github.com/taylorchu/nomad@v0.5.3-rc1.0.20170407200202-db11e7dd7b55/website/source/docs/drivers/rkt.html.md (about) 1 --- 2 layout: "docs" 3 page_title: "Drivers: Rkt" 4 sidebar_current: "docs-drivers-rkt" 5 description: |- 6 The rkt task driver is used to run application containers using rkt. 7 --- 8 9 # Rkt Driver 10 11 Name: `rkt` 12 13 The `rkt` driver provides an interface for using CoreOS rkt for running 14 application containers. 15 16 ## Task Configuration 17 18 ```hcl 19 task "webservice" { 20 driver = "rkt" 21 22 config { 23 image = "redis:3.2" 24 } 25 } 26 ``` 27 28 The `rkt` driver supports the following configuration in the job spec: 29 30 * `image` - The image to run. May be specified by name, hash, ACI address 31 or docker registry. 32 33 ```hcl 34 config { 35 image = "https://hub.docker.internal/redis:3.2" 36 } 37 ``` 38 39 * `command` - (Optional) A command to execute on the ACI. 40 41 ```hcl 42 config { 43 command = "my-command" 44 } 45 ``` 46 47 * `args` - (Optional) A list of arguments to the optional `command`. References 48 to environment variables or any [interpretable Nomad 49 variables](/docs/runtime/interpolation.html) will be interpreted before 50 launching the task. 51 52 ```hcl 53 config { 54 args = [ 55 "-bind", "${NOMAD_PORT_http}", 56 "${nomad.datacenter}", 57 "${MY_ENV}", 58 "${meta.foo}", 59 ] 60 } 61 ``` 62 63 * `trust_prefix` - (Optional) The trust prefix to be passed to rkt. Must be 64 reachable from the box running the nomad agent. If not specified, the image is 65 run without verifying the image signature. 66 67 * `dns_servers` - (Optional) A list of DNS servers to be used in the container. 68 Alternatively a list containing just `host` or `none`. `host` uses the host's 69 `resolv.conf` while `none` forces use of the image's name resolution configuration. 70 71 * `dns_search_domains` - (Optional) A list of DNS search domains to be used in 72 the containers. 73 74 * `net` - (Optional) A list of networks to be used by the containers 75 76 * `port_map` - (Optional) A key/value map of ports used by the container. The 77 value is the port name specified in the image manifest file. When running 78 Docker images with rkt the port names will be of the form `${PORT}-tcp`. See 79 [networking](#networking) below for more details. 80 81 ```hcl 82 port_map { 83 # If running a Docker image that exposes port 8080 84 app = "8080-tcp" 85 } 86 ``` 87 88 89 * `debug` - (Optional) Enable rkt command debug option. 90 91 * `volumes` - (Optional) A list of `host_path:container_path` strings to bind 92 host paths to container paths. 93 94 ```hcl 95 config { 96 volumes = ["/path/on/host:/path/in/container"] 97 } 98 ``` 99 100 ## Networking 101 102 The `rkt` can specify `--net` and `--port` for the rkt client. Hence, there are two ways to use host ports by 103 using `--net=host` or `--port=PORT` with your network. 104 105 Example: 106 107 ``` 108 task "redis" { 109 # Use rkt to run the task. 110 driver = "rkt" 111 112 config { 113 # Use docker image with port defined 114 image = "docker://redis:latest" 115 port_map { 116 app = "6379-tcp" 117 } 118 } 119 120 service { 121 port = "app" 122 } 123 124 resources { 125 network { 126 mbits = 10 127 port "app" { 128 static = 12345 129 } 130 } 131 } 132 } 133 ``` 134 135 ### Allocating Ports 136 137 You can allocate ports to your task using the port syntax described on the 138 [networking page](/docs/job-specification/network.html). 139 140 When you use port allocation, the image manifest needs to declare public ports and host has configured network. 141 For more information, please refer to [rkt Networking](https://coreos.com/rkt/docs/latest/networking/overview.html). 142 143 ## Client Requirements 144 145 The `rkt` driver requires rkt to be installed and in your system's `$PATH`. 146 The `trust_prefix` must be accessible by the node running Nomad. This can be an 147 internal source, private to your cluster, but it must be reachable by the client 148 over HTTP. 149 150 ## Client Configuration 151 152 The `rkt` driver has the following [client configuration 153 options](/docs/agent/configuration/client.html#options): 154 155 * `rkt.volumes.enabled`: Defaults to `true`. Allows tasks to bind host paths 156 (`volumes`) inside their container. Binding relative paths is always allowed 157 and will be resolved relative to the allocation's directory. 158 159 160 ## Client Attributes 161 162 The `rkt` driver will set the following client attributes: 163 164 * `driver.rkt` - Set to `1` if rkt is found on the host node. Nomad determines 165 this by executing `rkt version` on the host and parsing the output 166 * `driver.rkt.version` - Version of `rkt` eg: `1.1.0`. Note that the minimum required 167 version is `1.0.0` 168 * `driver.rkt.appc.version` - Version of `appc` that `rkt` is using eg: `1.1.0` 169 170 Here is an example of using these properties in a job file: 171 172 ```hcl 173 job "docs" { 174 # Only run this job where the rkt version is higher than 0.8. 175 constraint { 176 attribute = "${driver.rkt.version}" 177 operator = ">" 178 value = "1.2" 179 } 180 } 181 ``` 182 183 ## Resource Isolation 184 185 This driver supports CPU and memory isolation by delegating to `rkt`. Network 186 isolation is not supported as of now.