Containers

How I learned to stop worrying and love Flatcar’s auto-update

D.containers
Thilo Fromm
<p>Running an up-to-date and fully patched cluster is a key element in operational security. But keeping your cluster’s OS up to date can be challenging for ops/maintenance, sometimes imposing significant effort just to keep the lights on while at the same time keep the workloads functioning. This talk will briefly introduce the atomic OS update mechanism in Flatcar Container Linux - a minimal Linux distribution optimised for running containers at scale - before elaborating on common patterns we recommend and employ to make updating nodes and clusters a low-risk and automatable endeavor.</p>
This talk will discuss common patterns for patching and updating nodes and clusters, focusing on container operating systems with atomic update capabilities – and Flatcar Container Linux in particular. To some extend these patterns and learnings can also be applied to traditional OSes. Target audience are operators and engineers interested in keeping their clusters’ OS updated while running workloads at scale. The advent and widespread use of containers to deploy applications helped a great deal to separate application workloads from the underlying operating system. This separation can be leveraged to make OS updates safe and unintrusive. For the purposes of this talk we will focus on Flatcar Container Linux, though settings, patterns, and components can be generalised to also apply to other distributions. After w brief overview of Flatcar’s update process, we’ll discuss the importance of testing (with a brief excursion into canaries) and dive into a number of common cluster scenarios and how to keep one’s OS fresh in the respective environment.

Additional information

Type devroom

More sessions

2/6/22
Containers
Martin Roukala
D.containers
<p>Fed up with managing your host OS for your docker environment? Try booting your containers directly from a light-weight initramfs! Flash a USB pendrive with the kernel and initramfs, or netboot it locally or from the internet, configure it from the kernel command line. Bonus: It also supports syncing volumes with S3-compatible cloud storages, making provisioning and back-ups a breeze!</p>
2/6/22
Containers
Daniel Black
D.containers
<p>A user reports a bug. Its hardware/kernel/data specific. Is it fixed already? How do we get a debug container to the user to use and get meaningful results back?</p>
2/6/22
Containers
Mario Loriedo
D.containers
<p>Red Hat, AWS and JetBrains are working on the Devfile specification. A file format to define container-based development environments. Software development acceleration is the ultimate goal.</p>
2/6/22
Containers
Peter Zaitsev
D.containers
<p>Cloud brought many innovations - one of them is inexpensive, scalable and sometimes secure Distributed Storage options. In this presentation we will talk about distributed storage Options modern clouds offers ranging from elastic block devices and object storage to sophisticated transactional data stores. We will discuss the benefits and new architecture options such distibuted storage systems enable as well as the challenges pitfals you need to be aware about.</p>
2/6/22
Containers
Rafael Fernández López
D.containers
<p>WebAssembly is a portable binary instruction format that was originally created with the browser as the main execution runtime. However, during the last years, WebAssembly is finding its way also outside of the browser because of the many benefits it provides like portability, security and flexibility. We think WebAssembly can be leveraged by Kubernetes in many ways. This short session will focus on how WebAssembly can be used to write Kubernetes admission policies. We will show an open ...
2/6/22
Containers
Viktor Farcic
D.containers
<p>We can enable developers to manage everything yet still be in complete control of the aspects they care about.</p>
2/6/22
Containers
Orlin Vasilev
D.containers
<p><strong>Harbor - The Container Registry 101</strong> Harbor is an open source registry that secures artefacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artefacts across cloud native compute platforms like Kubernetes and Docker.</p> <p><strong> In this talk: </strong><br/> ...