rkt (pronounced like a “rocket”) is a CLI for running application containers on Linux. rkt is designed to be secure, composable, and standards-based.
Some of rkt’s key features and goals include:
Pod-native: rkt’s basic unit of execution is a pod, linking together resources and user applications in a self-contained environment.
Security: rkt is developed with a principle of “secure-by-default”, and includes a number of important security features like support for SELinux, TPM measurement, and running app containers in hardware-isolated VMs.
Composability: rkt is designed for first-class integration with init systems (like systemd, upstart) and cluster orchestration tools (like Kubernetes and Nomad), and supports swappable execution engines.
Open standards and compatibility: rkt implements the appc specification, supports the Container Networking Interface specification, and can run Docker images and OCI images. Broader native support for OCI images and runtimes is in development.