Containers

Boot2container: An initramfs for reproducible infrastructures

Who needs host OSes for containers anyway?
D.containers
Martin Roukala
<p>Fed up with managing your host OS for your docker environment? Try booting your containers directly from a light-weight initramfs! Flash a USB pendrive with the kernel and initramfs, or netboot it locally or from the internet, configure it from the kernel command line. Bonus: It also supports syncing volumes with S3-compatible cloud storages, making provisioning and back-ups a breeze!</p>
Containers have been an effective way to share reproducible environments for services, CI pipelines, or even user applications. In the high availability world, orchestration can then be used to run multiple instances of the same service. However, if your goal is to run these containers on your local machines, you would first need to provision them with an operating system capable of connecting to the internet, and then downloading, extracting, and running the containers. This operating system would then need to be kept up to date across all your machines which is error-prone and can lead to subtle differences in the run environment which may impact your services. In order to lower this maintenance cost and improve the reproducibility of the run environment, it would be best if we could drop this Operating System and directly boot the containers you want to run. With newer versions of podman, it is even painless to run systemd as the entrypoint, so why not create an initramfs that would perform the simple duty of connecting to the internet, and download a "root" container which can be shared between all the machines? If the size could be kept reasonable, both the kernel and initramfs could then be downloaded at boot time via iPXE either locally via PXE or from the internet. This is with this line of reasoning that we started working on a new project called boot2container which would receive its configuration via the kernel command line and construct a pipeline of containers. Additionally, we added support for volumes, optionally synced with any S3-compatible cloud storages. This project was then used in a bare-metal CI, both for the test machines and the gateways connecting them to the outside world. There, boot2container helps to provide the much-needed reproducibility of the test environment while also making it extremely easy to replicate this infrastructure in multiple locations to maximize availability.

Additional information

Type devroom

More sessions

2/6/22
Containers
Daniel Black
D.containers
<p>A user reports a bug. Its hardware/kernel/data specific. Is it fixed already? How do we get a debug container to the user to use and get meaningful results back?</p>
2/6/22
Containers
Mario Loriedo
D.containers
<p>Red Hat, AWS and JetBrains are working on the Devfile specification. A file format to define container-based development environments. Software development acceleration is the ultimate goal.</p>
2/6/22
Containers
Peter Zaitsev
D.containers
<p>Cloud brought many innovations - one of them is inexpensive, scalable and sometimes secure Distributed Storage options. In this presentation we will talk about distributed storage Options modern clouds offers ranging from elastic block devices and object storage to sophisticated transactional data stores. We will discuss the benefits and new architecture options such distibuted storage systems enable as well as the challenges pitfals you need to be aware about.</p>
2/6/22
Containers
Rafael Fernández López
D.containers
<p>WebAssembly is a portable binary instruction format that was originally created with the browser as the main execution runtime. However, during the last years, WebAssembly is finding its way also outside of the browser because of the many benefits it provides like portability, security and flexibility. We think WebAssembly can be leveraged by Kubernetes in many ways. This short session will focus on how WebAssembly can be used to write Kubernetes admission policies. We will show an open ...
2/6/22
Containers
Viktor Farcic
D.containers
<p>We can enable developers to manage everything yet still be in complete control of the aspects they care about.</p>
2/6/22
Containers
Orlin Vasilev
D.containers
<p><strong>Harbor - The Container Registry 101</strong> Harbor is an open source registry that secures artefacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artefacts across cloud native compute platforms like Kubernetes and Docker.</p> <p><strong> In this talk: </strong><br/> ...
2/6/22
Containers
Thilo Fromm
D.containers
<p>Running an up-to-date and fully patched cluster is a key element in operational security. But keeping your cluster’s OS up to date can be challenging for ops/maintenance, sometimes imposing significant effort just to keep the lights on while at the same time keep the workloads functioning. This talk will briefly introduce the atomic OS update mechanism in Flatcar Container Linux - a minimal Linux distribution optimised for running containers at scale - before elaborating on common patterns ...