coreos: the inside and outside of linux containers
TRANSCRIPT
![Page 1: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/1.jpg)
Ramit Surana
@ramitsurana
/in/ramitsurana
![Page 2: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/2.jpg)
Agenda
• What is CoreOS
• Introducing CoreOS as OS
• Introduction to etcd
• Use of Containers with etcd
• Raft Algorithm
• Service Discovery
• Cluster Management
• Securing etcd
• Container project by rkt
• Using CoreOS with Kubernetes
and much more ............
![Page 3: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/3.jpg)
Who am I ?
• Open Source Tech Enthusiastic .
• Foodie,Traveler,Explorer.
• Join me Here :
Email:[email protected]
Twitter: @ramitsurana
Linkedin: /in/ramitsurana
Github:ramitsurana
![Page 4: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/4.jpg)
What is CoreOS?
• OS made up specifically for using Linux containers.
• CoreOS is made up of a number of components.
• CoreOS is open source and hackable.
• CoreOS doesn't ship a package manager - any software you would like to use must run within a container.
![Page 5: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/5.jpg)
CoreOS as Operating System
• It is a minimal Linux distribution.
• Designed totally for security, consistency, and reliability.
• CoreOS runs on almost any platform, including Vagrant, Amazon EC2, QEMU/KVM, VMware and OpenStack and your own hardware.
![Page 6: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/6.jpg)
Why CoreOS is a HIT ......
![Page 7: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/7.jpg)
What is etcd?
• Consensus and Discovery Service.
• Consisted Highly Available key/value store.
• Designed for understandability and simplicity.
• Applications can read and write data into etcd.
• A simple use-case is to store database connection details or feature flags in etcd as key value pairs.
![Page 8: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/8.jpg)
Architecture
![Page 9: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/9.jpg)
Use of Docker with etcd
• Docker containers can read, write and listen to etcd over the docker0 network interface.
• Sidekicks will be scheduled by fleet onto the same machine as the main unit.
![Page 10: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/10.jpg)
Raft Algorithm
• Raft is protocol for implementing distributed Consensus.
• Consensus Algorithm similar to Paxos.
• Built using go-raft library.
• Consists of 3 Roles :
- The Leader
- The Follower
- The Candidate
Raft ConsensusAlgorithm
![Page 11: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/11.jpg)
Raft Algorithm (contd.)
• Consensus is a fundamental problem in fault-tolerant distributed systems. Consensus involves multiple servers agreeing on values.
• Each server has a state machine and a log.
• State machine is the component that we want to make fault-tolerant, such as a hash table.
• Consensus algorithm is used to agree on the commands in the servers' logs.
![Page 12: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/12.jpg)
Raft Algorithm (contd.)
![Page 13: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/13.jpg)
Service Discovery
• A free service to help connect etcd instances together by storing a list of peer addresses, metadata and the initial size of the cluster under a unique address, known as the discovery URL.
![Page 14: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/14.jpg)
Cluster Management
• By utilizing fleet, without having to worry about the individual machines each container is running on
• If a machine fails or needs to be updated, containers running on that machine will be moved to other qualified machines in the cluster.
![Page 15: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/15.jpg)
Securing etcd
• Supports SSL/TLS as well as authentication through client certificates.
• The etcd should not be exposed outside of the CoreOS cluster.
• Communication within the cluster can be secured with client certificates.
![Page 16: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/16.jpg)
Flannel
• It is a virtual network that gives a subnet to each host for use with container runtimes.
• Advantage of this model is that it reduces the complexity of doing port mapping.
• Flannel uses etcd to store the network configuration, allocated subnets, and auxiliary data (such as host's IP).
![Page 17: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/17.jpg)
Flannel Architecture
![Page 18: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/18.jpg)
Zookeeper vs etcd
• Pros -
- Used by ebay,yahoo etc.
- Lots of client bindings, tools, API …
• Cons -
- Complex
- Java
• Pros -
- Easy to deploy, setup and use
- Encryption and authentication by private keys.
- Planned ACL implementation
• Cons -
- Very young project as compared to zookeeper
![Page 19: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/19.jpg)
Fleet
• It ties together systemd and etcd into a simple distributed init system.
• Fleet is oriented around systemd units and is not a container manager or orchestration system.
• Fleet supports very basic scheduling of systemd units in a cluster.
![Page 20: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/20.jpg)
How Fleet works...
![Page 21: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/21.jpg)
Rkt
• rkt (pronounced as "rock-it") is a CLI for running app containers on Linux.
• New open source container initiative built by CoreOS.
• It was built by CoreOS because of a minor conflict between Docker and CoreOS guys.
![Page 22: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/22.jpg)
Why Rkt started ?
![Page 23: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/23.jpg)
Solving the final puzzle
![Page 24: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/24.jpg)
Tectonic
• In simple terms:
Kubernetes + CoreOS platform for Businesses.
• Deploy, manage, and secure your containers anywhere.
• Tectonic pre-packages all of the open source components required to build a Google-style infrastructure.
![Page 25: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/25.jpg)
Using CoreOS with Kubernetes
• The Best option available in the market for implementing Kubernetes over a secure and fast OS.
• Many of the CoreOS products such as etcd,fleet is natively used by kubernetes to work.
![Page 26: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/26.jpg)
Introducing Clair
• container vulnerability analysis service
• It provides a list of vulnerabilities that threaten a container, and can notify users when new vulnerabilities that affect existing containers.
• Clair analyzes each container layer once, and does not execute the container to perform its examination.
• Clair currently supports three operating systems and their package managers,Debian (dpkg), Ubuntu (dpkg), CentOS (rpm).
![Page 27: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/27.jpg)
How Clair Works …..
![Page 28: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/28.jpg)
Fast Patch
• An active-passive root partition scheme.
• Reliable update of the CoreOS via a continuous stream of updates.
• Instead of updating a single package at a time, CoreOS downloads an entirely new root filesystem and installs it to the passive partition.
• Using system update the update can be rolled back.
• The managed Linux customers have access to an additional tool, CoreUpdate, a hosted dashboard that allows for full control over access and downloading of updates.
![Page 29: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/29.jpg)
Please Contribute !!
https://github.com/coreos
![Page 30: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/30.jpg)
Customers
![Page 31: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/31.jpg)
Questions ?
![Page 32: CoreOS: The Inside and Outside of Linux Containers](https://reader034.vdocument.in/reader034/viewer/2022050613/587604d51a28ab4a508b6601/html5/thumbnails/32.jpg)
Like it, Share it !
Do Try these awesome Cookies !!