Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Software Circus Meetup: How to replace your eng...

Andy Randall
October 21, 2020
Technology
0
110

Software Circus Meetup: How to replace your engines mid-flight while maintaining a steady cruising altitude, or: how I learned to stop worrying and love Flatcar Container Linux

Installing Linux on a new PC isn’t that hard, right? How about replacing the operating system across a fleet of thousands of virtual machines across multiple clouds, and on-premises installations with major global enterprise customers relying on you to keep their infrastructure running 24x7? This was the challenge that faced Giant Swarm as they realized CoreOS Container Linux, on which their managed Kubernetes service was based, had been declared end of life — and decided to migrate to Flatcar Container Linux, with the help of Kinvolk. In this talk, we will explain the process Giant Swarm followed to decide on their migration strategy, the challenges of implementing it, and the lessons learned from the process.

Andy Randall

October 21, 2020
Tweet

More Decks by Andy Randall

See All by Andy Randall
Reinventing Container Linux for the Wasm Era (and More) with System Extensions
ahrkrak
0
42
Now we're all Cloud Natives, what's next?
ahrkrak
2
260
56 dog years as a cloud native
ahrkrak
0
93
Hitching a ride on a flatcar: a community project update
ahrkrak
0
73
Business of Open Source: Oxymoron or Opportunity?
ahrkrak
0
24
Taking the Work out of Network Policy
ahrkrak
0
27
Beyond the buzzword: BPF's unexpected role in Kubernetes
ahrkrak
1
850
Unmask the ghouls that lurk in your cluster
ahrkrak
0
68
CoreOS Through the Looking Glass - Software Circus 2020
ahrkrak
0
79

Other Decks in Technology

See All in Technology
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
Amazon FSx for NetApp ONTAPを利用するにあたっての要件整理と設計のポイント
non97
1
160
Shift-from-React-to-Vue
calm1205
3
1.3k
[JAWS-UG金沢支部×コンテナ支部合同企画]コンテナとは何か
furuton
3
260
pandasはPolarsに性能面で追いつき追い越せるのか
vaaaaanquish
4
4.7k
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
120
Autify Company Deck
autifyhq
1
39k
VPC間の接続方法を整理してみた #自治体クラウド勉強会
non97
1
870
omakaseしないための.rubocop.yml のつくりかた / How to Build Your .rubocop.yml to Avoid Omakase #kaigionrails
linkers_tech
3
740
事業者間調整の行間を読む 調整の具体事例
sugiim
0
1.5k
小規模に始めるデータメッシュとデータガバナンスの実践
kimujun
3
590
バクラクにおける可観測性向上の取り組み
yuu26
3
420

Featured

See All Featured
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Measuring & Analyzing Core Web Vitals
bluesmoon
1
41
Learning to Love Humans: Emotional Interface Design
aarron
272
40k
A Tale of Four Properties
chriscoyier
156
23k
Navigating Team Friction
lara
183
14k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
290
Six Lessons from altMBA
skipperchong
26
3.5k
A Philosophy of Restraint
colly
203
16k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.6k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k

Transcript

  1. @andrew_randall @kinvolkio @salvo_mazzy @giantswarm How to replace your engines mid-flight

    while maintaining a steady cruising altitude or: how I learned to stop worrying and love Flatcar Container Linux Software Circus Meetup 21 October 2020

  2. andy randall business development @ salvatore mazzarino site reliability engineer

    @ @andrew_randall @kinvolkio @salvo_mazzy @giantswarm Berlin Prague

  3. Who is Kinvolk berlin hq with globally distributed team community

    all systems go!, cloud-native rejekts, o4b, community days, … independent founded 2015, no external investors open source linux, kubernetes, oss consulting @your_twitter_handle

  4. “Secure the Internet” (2013) @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  5. automated, streamlined updates operational simplicity for management at scale easily

    apply all latest security patches rollback partition co-ordinated with k8s control plane (update operator) minimal distribution required for containers reduced dependencies less software to manage reduced attack surface area repeatable deployment without per-host scripting Why use a Container Linux? immutable file system operational simplicity for management at scale removes entire category of security threats - e.g. runc vulnerability cve-2019-5736* * See kinvolk.io/blog/2019/02/runc-breakout-vulnerability-mitigated-on-flatcar-linux @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  6. Gentoo ChromeOS CoreOS Container Linux minimal set of packages update

    mechanism @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  7. @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  8. None

  9. Gentoo ChromeOS CoreOS Container Linux minimal set of packages update

    mechanism Flatcar Container Linux @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  10. flatcar /ˈflatkɑː/ noun a railway freight wagon without a roof

    or sides, often used to transport shipping containers as part of intermodal freight shipping

  11. Taking Container Linux Forward continuous updates kernel → 5.4 (stable),

    5.8 (alpha) 25 releases since coreos eol 56 component packages updated focus on security 145 security vulnerabilities (CVEs) fixed Joined Linux Kernel Security Team open source update server created and open sourced update server (previously proprietary coreos offering) ambitious roadmap telemetry services, broader platform support, security/regulatory certifications, … NEW: flatcar pro for cloud optimized for microsoft azure (initially) with azure tuned kernel includes enterprise support @andrew_randall @kinvolkio @salvo_mazzy @giantswarm

  12. Embraced by the community supported wherever you deploy containers fast-growing

    installed base trusted by leading global enterprises

  13. “Flatcar Container Linux imho is the best distro for k8s

    clusters atm” – Darren Shepherd Co-founder / CTO, Rancher Labs

  14. What does Giant Swarm do? - 200+ clusters created &

    lifecycle managed by us - AWS / Azure / KVM (+ AWS China) - Many large clusters - Production ready (24/7 monitoring, day 2 ops, …)

  15. Glossary - Control Plane: Kubernetes cluster running Giant Swarm services

    - Provider: Third-party service (public cloud or on-premises) providing low-level primitives such as Virtualization, Networking, Data Storage - Tenant Cluster: On-demand Kubernetes cluster created by Giant Swarm’s customers running customers’ workloads

  16. Time to catch a new train Immutable infrastructure is an

    important part of making a container platform scalable and reliable. So having a really small OS, was and it is still important. Timo Derstappen CTO @Giant Swarm https://bit.ly/3lUnlSi

  17. Providers Amazon Web Services • 7 regions • 150+ clusters

    • 1700+ VMs Microsoft Azure • 2 regions • 30+ clusters • 200+ VMs KVM • 4 Enterprise Data Centers • 12+ clusters • 300+ VMs CoreOS Container Linux CoreOS Container Linux CoreOS Container Linux

  18. Platforms

  19. Amazon Web Services - AWS EC2 - AMIs provided by

    Kinvolk - AWS China - Smooth and Easy * * https://bit.ly/3kgifPN

  20. Microsoft Azure - Azure VM Scale Set - Publisher changed

    - Automation powers - More steps involved

  21. KVM - PXE Boot for Control Planes - QEMU Images

    for Tenant Clusters - Kernel params changes

  22. { "ignition": { "version": "2.2.0" }, "storage": { "disks": [

    ... ], "filesystems": [ ... ] }, "systemd": { "units": [ ... ] } } Ignition

  23. Customers - Same OS - Security ‍♀ - Release process

  24. Today

  25. Today

  26. Sponsorship

  27. What’s next? - Releases Conformance tests - New Hypervisors testing

    (Firecracker) - Virt improvements (kernel 5.4+) - Built-in Wireguard support

  28. Questions?