Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
rkt v0.9.0 is a significant milestone release with a number of internal and user-facing changes.
There are several notable breaking changes from the previous release:
- The on-disk format for pod trees has changed slightly, meaning that
rkt run-preparedmay not work for pods created by previous versions of rkt. To work around this, we recommend removing the pods with an older version of rkt.
--private-netflag has been renamed to
--netand its semantic has changed (in particular, it is now enabled by default) - see below for details.
- Several changes to CLI output (e.g. column names) from the
rkt image listsubcommands.
- The image fetching behaviour has changed, with the introduction of new flags to
rkt fetchand the removal of
--local- see below for details.
New features and UX changes
--net, and networking is now private by default
--private-net flag has been changed to
--net, and has been now made the default behaviour. (#1532, #1418)
That is, a
rkt run command will now by default set up a private network for the pod.
To achieve the previous default behaviour of the pod sharing the networking namespace of the host, use
The flag still allows the specification of multiple networks via CNI plugins, and overriding plugin configuration on a per-network basis.
For more details, see the networking documentation.
New image fetching behaviour
When fetching images during
rkt fetch or
rkt run, rkt would previously behave inconsistently for different formats (e.g when performing discovery or when retrieving a Docker image) when deciding whether to use a cached version or not.
rkt run featured a
--local flag to adjust this behaviour but it provided an unintuitive semantic and was not available to the
rkt fetch command.
Instead, rkt now features two new flags,
--no-store, on both the
rkt fetch and
rkt run commands, to provide more consistent, controllable, and predictable behaviour regarding when images should be retrieved.
For full details of the new behaviour see the image fetching documentation.
A number of changes were made to the permissions of rkt's internal store to facilitate unprivileged users to access information about images and pods on the system (#1542, #1569).
In particular, the set-group-ID bit is applied to the directories touched by
rkt install so that the
rkt group (if it exists on the system) can retain read-access to information about pods and images.
This will be used by the rkt API service (targeted for the next release) so that it can run as an unprivileged user on the system.
This support is still considered partially experimental.
Some tasks like
rkt image gc remain a root-only operation.
/etc/hosts exists in an application filesystem at the time it starts running, rkt will now provide a basic default version of this file.
If rkt detects one already in the app's filesystem (whether through being included in an image, or a volume mounted in), it will make no changes. (#1541)
Other new features
- rkt now supports setting supplementary group IDs on processes (#1514).
- rkt's use of cgroups has been reworked to facilitate rkt running on a variety of operating systems like Void and older non-systemd distributions (#1437, #1320, #1076, #1042)
rkt runis used with an image that does not have an app section, rkt will now create one if the user provides an
- A new
rkt image gccommand adds initial support for garbage collecting images from the store (#1487). This removes treeStores not referenced by any non-GCed rkt pod.
rkt listnow provides more information including image version and hash (#1559)
rkt image listoutput now shows shortened hash identifiers by default, and human readable date formats.
To use the previous output format, use the
rkt preparegained the
--execflag, which restores flag-parity with
- lkvm stage1 backend has experimental support for
- rkt now supports empty volume types (#1502)
- An early, experimental read-only API definition has been added (#1359, #1518).
- Fixed bug in
--stage1-imageoption which prevented it from using URLs (#1524)
- Fixed bug in
rkt trust's handling of
- Fixed bug when decompressing xz-compressed images (#1462, #1224)
- In earlier versions of rkt, hooks had an implicit timeout of 30 seconds, causing some pre-start jobs which took a long time to be killed. This implicit timeout has been removed. (#1547)
- When running with the lkvm stage1, rkt now sets
$HOMEif it is not already set, working around a bug in the lkvm tool (#1447, #1393)
- Fixed bug preventing
run-preparedfrom working if the metadata service was not available (#1436)
- Bumped appc spec to 0.7.1 (#1543)
- Bumped CNI and netlink dependencies (#1476)
- Bumped ioprogress to a version which prevents the download bar from being drawn when rkt is not drawing to a terminal (#1423, #1282)
- Significantly reworked rkt's internal use of systemd to orchestrate apps, which should facilitate more granular control over pod lifecycles (#1407)
- Reworked rkt's handling of images with non-deterministically dependencies (#1240, #1198).
- rkt functional tests now run appc's ACE validator, which should ensure that rkt is always compliant with the specification. (#1473)
- A swathe of improvements to the build system
- Various internal improvements to the functional test suite to improve coverage and consolidate code
- The "ACI" field header in
rkt imageoutput has been changed to "IMAGE NAME"
rkt image rmnow exits with status 1 on any failure (#1486)
- Fixed permissions in the default stage1 image (#1503)
- Added documentation for
- rkt should now report more helpful errors when encountering manifests it does not understand (#1471)