How I learned to stop worrying and love Flatcar’s auto-update
- Track: Containers devroom
- Room: D.containers
- Day: Sunday
- Start: 13:35
- End: 14:05
- Video with Q&A: D.containers
- Video only: D.containers
- Chat: Join the conversation!
Running an up-to-date and fully patched cluster is a key element in operational security. But keeping your cluster’s OS up to date can be challenging for ops/maintenance, sometimes imposing significant effort just to keep the lights on while at the same time keep the workloads functioning. This talk will briefly introduce the atomic OS update mechanism in Flatcar Container Linux - a minimal Linux distribution optimised for running containers at scale - before elaborating on common patterns we recommend and employ to make updating nodes and clusters a low-risk and automatable endeavor.
This talk will discuss common patterns for patching and updating nodes and clusters, focusing on container operating systems with atomic update capabilities – and Flatcar Container Linux in particular. To some extend these patterns and learnings can also be applied to traditional OSes. Target audience are operators and engineers interested in keeping their clusters’ OS updated while running workloads at scale.
The advent and widespread use of containers to deploy applications helped a great deal to separate application workloads from the underlying operating system. This separation can be leveraged to make OS updates safe and unintrusive.
For the purposes of this talk we will focus on Flatcar Container Linux, though settings, patterns, and components can be generalised to also apply to other distributions. After w brief overview of Flatcar’s update process, we’ll discuss the importance of testing (with a brief excursion into canaries) and dive into a number of common cluster scenarios and how to keep one’s OS fresh in the respective environment.
Speakers
Thilo Fromm |