Red Hat CoreOS: OS as a Kubernetes component

Devconf.cz 2019

Colin Walters, Red Hat, Inc.

keybase.io/walters | walters@{redhat.com,verbum.org}

1 year ago...

Red Hat acquires CoreOS

Why

Software is pervasive

Proprietary software cedes control

FOSS as counterbalance

Why OpenShift

Kubernetes as cloud abstraction and portability to on premise

Avoid proprietary cloud service lock-in

Apps at registry.redhat.io

It begins with the OS

Red Hat Enterprise Linux

But containers changed that...

CoreOS(Container Linux), Atomic Host

Tectonic and OpenShift

Tectonic: operator-focused design, self-hosting cluster

OpenShift 3: developer extensions, Ansible installer

🆕 Red Hat CoreOS is DNA from RHEL+CoreOS+Atomic

Derivation of Fedora CoreOS

Foundation for Tectonic → 🆕 OpenShift 4

RHEL content

Tech pillars: Ignition, rpm-ostree

Has an operator: machine-config-operator

Lifecycle bound with OpenShift

Why Ignition

Runs in initramfs on first boot; replaces Kickstart and cloud-init

Lay down systemd units, config files

Runs exactly one or zero times

But the machine-config-operator extends this

P.S. Ignition runs in SELinux enforcing mode now

Why rpm-ostree

Transactional background updates

Better in various ways than dual partition; well tested, proven tech

(But didn't make the leap to automatic updates by default; see also locksmith/CLUO)

operating system like a container image, Ignition like a ConfigMap, /var like a PersistentVolume

But introducing the "oscontainer": ostree-in-container

Embedding of ostree repo in container (combine existing tech)

operator+OS understand how to extract and apply

Solves real-world mirroring issues

Why not make the OS a container? Not worth it

Lifecycle bound with OpenShift

Primary entrypoint to RHCOS is installer

oscontainer part of OpenShift release payload

kubelet part of host (also CRI-O only)

Not investing more in system containers/torcx etc.

More on installer

Bootstrap node to self-hosting control plane

Generates Ignition

For bare metal, RHCOS will follow Container Linux: dd to disk

machine-config-operator (RHCOS operator)

New codebase inspired by Tectonic, designed for RHCOS

4 components: operator, controller, (ignition-)server, daemon

MachineConfig object is Ignition

MachineConfigPool is the rollout of a MC for a machine type

SSH keys, kubelet config (and soon CRI-O config)

And OS updates via rpm-ostree + oscontainers

Example: MCO and SSH keys

Installer configuration injected as `oc get -n kube-system configmap/cluster-config-v1`

You can create a MachineConfig that overrides that set

Gets incrementally rolled out

Demos

scale-machineset-ignition

mco-overview

mco-add-a-file

mco-oscontainer

But wait, there's more

Fedora CoreOS

And coreos-assembler

In summary

Red Hat CoreOS is an operator-managed OS for OpenShift 4

You can get it from https://try.openshift.com