volo is a small experimental stage1 for rkt, written in Rust. Source code available in rkt-volo repository.
rkt is a modular container runtime for Linux, supporting pods as first-class entities and mainly written in Go. Its architecture is built around the concept of sealed components called "stages".
A typical container execution goes through three stages:
stage0: initial rkt process. This stage takes care of fetching images and rendering to filesystem.
stage1: custom environment setup. This stage takes care of creating a contained environment for pod execution.
stage2: user application. This is the final stage, where execution is simply handed over to a user-provided application in a self-contained image.
stage0 ships as a single executable called rkt, which is then organized in several subcommands (i.e. rkt fetch, rkt run, rkt gc, etc.).
stage1 and stage2 are shipped as signed container images, with support for aci, docker, and (draft) oci format. While stage2 images are always provided by the user, stage1 images instead are typically provided together with rkt binary.
stage1 image are swappable, in order to let the user pick an appropriate isolation level for their application. Historically, three main stage1 flavors existed:
stage1-kvm: a strong-isolation environment, built on top of KVM.
stage1-coreos: a intermediate-isolation environment, built on top of namespaces and cgroups.
stage1-fly: a weak-isolation environment, built on top of plain chroot.
The rest of this article describes a small experimental stage1 written in Rust, named stage1-volo, much akin to stage1-fly.
Rust is a system programming language focued on safety, speed, and concurrency. It is developed by an active community of developers and mainly sponsored by Mozilla.
Historically, most of rkt stage0 and stage1 have been written in Go. However, the clear architectural separation between stages allows for much flexibility in stage1 implementation.
At the same time, Go comes with its own mandatory runtime which imposes some restrictions and requires some workarounds for modern system programming idioms. For example, manipulating process credentials is hard and interacting with namespaces requires detours in C constructors.
On the other hand, Rust comes with smaller runtime overhead (even close to none with no_std), built-in and ergonomic safety features, and a large ecosystem of libraries.
For those reasons, Rust can be seen as a well suited language for an experimental rkt stage1 implementation.
stage1-volo is an experimental stage1 for rkt, written in Rust. It implements rkt stage1 interface and a subset of appc specification.
As per stage1 interface (currently at version "5"), volo implements 4 main entrypoints:
run
gc
stop
enter
Those are exposed via annotations in the image manifest:
"annotations": [
{
"name":"coreos.com/rkt/stage1/run",
"value":"/run"
},
{
"name":"coreos.com/rkt/stage1/enter",
"value":"/enter"
},
{
"name":"coreos.com/rkt/stage1/gc",
"value":"/gc"
},
{
"name":"coreos.com/rkt/stage1/stop",
"value":"/stop"
},
{
"name":"coreos.com/rkt/stage1/interface-version",
"value":"5"
}
]