Apps as Docker containers • Started with read only /, now read only ext4 /usr and btrfs / • etcd, systemd, fleet • Automatic updates (inspired by Omaha project)
in Go, • HTTP API (JSON) • SSL optional, ACLs in the future • TTL support • “Watch” support via HTTP long- polling - no push! • etcdctl client • missing proper benchmark information :-(
on top of systemd • It schedules services across the cluster • fleetd service has 2 components: engine and agent • Service lifecycle: create (submit) -> schedule (load) ->run (start) -> remove (destroy) • fleetctl client
manager \o/ YESSSS! • Dual partition scheme: active (live) and passive (for updates) • Atomic (no partial upgrade!) and automatic (not just available!) • signed and verified • updateservicectl to control and test update service • SSH key auth only BUT sudo without password for core user • No SELinux/AppArmor etc., YET
stable release July 2014 - HUGE POTENTIAL • Extensive docs but some of the concepts are not easy to grasp • Few “??” • Security • Backup and Restore • Networking: flannel, WEAVE • Storage: FLOCKER