发布于 2016-08-05 00:24:45 | 194 次阅读 | 评论: 0 | 来源: 网友投递
Rocket CoreOS 的容器引擎
Rocket (也叫 rkt)是 CoreOS 推出的一款容器引擎,和 Docker 类似,帮助开发者打包应用和依赖包到可移植容器中,简化搭环境等部署工作。Rocket 和 Docker 不同的地方在于,Rocket 没有 Docker 那些为企业用户提供的“友好功能”,比如云服务加速工具、集群系统等。反过来说,Rocket 想做的,是一个更纯粹的业界标准。
Rocket v1.12.0 发布了,
该版本主要新增seccomp隔离器,支持seccomp过滤。同时,对API服务做了一些提升,修复一些已知问题。
改进记录如下:
cli: rename --cap-retain and --cap-remove to --caps-* (#2994).
stage1: apply seccomp isolators (#2753). This introduces support for appc seccomp isolators.
scripts: add /etc/rkt owned by group rkt-admin in setup-data-dir.sh (#2944).
rkt: add --caps-retain and --caps-remove to prepare (#3007).
store: allow users in the rkt group to delete images (#2961).
api_service: cache pod manifest (#2891). Manifest caching considerably improves api-service performances.
store: tell the user to run as root on db update (#2966).
stage1: disabling cgroup namespace in systemd-nspawn (#2989). For more information see systemd#3589.
fly: copy rkt-resolv.conf in the app (#2982).
store: decouple aci store and treestore implementations (#2919).
store: record ACI fetching information (#2960).
stage1/init: fix writing of /etc/machine-id (#2977).
rkt: don't errwrap cli_apps errors (#2958).
pkg/tar/chroot: avoid errwrap in function called by multicall (#2997).
networking: apply CNI args to the default networks as well (#2985).
trust: provide InsecureSkipTLSCheck to pubkey manager (#3016).
api_service: update grpc version (#3015).
fetcher: httpcaching fixes (#2965).
build,stage1/init: set interpBin at build time for src flavor (#2978).
common: introduce RemoveEmptyLines() (#3004).
glide: update docker2aci to v0.12.3 (#3026). This fixes multiple bugs in layers ordering for Docker images.
glide: update go-systemd to v11 (#2970). This fixes a buggy corner-case in journal seeking (implicit seek to head).
issue template: add 'n' to the end of environment output (#3008).