CoreOS + Red Hat

Devconf.us 2018

Colin Walters, Red Hat, Inc.

keybase.io/walters | walters@{redhat.com,verbum.org}

Original version - Brandon Phillips and Ben Breard

In case you missed it

  • Docker
  • Container-optimized OSes: CL, Atomic Host
  • Container-assembled: Rancher, LinuxKit etc.
  • Kubernetes + distros: OpenShift, Tectonic

Container Linux and Atomic Host

  • Many architectural alignment points, different implementation
  • OS + base container engine
  • Transactional/image-based updates
  • Extensions (torcx, system containers, pkg layering)

OpenShift/Tectonic layered on top, separate lifecycle

Kubernetes vs host lifecycle issues

  • Kubelet links to engine (docker/cri-o), engine → SELinux → host
  • Kubelet links to storage (Ceph/GlusterFS), Ceph has kernel module
  • RHEL base + Extras (docker) + OCP repos
  • Bootstrapping: system containers, torcx, kubelet static pod, curl into /opt
  • Containerized kubelet: probably deprecated upstream soon

Container Linux, Fedora, RHEL, CentOS

  • Container Linux: single stream ~latest kernel/systemd/etc
  • vs {Fedora,CentOS,RHEL} Atomic Host
  • aside: Compelling to keep host OS up-to-date

Road ahead: Fedora CoreOS and Red Hat CoreOS

  • Red Hat CoreOS: Lifecycle bound and solely for OpenShift (4.0+)
  • Red Hat CoreOS: "orbit" ◌ RHEL (may have newer parts)

Core {Fedora, Red Hat} common OS ingredients

  • Ignition - early boot, at-most-once configuration
  • Automatic updates on by default - backend: rpm-ostree
  • Strong commitment to security, containerization, manageability
  • SELinux enabled enforcing by default
  • Cluster-based management, immutable infrastructure

Active Fedora CoreOS discussion points

Red Hat CoreOS and OpenShift

  • Kubelet part of host, no syscontainers/torcx
  • Next-gen installer (derived from Tectonic)
  • 🎊 Operator-based OS updates 🎉
  • "oscontainer": ostree-in-container, ease of versioning/mirroring
  • Machine Config Operator: Reconcile cluster Ignition
  • podman/CRI-O only

OpenShift 4.0: More opinionated

    Installer bootstraps from high level config + e.g. public cloud infra

    Automated, on-by-default OTA updates

    Operating system works like a Kubernetes component

Red Hat Enterprise Linux (classic) and OpenShift

openshift-ansible

Update operator demo

"Operators are best built by those that are experts in the “business logic” of installing, running and upgrading an application"

Adaptation of CL code to rpm-ostree: performs node draining, reboot coordination (generic Kubernetes)

For Red Hat CoreOS, cluster operator owns OS updates

In summary

CoreOS tech merges with Red Hat

Some things get more complex (Fedora vs RH CoreOS vs "classic" systems...), others much simpler (OpenShift cluster install/mgmt)