Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Software Circus Meetup: How to replace your eng...

Andy Randall
October 21, 2020
Technology
0
110

Software Circus Meetup: How to replace your engines mid-flight while maintaining a steady cruising altitude, or: how I learned to stop worrying and love Flatcar Container Linux

Installing Linux on a new PC isn’t that hard, right? How about replacing the operating system across a fleet of thousands of virtual machines across multiple clouds, and on-premises installations with major global enterprise customers relying on you to keep their infrastructure running 24x7? This was the challenge that faced Giant Swarm as they realized CoreOS Container Linux, on which their managed Kubernetes service was based, had been declared end of life — and decided to migrate to Flatcar Container Linux, with the help of Kinvolk. In this talk, we will explain the process Giant Swarm followed to decide on their migration strategy, the challenges of implementing it, and the lessons learned from the process.

Andy Randall

October 21, 2020
Tweet

More Decks by Andy Randall

See All by Andy Randall
Reinventing Container Linux for the Wasm Era (and More) with System Extensions
ahrkrak
0
45
Now we're all Cloud Natives, what's next?
ahrkrak
2
260
56 dog years as a cloud native
ahrkrak
0
100
Hitching a ride on a flatcar: a community project update
ahrkrak
0
73
Business of Open Source: Oxymoron or Opportunity?
ahrkrak
0
25
Taking the Work out of Network Policy
ahrkrak
0
27
Beyond the buzzword: BPF's unexpected role in Kubernetes
ahrkrak
1
850
Unmask the ghouls that lurk in your cluster
ahrkrak
0
68
CoreOS Through the Looking Glass - Software Circus 2020
ahrkrak
0
80

Other Decks in Technology

See All in Technology
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
290
SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~
takumiogawa
1
130
Can We Measure Developer Productivity?
ewolff
1
150
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
フルカイテン株式会社 採用資料
fullkaiten
0
40k
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
TypeScript、上達の瞬間
sadnessojisan
46
13k
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
1
210
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
200

Featured

See All Featured
KATA
mclloyd
29
14k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
The Pragmatic Product Professional
lauravandoore
31
6.3k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
Producing Creativity
orderedlist
PRO
341
39k
Thoughts on Productivity
jonyablonski
67
4.3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k

Transcript

  1. @andrew_randall @kinvolkio @salvo_mazzy @giantswarm How to replace your engines mid-flight

    while maintaining a steady cruising altitude or: how I learned to stop worrying and love Flatcar Container Linux Software Circus Meetup 21 October 2020

  2. andy randall business development @ salvatore mazzarino site reliability engineer

    @ @andrew_randall @kinvolkio @salvo_mazzy @giantswarm Berlin Prague

  3. Who is Kinvolk berlin hq with globally distributed team community

    all systems go!, cloud-native rejekts, o4b, community days, … independent founded 2015, no external investors open source linux, kubernetes, oss consulting @your_twitter_handle

  4. “Secure the Internet” (2013) @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  5. automated, streamlined updates operational simplicity for management at scale easily

    apply all latest security patches rollback partition co-ordinated with k8s control plane (update operator) minimal distribution required for containers reduced dependencies less software to manage reduced attack surface area repeatable deployment without per-host scripting Why use a Container Linux? immutable file system operational simplicity for management at scale removes entire category of security threats - e.g. runc vulnerability cve-2019-5736* * See kinvolk.io/blog/2019/02/runc-breakout-vulnerability-mitigated-on-flatcar-linux @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  6. Gentoo ChromeOS CoreOS Container Linux minimal set of packages update

    mechanism @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  7. @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  8. None

  9. Gentoo ChromeOS CoreOS Container Linux minimal set of packages update

    mechanism Flatcar Container Linux @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  10. flatcar /ˈflatkɑː/ noun a railway freight wagon without a roof

    or sides, often used to transport shipping containers as part of intermodal freight shipping

  11. Taking Container Linux Forward continuous updates kernel → 5.4 (stable),

    5.8 (alpha) 25 releases since coreos eol 56 component packages updated focus on security 145 security vulnerabilities (CVEs) fixed Joined Linux Kernel Security Team open source update server created and open sourced update server (previously proprietary coreos offering) ambitious roadmap telemetry services, broader platform support, security/regulatory certifications, … NEW: flatcar pro for cloud optimized for microsoft azure (initially) with azure tuned kernel includes enterprise support @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  12. Embraced by the community supported wherever you deploy containers fast-growing

    installed base trusted by leading global enterprises

  13. “Flatcar Container Linux imho is the best distro for k8s

    clusters atm” – Darren Shepherd Co-founder / CTO, Rancher Labs

  14. What does Giant Swarm do? - 200+ clusters created &

    lifecycle managed by us - AWS / Azure / KVM (+ AWS China) - Many large clusters - Production ready (24/7 monitoring, day 2 ops, …)

  15. Glossary - Control Plane: Kubernetes cluster running Giant Swarm services

    - Provider: Third-party service (public cloud or on-premises) providing low-level primitives such as Virtualization, Networking, Data Storage - Tenant Cluster: On-demand Kubernetes cluster created by Giant Swarm’s customers running customers’ workloads

  16. Time to catch a new train Immutable infrastructure is an

    important part of making a container platform scalable and reliable. So having a really small OS, was and it is still important. Timo Derstappen CTO @Giant Swarm https://bit.ly/3lUnlSi

  17. Providers Amazon Web Services • 7 regions • 150+ clusters

    • 1700+ VMs Microsoft Azure • 2 regions • 30+ clusters • 200+ VMs KVM • 4 Enterprise Data Centers • 12+ clusters • 300+ VMs CoreOS Container Linux CoreOS Container Linux CoreOS Container Linux

  18. Platforms

  19. Amazon Web Services - AWS EC2 - AMIs provided by

    Kinvolk - AWS China - Smooth and Easy * * https://bit.ly/3kgifPN

  20. Microsoft Azure - Azure VM Scale Set - Publisher changed

    - Automation powers - More steps involved

  21. KVM - PXE Boot for Control Planes - QEMU Images

    for Tenant Clusters - Kernel params changes

  22. { "ignition": { "version": "2.2.0" }, "storage": { "disks": [

    ... ], "filesystems": [ ... ] }, "systemd": { "units": [ ... ] } } Ignition

  23. Customers - Same OS - Security ‍♀ - Release process

  24. Today

  25. Today

  26. Sponsorship

  27. What’s next? - Releases Conformance tests - New Hypervisors testing

    (Firecracker) - Virt improvements (kernel 5.4+) - Built-in Wireguard support

  28. Questions?