The Security-Minded Container Engine by CoreOS: rkt Hits 1.0

&gt; &quot;Despite the importance of a shared standard, after six months of effort the Open Container Initiative (OCI) body has yet to decide whether it should or should not develop and standardize an image format. Today, the primary focus of the OCI community is creating standards for the container runtime environment, rather than the container image. Specs for container runtime features are also a worthy discussion, but we think there is a more urgent need – and a more open, industry-wide upside – for a standard container image specification.&quot;<p>I haven&#x27;t been following the OCI at all, but could somebody shed some light as to why the runtime is the most important part to standardize? Also, any insight as to whether or not the container image format should be standardized?

Systemd-approved, nonetheless?<p>“I believe in the rkt model,” said Lennart Poettering, systemd lead developer. “Integrating container and service management, so that there’s a 1:1 mapping between containers and host services is an excellent idea. Resource management, introspection, life-cycle management of containers and services – all that tightly integrated with the OS; that’s how a container manager should be designed.”

I think we&#x27;re seeing a shift in focus in the container world from container runtimes such as Docker, to container orchestration systems such as Kubernetes. At some point the container runtime becomes just an implementation detail.<p>Unless Docker finds a way of moving up the stack they are going to have a hard time defending their current valuation. Their current efforts provides close to zero monetizable value.

Congratulations to CoreOS and the rkt team. I&#x27;ve been waiting for this to really dig into rkt, as I am a big fan of how CoreOS has been approaching this project, and eager for a container system that is <i>not</i> Docker.

Security is good, but it isn&#x27;t a big problem for my current local container apps. However, I&#x27;ve found Docker clumsy in various areas. Does this improve on the design any?<p>Also, is there a PPA planned for Ubuntu, or plans to get it into Debian soon, now that it has reached 1.0?

If I&#x27;m developing on OS X, would it still be possible to use rkt?<p>How are the tools for managing your rkt deployments? Since Hashicorp supports it, I&#x27;m starting to think that I would be better off using their tooling to abstract myself from the specific container implementation.

OT: Is rkt pronounced &#x27;are kay tee&#x27;?

Any plans on supporting rkt for ARM? That would be a killer feature for me :)

Good to see they are confident enough to cut a 1.0 release. We have been happily mixing the cgroup and kvm&#x2F;Clear Containers runtimes for a for a couple of months now.

TPM support caught my eye. Brushing off the controversy surrounding EFI secure boot, the TPM is the under-appreciated &quot;Secure Element&quot; in business laptops and high end servers.

Open source project hitting 1.0 - truly breaking news, especially when looking at all these JavaScript libraries.