github.com/coreos/rocket@v1.30.1-0.20200224141603-171c416fac02/Documentation/running-docker-images.md (about) 1 # Running Docker images with rkt 2 3 rkt features native support for fetching and running Docker container images. 4 5 ## Getting started 6 7 To reference a Docker image, use the `docker://` prefix when fetching or running images. 8 9 Note that Docker images do not support signature verification, and hence it's necessary to use the `--insecure-options=image` flag. 10 11 As a simple example, let's run the latest [`redis`][docker-redis] container image from the default Docker registry: 12 13 ``` 14 # rkt --insecure-options=image run docker://redis 15 rkt: fetching image from docker://redis 16 rkt: warning: image signature verification has been disabled 17 Downloading layer: 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 18 ... 19 Downloading layer: f2fb89b0a711a7178528c7785d247ba3572924353b0d5e23e9b28f0518253b22 20 4:C 19 Apr 06:09:02.372 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf 21 4:M 19 Apr 06:09:02.373 # You requested maxclients of 10000 requiring at least 10032 max file descriptors. 22 4:M 19 Apr 06:09:02.373 # Redis can't set maximum open files to 10032 because of OS error: Operation not permitted. 23 4:M 19 Apr 06:09:02.373 # Current maximum open files is 8192. maxclients has been reduced to 8160 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'. 24 _._ 25 _.-``__ ''-._ 26 _.-`` `. `_. ''-._ Redis 3.0.0 (00000000/0) 64 bit 27 .-`` .-```. ```\/ _.,_ ''-._ 28 ( ' , .-` | `, ) Running in standalone mode 29 |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 30 | `-._ `._ / _.-' | PID: 4 31 `-._ `-._ `-./ _.-' _.-' 32 |`-._`-._ `-.__.-' _.-'_.-'| 33 | `-._`-._ _.-'_.-' | http://redis.io 34 `-._ `-._`-.__.-'_.-' _.-' 35 |`-._`-._ `-.__.-' _.-'_.-'| 36 | `-._`-._ _.-'_.-' | 37 `-._ `-._`-.__.-'_.-' _.-' 38 `-._ `-.__.-' _.-' 39 `-._ _.-' 40 `-.__.-' 41 42 4:M 19 Apr 06:09:02.374 # Server started, Redis version 3.0.0 43 4:M 19 Apr 06:09:02.375 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 44 4:M 19 Apr 06:09:02.375 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 45 4:M 19 Apr 06:09:02.375 * The server is now ready to accept connections on port 6379 46 ``` 47 48 This behaves similarly to the Docker client: if no specific registry is named, the [Docker Hub][docker-hub] is used by default. 49 50 As with Docker, alternative registries can be used by specifying the registry as part of the image reference. 51 For example, the following command will fetch an [nginx][quay-nginx] Docker image hosted on [quay.io][quay]: 52 53 ``` 54 # rkt --insecure-options=image fetch docker://quay.io/zanui/nginx 55 rkt: fetching image from docker://quay.io/zanui/nginx 56 rkt: warning: image signature verification has been disabled 57 Downloading layer: 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 58 ... 59 Downloading layer: 340951f1240f3dc1189ae32cfa5af35df2dc640e0c92f2397b7a72e174c1a158 60 sha512-c6d6efd98f506380ff128e473ca239ed 61 ``` 62 63 The hash printed in the final line represents the image ID of the converted ACI. 64 65 After the image has been retrieved, it can be run by referencing this hash: 66 67 ``` 68 # rkt --insecure-options=image run sha512-c6d6efd98f506380ff128e473ca239ed 69 ``` 70 71 72 [docker-redis]: https://hub.docker.com/_/redis/ 73 [docker-hub]: https://hub.docker.com 74 [quay]: https://quay.io/ 75 [quay-nginx]: https://quay.io/repository/zanui/nginx