Home

rkt

rkt, pronounced "rocket," is an open-source container runtime for Linux that was developed by CoreOS and released in 2014. It was designed as a secure, standards-based alternative to Docker, emphasizing a modular architecture, reproducible builds, and strong image provenance. rkt implements the App Container (appc) specifications and originally used App Container Images (ACI) as its primary image format.

Workloads in rkt are run as pods containing one or more applications. Images are referenced as ACIs

For image sources, rkt originally focused on appc/ACI and provided tools to convert Docker images to the

Over time, rkt's development slowed as other runtimes such as Docker, containerd, and CRI-O gained prominence.

---

and
are
verified
with
cryptographic
signatures
before
execution.
The
runtime
uses
a
pluggable
stage1
isolation
architecture
and
can
operate
with
various
execution
environments,
including
systemd-nspawn.
rkt
provides
a
command-line
interface
for
fetching
images,
verifying
their
signatures,
and
running
or
exporting
pods.
It
also
offered
optional
integration
with
Kubernetes
via
a
separate
runtime
interface
called
rktlet,
allowing
Kubernetes
clusters
to
use
rkt
as
a
container
runtime.
ACI
format
through
docker2aci;
support
for
OCI
or
Docker-native
images
was
limited
and
not
its
primary
path.
The
design
emphasized
security,
including
the
management
of
trusted
keys
and
image
signatures
locally
or
remotely.
After
Red
Hat
acquired
CoreOS,
the
project
shifted
away
from
active
development,
and
in
2020
the
rkt
project
was
archived,
with
the
ecosystem
broadly
recommending
migration
to
OCI-compliant
runtimes.
The
project
remains
of
historical
interest
as
an
early
attempt
to
create
a
secure,
standards-driven
container
runtime
separate
from
Docker.