github.com/stackdocker/rkt@v0.10.1-0.20151109095037-1aa827478248/Documentation/subcommands/run.md (about) 1 # rkt run 2 3 ## Image Addressing 4 5 Images can be run by either their name, their hash, an explicit transport address, or a Docker registry URL. 6 rkt will automatically [fetch](fetch.md) them if they're not present in the local store. 7 8 ``` 9 # Run by name 10 # rkt run coreos.com/etcd:v2.0.0 11 ``` 12 13 ``` 14 # Run by hash 15 # rkt run sha512-fa1cb92dc276b0f9bedf87981e61ecde 16 ``` 17 18 ``` 19 # Run by ACI address 20 # rkt run https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci 21 ``` 22 23 ``` 24 # Run by Docker registry 25 # rkt --insecure-skip-verify run docker://quay.io/coreos/etcd:v2.0.0 26 ``` 27 28 ## Overriding Executable to launch 29 30 Application images include an `exec` field that specifies the executable to launch. 31 This executable can be overridden by rkt using the `--exec` flag: 32 33 ``` 34 # rkt --insecure-skip-verify run docker://busybox --exec /bin/date 35 ``` 36 37 ## Passing Arguments 38 39 To pass additional arguments to images use the pattern of `image1 -- [image1 flags] --- image2 -- [image2 flags]`. 40 For example: 41 42 ``` 43 # rkt run example.com/worker -- --loglevel verbose --- example.com/syncer -- --interval 30s 44 ``` 45 46 This can be combined with overridden executables: 47 48 ``` 49 # rkt run example.com/worker --exec /bin/ov -- --loglevel verbose --- example.com/syncer --exec /bin/syncer2 -- --interval 30s 50 ``` 51 52 ## Influencing Environment Variables 53 54 To inherit all environment variables from the parent use the `--inherit-env` flag. 55 56 To explicitly set individual environment variables use the `--set-env` flag. 57 58 The precedence is as follows with the last item replacing previous environment entries: 59 60 - Parent environment 61 - App image environment 62 - Explicitly set environment 63 64 ``` 65 # export EXAMPLE_ENV=hello 66 # export EXAMPLE_OVERRIDE=under 67 # rkt run --inherit-env --set-env=FOO=bar --set-env=EXAMPLE_OVERRIDE=over example.com/env-printer 68 EXAMPLE_ENV=hello 69 FOO=bar 70 EXAMPLE_OVERRIDE=over 71 ``` 72 73 ## Disable Signature Verification 74 75 If desired, `--insecure-skip-verify` can be used to disable this security check: 76 77 ``` 78 # rkt --insecure-skip-verify run coreos.com/etcd:v2.0.0 79 rkt: searching for app image coreos.com/etcd:v2.0.0 80 rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.0-linux-amd64.aci 81 rkt: warning: signature verification has been disabled 82 ... 83 ``` 84 85 ## Mount Volumes into a Pod 86 87 Each ACI can define a [list of mount points](https://github.com/appc/spec/blob/master/spec/aci.md#image-manifest-schema) that the app is expecting external data to be mounted into: 88 89 ```json 90 { 91 "acKind": "ImageManifest", 92 "name": "example.com/app1", 93 ... 94 "app": { 95 ... 96 "mountPoints": [ 97 { 98 "name": "data", 99 "path": "/var/data", 100 "readOnly": false 101 } 102 ] 103 } 104 ... 105 } 106 ``` 107 108 To fulfill these mount points, volumes are used. A volume is assigned to a mount point if they both have the same name. 109 There are today two kinds of volumes: 110 - `host` volumes that can expose a directory or a file from the host to the pod 111 - `empty` volumes that initialize an empty storage to be accessed locally within the pod. 112 113 Each volume can be selectively mounted into each application at differing mount points. Note that any volumes that are specified but do not have a matching mount point will be silently ignored. 114 115 ### Mounting Volumes 116 117 For `host` volumes, the `--volume` flag allows you to specify each mount, its type, the location on the host, and whether the volume is read-only or not. In the following example, we make the host's `/srv/data` accessible to app1 on `/var/data`: 118 119 ``` 120 # rkt run --volume data,kind=host,source=/srv/data,readOnly=false example.com/app1 121 ``` 122 123 If you don't intend to persist the data and you just want to have a volume shared between all the apps in the pod, you can use an `empty` volume: 124 125 ``` 126 # rkt run --volume data,kind=empty,readOnly=false example.com/app1 127 ``` 128 129 The volume is then mounted into each app running to the pod based on information defined in the ACI manifest. 130 131 ### Mounting Volumes without Mount Points 132 133 If the ACI doesn't have any mount points defined in its manifest, you can still mount volumes using the `--mount` flag. 134 135 With `--mount` you define a mapping between volumes and a path in the app. This will supplement and override any mount points in the image manifest. 136 In the following example, the `--mount` option is positioned after the app name; it defines the mount only in that app: 137 138 ``` 139 # rkt run --volume logs,kind=host,source=/srv/logs \ 140 example.com/app1 --mount volume=logs,target=/var/log \ 141 example.com/app2 --mount volume=logs,target=/opt/log 142 ``` 143 144 In the following example, the `--mount` option is positioned before the app names. 145 It defines mounts on all apps: both app1 and app2 will have `/srv/logs` accessible on `/var/log`. 146 147 ``` 148 # rkt run --volume logs,kind=host,source=/srv/logs \ 149 --mount volume=data,target=/var/log \ 150 example.com/app1 example.com/app2 151 ``` 152 153 ### MapReduce Example 154 155 Let's say we want to read data from the host directory `/opt/tenant1/work` to power a MapReduce-style worker. We'll call this app `example.com/reduce-worker`. 156 157 We also want this data to be available to a backup application that runs alongside the worker (in the same pod). We'll call this app 'example.com/worker-backup`. The backup application only needs read-only access to the data. 158 159 Below we show the abbreviated manifests for the respective applications (recall that the manifest is bundled into the application's ACI): 160 161 ```json 162 { 163 "acKind": "ImageManifest", 164 "name": "example.com/reduce-worker", 165 ... 166 "app": { 167 ... 168 "mountPoints": [ 169 { 170 "name": "work", 171 "path": "/var/lib/work", 172 "readOnly": false 173 } 174 ], 175 ... 176 } 177 ... 178 } 179 ``` 180 181 ```json 182 { 183 "acKind": "ImageManifest", 184 "name": "example.com/worker-backup", 185 ... 186 "app": { 187 ... 188 "mountPoints": [ 189 { 190 "name": "work", 191 "path": "/backup", 192 "readOnly": true 193 } 194 ], 195 ... 196 } 197 ... 198 } 199 ``` 200 201 In this case, both apps reference a volume they call "work", and expect it to be made available at `/var/lib/work` and `/backup` within their respective root filesystems. 202 203 Since they reference the volume using an abstract name rather than a specific source path, the same image can be used on a variety of different hosts without being coupled to the host's filesystem layout. 204 205 To tie it all together, we use the `rkt run` command-line to provide them with a volume by this name. Here's what it looks like: 206 207 ``` 208 # rkt run --volume=work,kind=host,source=/opt/tenant1/work \ 209 example.com/reduce-worker \ 210 example.com/worker-backup 211 ``` 212 213 If the image didn't have any mount points, you can achieve a similar effect with the `--mount` flag (note that both would be read-write though): 214 215 ``` 216 # rkt run --volume=work,kind=host,source=/opt/tenant1/work \ 217 example.com/reduce-worker --mount volume=work,target=/var/lib/work \ 218 example.com/worker-backup --mount volume=work,target=/backup 219 ``` 220 221 Now when the pod is running, the two apps will see the host's `/opt/tenant1/work` directory made available at their expected locations. 222 223 ## Enabling metadata service registration 224 225 By default, `rkt run` will not register the pod with the [metadata service](https://github.com/coreos/rkt/blob/master/Documentation/subcommands/metadata-service.md). 226 You can enable registration with the `--mds-register` command line option. 227 228 ## Pod Networking 229 230 The `run` subcommand features the `--net` argument which takes options to configure the pod's network. 231 232 ### Default contained networking 233 234 When the argument is not given, `--net=default` is automatically assumed and the default contained network network will be loaded. 235 236 ### Host networking 237 238 Simplified, with `--net=host` the apps within the pod will share the network stack and the interfaces with the host machine. 239 240 ``` 241 # rkt run --net=host coreos.com/etcd:v2.0.0 242 ``` 243 244 Strictly seen, this is only true when `rkt run` is invoked on the host directly, because the network stack will be inherited from the process that is invoking the `rkt run` command. 245 246 247 ### Other Networking Examples 248 249 More details about rkt's networking options and examples can be found in the [networking documentation](https://github.com/coreos/rkt/blob/master/Documentation/networking.md) 250 251 ## Run rkt as a Daemon 252 253 rkt doesn't include any built-in support for running as a daemon. 254 However, since it is a regular process, you can use your init system to achieve the same effect. 255 256 For example, if you use systemd, you can [run rkt using `systemd-run`](https://github.com/coreos/rkt/blob/master/Documentation/using-rkt-with-systemd.md#systemd-run). 257 258 If you don't use systemd, you can use [daemon](http://www.libslack.org/daemon/) as an alternative.