github.com/hhrutter/nomad@v0.6.0-rc2.0.20170723054333-80c4b03f0705/website/source/docs/drivers/rkt.html.md (about) 1 --- 2 layout: "docs" 3 page_title: "Drivers: Rkt" 4 sidebar_current: "docs-drivers-rkt" 5 description: |- 6 The rkt task driver is used to run application containers using rkt. 7 --- 8 9 # Rkt Driver 10 11 Name: `rkt` 12 13 The `rkt` driver provides an interface for using CoreOS rkt for running 14 application containers. 15 16 ## Task Configuration 17 18 ```hcl 19 task "webservice" { 20 driver = "rkt" 21 22 config { 23 image = "redis:3.2" 24 } 25 } 26 ``` 27 28 The `rkt` driver supports the following configuration in the job spec: 29 30 * `image` - The image to run. May be specified by name, hash, ACI address 31 or docker registry. 32 33 ```hcl 34 config { 35 image = "https://hub.docker.internal/redis:3.2" 36 } 37 ``` 38 39 * `command` - (Optional) A command to execute on the ACI. 40 41 ```hcl 42 config { 43 command = "my-command" 44 } 45 ``` 46 47 * `args` - (Optional) A list of arguments to the optional `command`. References 48 to environment variables or any [interpretable Nomad 49 variables](/docs/runtime/interpolation.html) will be interpreted before 50 launching the task. 51 52 ```hcl 53 config { 54 args = [ 55 "-bind", "${NOMAD_PORT_http}", 56 "${nomad.datacenter}", 57 "${MY_ENV}", 58 "${meta.foo}", 59 ] 60 } 61 ``` 62 63 * `trust_prefix` - (Optional) The trust prefix to be passed to rkt. Must be 64 reachable from the box running the nomad agent. If not specified, the image is 65 run with `--insecure-options=all`. 66 67 * `insecure_options` - (Optional) List of insecure options for rkt. Consult `rkt --help` 68 for list of supported values. This list overrides the `--insecure-options=all` default when 69 no ```trust_prefix``` is provided in the job config, which can be effectively used to enforce 70 secure runs, using ```insecure_options = ["none"]``` option. 71 72 ```hcl 73 config { 74 image = "example.com/image:1.0" 75 insecure_options = ["image", "tls", "ondisk"] 76 } 77 ``` 78 79 * `dns_servers` - (Optional) A list of DNS servers to be used in the container. 80 Alternatively a list containing just `host` or `none`. `host` uses the host's 81 `resolv.conf` while `none` forces use of the image's name resolution configuration. 82 83 * `dns_search_domains` - (Optional) A list of DNS search domains to be used in 84 the containers. 85 86 * `net` - (Optional) A list of networks to be used by the containers 87 88 * `port_map` - (Optional) A key/value map of ports used by the container. The 89 value is the port name specified in the image manifest file. When running 90 Docker images with rkt the port names will be of the form `${PORT}-tcp`. See 91 [networking](#networking) below for more details. 92 93 ```hcl 94 port_map { 95 # If running a Docker image that exposes port 8080 96 app = "8080-tcp" 97 } 98 ``` 99 100 101 * `debug` - (Optional) Enable rkt command debug option. 102 103 * `no_overlay` - (Optional) When enabled, will use `--no-overlay=true` flag for 'rkt run'. 104 Useful when running jobs on older systems affected by https://github.com/rkt/rkt/issues/1922 105 106 * `volumes` - (Optional) A list of `host_path:container_path` strings to bind 107 host paths to container paths. 108 109 ```hcl 110 config { 111 volumes = ["/path/on/host:/path/in/container"] 112 } 113 ``` 114 115 ## Networking 116 117 The `rkt` can specify `--net` and `--port` for the rkt client. Hence, there are two ways to use host ports by 118 using `--net=host` or `--port=PORT` with your network. 119 120 Example: 121 122 ``` 123 task "redis" { 124 # Use rkt to run the task. 125 driver = "rkt" 126 127 config { 128 # Use docker image with port defined 129 image = "docker://redis:latest" 130 port_map { 131 app = "6379-tcp" 132 } 133 } 134 135 service { 136 port = "app" 137 } 138 139 resources { 140 network { 141 mbits = 10 142 port "app" { 143 static = 12345 144 } 145 } 146 } 147 } 148 ``` 149 150 ### Allocating Ports 151 152 You can allocate ports to your task using the port syntax described on the 153 [networking page](/docs/job-specification/network.html). 154 155 When you use port allocation, the image manifest needs to declare public ports and host has configured network. 156 For more information, please refer to [rkt Networking](https://coreos.com/rkt/docs/latest/networking/overview.html). 157 158 ## Client Requirements 159 160 The `rkt` driver requires rkt to be installed and in your system's `$PATH`. 161 The `trust_prefix` must be accessible by the node running Nomad. This can be an 162 internal source, private to your cluster, but it must be reachable by the client 163 over HTTP. 164 165 ## Client Configuration 166 167 The `rkt` driver has the following [client configuration 168 options](/docs/agent/configuration/client.html#options): 169 170 * `rkt.volumes.enabled`: Defaults to `true`. Allows tasks to bind host paths 171 (`volumes`) inside their container. Binding relative paths is always allowed 172 and will be resolved relative to the allocation's directory. 173 174 175 ## Client Attributes 176 177 The `rkt` driver will set the following client attributes: 178 179 * `driver.rkt` - Set to `1` if rkt is found on the host node. Nomad determines 180 this by executing `rkt version` on the host and parsing the output 181 * `driver.rkt.version` - Version of `rkt` e.g.: `1.1.0`. Note that the minimum required 182 version is `1.0.0` 183 * `driver.rkt.appc.version` - Version of `appc` that `rkt` is using e.g.: `1.1.0` 184 185 Here is an example of using these properties in a job file: 186 187 ```hcl 188 job "docs" { 189 # Only run this job where the rkt version is higher than 0.8. 190 constraint { 191 attribute = "${driver.rkt.version}" 192 operator = ">" 193 value = "1.2" 194 } 195 } 196 ``` 197 198 ## Resource Isolation 199 200 This driver supports CPU and memory isolation by delegating to `rkt`. Network 201 isolation is not supported as of now.