Das Kamhout, principal engineer and software defined infrastructure architect at Intel, in the CoreOS statement. “Our work with CoreOS has optimized rkt to take full advantage of Intel platform technologies to deliver improved workload isolation and hardware-based security capability, critical capabilities for broad market deployments.”