When rkt was announced just over a year ago, it was pretty clear that it had the potential to be a game-changer for the container world. Launched out of CoreOS, it offered a really focused, lightweight, yet security-oriented approach to running containers. With lots of early buzz, the rocket (or just “rkt” to its friends) had cleared the tower!
Like any rocket launch, however, there would be a series of critical phases before its payload could officially be deemed successfully in orbit. Would the community support it? Would CoreOS develop what they themselves called a “prototype” through to a production-ready tool? How would plug-in functionality, such as networking, work?
Today, all those questions have been addressed. CoreOS has announced the v1.0 release of rkt, marking its readiness for production – and we at Project Calico are really excited to be partnered with CoreOS around this announcement.
As to that last question, rkt implemented support for pluggable networking modules via an API known as the Container Network Interface (CNI). The CNI is rapidly becoming a widely adopted standard for container networking – in addition to rkt, it has been adopted by Google for its Kubernetes project, and we recently demonstrated (along with the guys from Weave) how it could be used to network Docker containers as well.
This is really cool (well, if you’re a cloud-native nerd, like me). Why? Well, a couple of reasons.
Firstly, we recently announced that Calico’s support for CNI has also hit that key “v1.0” milestone. This means that v1.0 support for rkt comes almost “for free” (though of course we have tested it just to be sure!). So today, with this latest announcement from CoreOS, developers and operators can now deploy applications using rkt and Calico in production environments. In fact, they can even get the Calico agent packaged as a rkt container.
Secondly, it means that in the future, as the Kubernetes project’s support for rkt, alongside Docker, matures, Kubernetes users will be able to pick whichever is the most appropriate container runtime, and the most appropriate networking solution, and it will all Just Work.
Another reason we’re excited about rkt is CoreOS’s focus on security. Here at Project Calico, we take security very seriously. While we’re known for “overlay-free” networking, many of our users adopt Calico specifically for the fine-grained security we can apply to containers. As a key part of the “trusted distributed computing” initiative announced by Alex Polvi at the recent Tectonic Summit in New York, rkt enables trusted verification of container contents, which really nicely complements Calico’s enforcement of network policy right at the container-runtime boundary.
We checked in earlier this week with Brandon Philips, CTO at CoreOS. Here’s what he had to say:
“Since the launch of rkt we have worked with the Calico team and appreciate their significant contributions in the cloud-native networking space. We are excited to have Project Calico as part of the rkt and Tectonic ecosystem”
Let’s chalk up another win for collaborative, community-driven, open source development.