正在制定中的AppC容器规范设计目标包括:
- 组件式工具:用于下载、部署和运行虚拟容器环境的操作工具应该相互独立、互不依赖且可被替换。
- 镜像安全性:镜像在因特网下载传输时应当使用加密协议,容器工具应当内置验证机制,以拒绝不安全来源的镜像。
- 操作去中心化:镜像分发应该支持可扩展的传输协议,未来允许引入P2P,甚至BitTorrent协议来提升镜像分发效率,且容器使用前不应需要登录特定的镜像仓库。
- 开放性标准:容器镜像的格式与元数据定义应该由社区设立统一协商制定,使得符合这一规范的不同容器产品能够共享镜像文件。
rkt (pronounced "rock-it") is a CLI for running app containers on Linux. rkt is designed to be secure, composable, and standards-based.
Some of rkt's key features and goals include:
- Security: rkt is developed with a principle of "secure-by-default", and includes a number of important security features like support for , , and running app containers in .
- Composability: rkt is designed for first-class integration with init systems (, upstart) and cluster orchestration tools (fleet, , ), and supports .
- Open standards and compatibility: rkt implements the , supports the , and can also run .
For more on the background and motivation behind rkt, read the original .
FreeBSD平台基于jails/ZFS
Jetpack
Jetpack is an experimental and incomplete implementation of the for FreeBSD. It uses jails as isolation mechanism, and ZFS for layered storage.
This document uses some language used in , the reference implementation of the App Container Specification. While the documentation will be expanded in the future, currently you need to be familiar at least with Rocket's README to understand everything.
Nose Cone
Overview
Nose Cone is a C++ implementation that uses the App Container library.