open-nomad/website/pages/docs/drivers/external/rkt.mdx

230 lines
6.8 KiB
Plaintext
Raw Normal View History

2015-09-29 22:55:23 +00:00
---
2020-02-06 23:45:31 +00:00
layout: docs
page_title: 'Drivers: Rkt'
sidebar_title: 'Rkt <sup>Deprecated</sup> '
description: The rkt task driver is used to run application containers using rkt.
2015-09-29 22:55:23 +00:00
---
2019-08-29 18:38:12 +00:00
~> **Deprecation Warning!**
2019-08-30 20:31:28 +00:00
Nomad introduced the rkt driver in version 0.2.0. The rkt project had some
early adoption; in recent times user adoption has trended away from rkt towards
2019-08-30 19:36:08 +00:00
other projects. Project activity has declined and there are unpatched CVEs.
The project has been [archived by the CNCF](https://github.com/rkt/rkt/issues/4004#issuecomment-507358362)
2020-04-08 03:13:16 +00:00
Nomad 0.11 converted the rkt driver to an external driver. We will not prioritize features
2019-08-30 20:31:28 +00:00
or pull requests that affect the rkt driver. The external driver will be available as an open source
2019-08-29 18:38:12 +00:00
repository for community ownership.
# Rkt Driver
2015-09-29 22:55:23 +00:00
Name: `rkt`
The `rkt` driver provides an interface for using rkt for running
application containers.
2015-09-29 22:55:23 +00:00
## Task Configuration
```hcl
task "webservice" {
driver = "rkt"
config {
image = "redis:3.2"
}
2016-10-28 00:55:55 +00:00
}
```
The `rkt` driver supports the following configuration in the job spec:
2015-09-29 22:55:23 +00:00
2020-02-06 23:45:31 +00:00
- `image` - The image to run. May be specified by name, hash, ACI address
or docker registry.
2020-02-06 23:45:31 +00:00
```hcl
config {
image = "https://hub.docker.internal/redis:3.2"
}
```
2020-02-06 23:45:31 +00:00
- `command` - (Optional) A command to execute on the ACI.
2016-01-11 19:12:09 +00:00
2020-02-06 23:45:31 +00:00
```hcl
config {
command = "my-command"
}
```
2020-02-06 23:45:31 +00:00
- `args` - (Optional) A list of arguments to the optional `command`. References
to environment variables or any [interpretable Nomad
2020-02-06 23:45:31 +00:00
variables](/docs/runtime/interpolation) will be interpreted before
launching the task.
2020-02-06 23:45:31 +00:00
```hcl
config {
args = [
"-bind", "${NOMAD_PORT_http}",
"${nomad.datacenter}",
"${MY_ENV}",
"${meta.foo}",
]
}
```
- `trust_prefix` - (Optional) The trust prefix to be passed to rkt. Must be
reachable from the box running the nomad agent. If not specified, the image is
run with `--insecure-options=all`.
2017-06-07 07:58:42 +00:00
2020-02-06 23:45:31 +00:00
- `insecure_options` - (Optional) List of insecure options for rkt. Consult `rkt --help`
for list of supported values. This list overrides the `--insecure-options=all` default when
2020-02-06 23:45:31 +00:00
no `trust_prefix` is provided in the job config, which can be effectively used to enforce
secure runs, using `insecure_options = ["none"]` option.
2017-06-07 07:58:42 +00:00
```hcl
config {
2020-02-06 23:45:31 +00:00
image = "example.com/image:1.0"
insecure_options = ["image", "tls", "ondisk"]
2017-06-07 07:58:42 +00:00
}
```
2015-09-29 22:55:23 +00:00
2020-02-06 23:45:31 +00:00
- `dns_servers` - (Optional) A list of DNS servers to be used in the container.
2016-12-12 18:59:56 +00:00
Alternatively a list containing just `host` or `none`. `host` uses the host's
`resolv.conf` while `none` forces use of the image's name resolution configuration.
2020-02-06 23:45:31 +00:00
- `dns_search_domains` - (Optional) A list of DNS search domains to be used in
the containers.
2020-02-06 23:45:31 +00:00
- `net` - (Optional) A list of networks to be used by the containers
2020-02-06 23:45:31 +00:00
- `port_map` - (Optional) A key/value map of ports used by the container. The
value is the port name specified in the image manifest file. When running
Docker images with rkt the port names will be of the form `${PORT}-tcp`. See
[networking](#networking) below for more details.
2020-02-06 23:45:31 +00:00
```hcl
port_map {
# If running a Docker image that exposes port 8080
app = "8080-tcp"
}
```
2016-08-27 12:56:39 +00:00
* `debug` - (Optional) Enable rkt command debug option.
2016-08-08 10:30:47 +00:00
2017-06-07 18:54:21 +00:00
* `no_overlay` - (Optional) When enabled, will use `--no-overlay=true` flag for 'rkt run'.
Useful when running jobs on older systems affected by https://github.com/rkt/rkt/issues/1922
* `volumes` - (Optional) A list of `host_path:container_path[:readOnly]` strings to bind
host paths to container paths.
Mount is done read-write by default; an optional third parameter `readOnly` can be provided
to make it read-only.
2020-02-06 23:45:31 +00:00
```hcl
config {
volumes = ["/path/on/host:/path/in/container", "/readonly/path/on/host:/path/in/container:readOnly"]
}
```
2018-08-28 16:39:57 +00:00
* `group` - (Optional) Specifies the group that will run the task. Sets the
`--group` flag and overrides the group specified by the image. The
[`user`][user] may be specified at the task level.
## Networking
The `rkt` can specify `--net` and `--port` for the rkt client. Hence, there are two ways to use host ports by
using `--net=host` or `--port=PORT` with your network.
Example:
2020-02-06 23:45:31 +00:00
```hcl
2016-10-26 00:11:01 +00:00
task "redis" {
# Use rkt to run the task.
driver = "rkt"
config {
# Use docker image with port defined
image = "docker://redis:latest"
port_map {
app = "6379-tcp"
}
}
2016-10-26 00:11:01 +00:00
service {
port = "app"
}
2016-10-26 00:11:01 +00:00
resources {
network {
mbits = 10
port "app" {
2020-02-06 23:45:31 +00:00
static = 12345
}
}
2016-10-26 00:11:01 +00:00
}
}
```
### Allocating Ports
You can allocate ports to your task using the port syntax described on the
2020-02-06 23:45:31 +00:00
[networking page](/docs/job-specification/network).
When you use port allocation, the image manifest needs to declare public ports and host has configured network.
2020-02-06 23:45:31 +00:00
For more information, please refer to [rkt Networking](https://coreos.com/rkt/docs/latest/networking/overview).
2015-09-29 22:55:23 +00:00
## Client Requirements
The `rkt` driver requires the following:
2020-02-06 23:45:31 +00:00
- The Nomad client agent to be running as the root user.
- rkt to be installed and in your system's `$PATH`.
- The `trust_prefix` must be accessible by the node running Nomad. This can be an
internal source, private to your cluster, but it must be reachable by the client
over HTTP.
2015-09-29 22:55:23 +00:00
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
## Plugin Options
2020-02-06 23:45:31 +00:00
- `volumes_enabled` - Defaults to `true`. Allows tasks to bind host paths
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
(`volumes`) inside their container. Binding relative paths is always allowed
2020-02-06 23:45:31 +00:00
and will be resolved relative to the allocation's directory.
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
## Client Configuration
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
~> Note: client configuration options will soon be deprecated. Please use [plugin options][plugin-options] instead. See the [plugin stanza][plugin-stanza] documentation for more information.
The `rkt` driver has the following [client configuration
2020-02-06 23:45:31 +00:00
options](/docs/configuration/client#options):
2020-02-06 23:45:31 +00:00
- `rkt.volumes.enabled` - Defaults to `true`. Allows tasks to bind host paths
(`volumes`) inside their container. Binding relative paths is always allowed
and will be resolved relative to the allocation's directory.
2015-09-29 22:55:23 +00:00
## Client Attributes
The `rkt` driver will set the following client attributes:
2015-09-29 22:55:23 +00:00
2020-02-06 23:45:31 +00:00
- `driver.rkt` - Set to `1` if rkt is found on the host node. Nomad determines
this by executing `rkt version` on the host and parsing the output
2020-02-06 23:45:31 +00:00
- `driver.rkt.version` - Version of `rkt` e.g.: `1.27.0`. Note that the minimum required
version is `1.27.0`
2020-02-06 23:45:31 +00:00
- `driver.rkt.appc.version` - Version of `appc` that `rkt` is using e.g.: `1.1.0`
2015-09-29 22:55:23 +00:00
Here is an example of using these properties in a job file:
```hcl
job "docs" {
# Only run this job where the rkt version is higher than 0.8.
constraint {
attribute = "${driver.rkt.version}"
operator = ">"
value = "1.2"
}
}
```
2015-09-29 22:55:23 +00:00
## Resource Isolation
This driver supports CPU and memory isolation by delegating to `rkt`. Network
isolation is not supported as of now.
2018-08-28 16:39:57 +00:00
2020-02-06 23:45:31 +00:00
[user]: /docs/job-specification/task#user
add plugin content (docs) (#5186) * call out pluggable drivers in task drivers section and link/add info to plugin stanza * fix hyphenation * removing page and nav that tells users drivers are not pluggable * show new syntax for configuring raw_exec plugin on client * enabled option value for raw_exec is boolean * add plugin options section and mark client options as soon to be deprecated * fix typos * add plugin options for rkt task drivers and place deprecation warning in client options * add some plugin options with plugin configuration example + mark client options as soon to be deprecated * modify deprecation warning * replace colon with - for options * add docker plugin options * update links within docker task driver to point to plugin options * fix typo and clarify config options for lxc task driver * replace raw_exec plugin syntax example with docker example * create external section * restructure lxc docs and add backward incompatibility warning * update lxc driver doc * add redirect for lxc driver doc * call out plugin options and mark client config options for drivers as deprecated * add placeholder for lxc driver binary download * update data_dir/plugins reference with plugin_dir reference * Update website/source/docs/external/lxc.html.md Co-Authored-By: Omar-Khawaja <Omar-Khawaja@users.noreply.github.com> * corrections * remove lxc from built-in drivers navigation * reorganize doc structure and fix redirect * add detail about 0.9 changes * implement suggestions/fixes * removed extraneous punctuation * add official lxc driver link
2019-01-29 20:53:05 +00:00
[plugin-options]: #plugin-options
2020-02-06 23:45:31 +00:00
[plugin-stanza]: /docs/configuration/plugin