This marks the first release of rkt recommended for use in production.
The command-line UX and on-disk format are considered stable and safe to develop against.
Any changes to these interfaces will be backwards compatible and subject to formal deprecation.
The API is not yet completely stabilized, but is functional and suitable for use by early adopters.
For those new to rkt, we have a blog post explaining out how to get started with 1.0
Also check out the landing page on the CoreOS site for more information.
New features and UX changes
- Add pod creation and start times to
rkt status(#2030). See
- The DNS configuration can now be passed to the pod via the command line (#2040). See
- Errors are now structured, allowing for better control of the output (#1937). See Error & Output for how a developer should use it.
- All output now uses the new log package in
pkg/logto provide a more clean and consistent output format and more helpful debug output (#1937).
- Added configuration for stage1 image. Users can drop a configuration file to
stage1.din the user configuration directory) to tell rkt to use a different stage1 image name, version and location instead of build-time defaults (#1977).
- Replaced the
--stage1-imageflag with a new set of flags.
--stage1-namedo the usual fetching from remote if the image does not exist in the store.
--stage1-hashtakes the stage1 image directly from the store.
--stage1-from-dirworks together with the default stage1 images directory and is described in the next point (#1977).
- Added default stage1 images directory. User can use the newly added
--stage1-from-dirparameter to avoid typing the full path.
- Removed the deprecated
- Fetched keys are no longer automatically trusted by default, unless
--trust-keys-from-httpsis used. Additionally, newly fetched keys have to be explicitly trusted with
rkt trustif a previous key was trusted for the same image prefix (#2033).
- Use NAT loopback to make ports forwarded in pods accessible from localhost (#1256).
- Show a clearer error message when unprivileged users execute commands that require root privileges (#2081).
- Add a rkt tmpfiles configuration file to make the creation of the rkt data directory on first boot easier (#2088).
rkt installcommand. It was replaced with a
- Fix regression when authenticating to v2 Docker registries (#2008).
- Don't link to libacl, but dlopen it (#1963). This means that rkt will not crash if libacl is not present on the host, but it will just print a warning.
- Only suppress diagnostic messages, not error messages in stage1 (#2111).
- Trusted Platform Module logging (TPM) is now enabled by default (#1815). This ensures that rkt benefits from security features by default. See rkt's Build Configuration documentation.
- Added long descriptions to all rkt commands (#2098).
--stage1-imageflag was removed. Scripts using it should be updated to use one of
- All uses of the deprecated
--insecure-skip-verifyflag should be replaced with the
--insecure-optionsflag which allows user to selectively disable security features.
rkt installcommand was removed in favor of the
Note for packagers
With this release,
rkt RPM/dpkg packages should have the following updates:
--enable-tpm=noto configure script, if
rktshould not use TPM.
- Use the
--with-default-stage1-images-directoryconfigure flag, if the default is not acceptable and install the built stage1 images there.
- Distributions using systemd: install the new file
/usr/lib/tmpfiles.d/rkt.confand then run
systemd-tmpfiles --create rkt.conf. This can replace running
rkt installto set the correct ownership and permissions.