A rkt stage1 experiment in Rust

Article still in progress

volo is a small experimental stage1 for rkt, written in Rust. Source code available in rkt-volo repository.

rkt design: stages

rkt is a modular container runtime for Linux, supporting pods as first-class entities and mainly written in Go. Its architecture is built around the concept of sealed components called “stages”.

A typical container execution goes through three stages:

stage0 ships as a single executable called rkt, which is then organized in several subcommands (i.e. rkt fetch, rkt run, rkt gc, etc.).

stage1 and stage2 are shipped as signed container images, with support for aci, docker, and (draft) oci format. While stage2 images are always provided by the user, stage1 images instead are typically provided together with rkt binary.

stage1 image are swappable, in order to let the user pick an appropriate isolation level for their application. Historically, three main stage1 flavors existed:

The rest of this article describes a small experimental stage1 written in Rust, named stage1-volo, much akin to stage1-fly.

Using Rust

Rust is a system programming language focued on safety, speed, and concurrency. It is developed by an active community of developers and mainly sponsored by Mozilla.

Historically, most of rkt stage0 and stage1 have been written in Go. However, the clear architectural separation between stages allows for much flexibility in stage1 implementation.

At the same time, Go comes with its own mandatory runtime which imposes some restrictions and requires some workarounds for modern system programming idioms. For example, manipulating process credentials is hard and interacting with namespaces requires detours in C constructors.

On the other hand, Rust comes with smaller runtime overhead (even close to none with no_std), built-in and ergonomic safety features, and a large ecosystem of libraries.

For those reasons, Rust can be seen as a well suited language for an experimental rkt stage1 implementation.

stage1-volo

stage1-volo is an experimental stage1 for rkt, written in Rust. It implements rkt stage1 interface and a subset of appc specification.

Entrypoints

As per stage1 interface (currently at version “5”), volo implements 4 main entrypoints:

Those are exposed via annotations in the image manifest:

"annotations":[  
  {  
    "name":"coreos.com/rkt/stage1/run",
    "value":"/run"
  },
  {  
    "name":"coreos.com/rkt/stage1/enter",
    "value":"/enter"
  },
  {  
    "name":"coreos.com/rkt/stage1/gc",
    "value":"/gc"
  },
  {  
    "name":"coreos.com/rkt/stage1/stop",
    "value":"/stop"
  },
  {  
    "name":"coreos.com/rkt/stage1/interface-version",
    "value":"5"
  }
]

Building and packaging

TBD