4.7 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| docs | Drivers: Rkt | docs-drivers-rkt | The rkt task driver is used to run application containers using rkt. |
Rkt Driver
Name: rkt
The rkt driver provides an interface for using CoreOS rkt for running
application containers.
Task Configuration
task "webservice" {
driver = "rkt"
config {
image = "redis:3.2"
}
}
The rkt driver supports the following configuration in the job spec:
-
image- The image to run. May be specified by name, hash, ACI address or docker registry.config { image = "https://hub.docker.internal/redis:3.2" } -
command- (Optional) A command to execute on the ACI.config { command = "my-command" } -
args- (Optional) A list of arguments to the optionalcommand. References to environment variables or any interpretable Nomad variables will be interpreted before launching the task.config { args = [ "-bind", "${NOMAD_PORT_http}", "${nomad.datacenter}", "${MY_ENV}", "${meta.foo}", ] } -
trust_prefix- (Optional) The trust prefix to be passed to rkt. Must be reachable from the box running the nomad agent. If not specified, the image is run without verifying the image signature. -
dns_servers- (Optional) A list of DNS servers to be used in the container. Alternatively a list containing justhostornone.hostuses the host'sresolv.confwhilenoneforces use of the image's name resolution configuration. -
dns_search_domains- (Optional) A list of DNS search domains to be used in the containers. -
net- (Optional) A list of networks to be used by the containers -
port_map- (Optional) A key/value map of ports used by the container. The value is the port name specified in the image manifest file. When running Docker images with rkt the port names will be of the form${PORT}-tcp. See networking below for more details.port_map { # If running a Docker image that exposes port 8080 app = "8080-tcp" } -
debug- (Optional) Enable rkt command debug option. -
volumes- (Optional) A list ofhost_path:container_pathstrings to bind host paths to container paths.config { volumes = ["/path/on/host:/path/in/container"] }
Networking
The rkt can specify --net and --port for the rkt client. Hence, there are two ways to use host ports by
using --net=host or --port=PORT with your network.
Example:
task "redis" {
# Use rkt to run the task.
driver = "rkt"
config {
# Use docker image with port defined
image = "docker://redis:latest"
port_map {
app = "6379-tcp"
}
}
service {
port = "app"
}
resources {
network {
mbits = 10
port "app" {
static = 12345
}
}
}
}
Allocating Ports
You can allocate ports to your task using the port syntax described on the networking page.
When you use port allocation, the image manifest needs to declare public ports and host has configured network. For more information, please refer to rkt Networking.
Client Requirements
The rkt driver requires rkt to be installed and in your system's $PATH.
The trust_prefix must be accessible by the node running Nomad. This can be an
internal source, private to your cluster, but it must be reachable by the client
over HTTP.
Client Configuration
The rkt driver has the following client configuration
options:
rkt.volumes.enabled: Defaults totrue. Allows tasks to bind host paths (volumes) inside their container. Binding relative paths is always allowed and will be resolved relative to the allocation's directory.
Client Attributes
The rkt driver will set the following client attributes:
driver.rkt- Set to1if rkt is found on the host node. Nomad determines this by executingrkt versionon the host and parsing the outputdriver.rkt.version- Version ofrkteg:1.1.0. Note that the minimum required version is1.0.0driver.rkt.appc.version- Version ofappcthatrktis using eg:1.1.0
Here is an example of using these properties in a job file:
job "docs" {
# Only run this job where the rkt version is higher than 0.8.
constraint {
attribute = "${driver.rkt.version}"
operator = ">"
value = "1.2"
}
}
Resource Isolation
This driver supports CPU and memory isolation by delegating to rkt. Network
isolation is not supported as of now.