10

Can I use CoreOS rkt, or some related tool, to run my Docker-Compose project?

And / or is there some way to convert a Docker-Compose project to something similar, for CoreOS and rkt?

My Docker-Compose project works fine on localhost and on the production servers. But I think I like CoreOS' and rkt's security model better — then I wouldn't have to run the containers with, in effect, root privileges, on my development machine (right?).

Here seems to be docs about how to run a single Docker container with rkt: https://coreos.com/rkt/docs/latest/running-docker-images.html — but I want Docker-Compose like functionality, not just a single container.

(I currently use an Ubuntu based Linux distro.)

KajMagnus
  • 11,308
  • 15
  • 79
  • 127
  • 1
    I'm also interested in this. There seems to be https://github.com/jfusterm/compose2fleet which I haven't had time to try. Alternatively you could set up something like Kubernetes, but that seems overkill to me. – StackExchange saddens dancek Sep 17 '16 at 07:32
  • @dancek compose2fleet sounds interesting, could be what I'm hoping for. — And as of right now I too don't have time to test it :- P but later – KajMagnus Sep 17 '16 at 20:05
  • 1
    Here's a way to transform a Docker Compose application into Kubernetes manifests: http://blog.kubernetes.io/2016/11/kompose-tool-go-from-docker-compose-to-kubernetes.html. Kubernetes can run CoreOS + rkt. Feels a little bit complicated to add Kubernetes too though. – KajMagnus Nov 27 '16 at 10:45

1 Answers1

2

rkt-compose is a lightweight alternative to kubernetes and compose2fleet. rkt-compose supports a subset of the docker-compose file syntax and runs all services of a docker-compose file within a single pod in a wrapped rkt process without dependencies to other tools than rkt and docker (for build). To support service discovery and health checks Consul integration can be enabled optionally.

I have tested the current rkt-compose v0.1.0 release successfully against several of my old docker-compose projects.

Disclosure: I have developed rkt-compose while playing around with rkt and to learn golang.

Security annotation: As in docker rkt containers must also run as root. Running containers as unprivileged user is not supported. I am currently investigating runc: It is also shipped with CoreOS and in its current master state it allows you to truely run a container as unprivileged user with some workarounds and limitations but you still cannot run docker-compose files directly on it.

mxg
  • 111
  • 7
  • Ok, this looks interesting. (I won't mark it as the accepted answer as of now because seems it's not-yet-documented and still under development, right.) Hmm I didn't totally understand: does it use `docker-compose.yml` directly, or does it convert that file into a Kubernetes config file and use the Kubernetes file instead? and afterwards one would edit the Kubernetes file? (both approaches are fine from my point of view) – KajMagnus Jun 09 '17 at 02:30
  • Updated my answer: It runs docker-compose.yml files directly and has no dependency to Kubernetes. I finally documented the project and created a release. Feedback is welcome. – mxg Jun 11 '17 at 20:21