Microsoft is not just a Windows company. He now runs several Linux distributions along with his own operating systems. It’s important to remember that these aren’t general-purpose Linux like Ubuntu or Red Hat. Instead, they focus on specific applications: SoNIC for cloud-based network hardware, SphereOS for secure industrial hardware for the Internet of Things, and CBL-Mariner as host for its Azure Stack endpoints and part of its Windows for Linux subsystem.
Microsoft bought it a year ago The German Linux provider Kinvolk to support the use of containers in Azure, especially on cloud platforms such as Kubernetes. Kinwalk is home to the popular container-optimized Linux Flatcar, as well as the Linux-based secure platform Kubernetes, Lokomotive. Kinvolk took the plunge to create a container-ready version of Linux after Red Hat bought CoreOS and merged its Fedora stack, reducing its performance for platforms such as Kubernetes.
[ Also on InfoWorld: No one wants to manage Kubernetes anymore ]
Add Kinvolk to Microsoft and Azure
When buying a Kinvolk, Microsoft noted its importance to Azure and is committed to supporting the Flatcar Community Development Project, intending to learn from how the Kinvolk team works. It is interesting to hear how Microsoft says it wants to learn how to do well open source, as it is clear that the company is making a big transition to open source methods. He may never use Windows or Office open source, but he uses open source as a way to build and manage his newer tools and platforms.
It is clear that Microsoft initially saw Flatcar as a replacement for Azure’s CoreOS. A year before the acquisition, he advised customers to migrate to Flatcar before the May 2020 CoreOS expiration date. The migration was a matter of changing your Azure deployment images in your Kubernetes or container repository. as an alternative, CoreOS systems can be switched to Flatcar using a simple script to download and run the update tools. This will allow existing nodes to continue to operate without full redistribution. With a new OS running, you can take the time to build and test new images before relocating your container environment.
What is Flatcar Container Linux?
If you haven’t watched Flatcar, this is a minimal Linux distribution designed to manage containers and nothing else. Flatcar is based on many of the basic concepts in cloud application development, providing a seamless infrastructure that evolves with each new compilation of your code. You don’t want your operating system to change under your application, even if it only hosts the containers of your applications, so Flatcar was configured before deploying a read-only system partition. It can be configured to automatically update security fixes, although you may prefer to make updates part of the build and deployment process. Kinvolk provides tools to manage the update process by managing which instances can be updated, when updates can be run, and how often they need to be applied.
Having a minimal Linux with a locked file system running in the cloud makes a lot of sense. Azure requires a split between tenants running the same hardware, but having a fixed container host significantly reduces security risks by keeping the attack area small and ensuring that many attack classes will not run on your container host.
You can find Flatcar in Azure Marketplace with versions for three different update channels: stable, beta and alpha. Most manufacturing systems must use a stable channel, with beta and alpha recommended for testing and development. You may prefer to run Beta and Alpha on your own internal systems directly from Kinvolk rather than Azure Marketplace.
Getting started with Azure’s Flatcar
Kinvolk provides Azure CLI scripts to install Flatcar. You can select the version by specifying the SKU and the version before creating the URN for the image to be installed. This takes shape
productname:channel:version. Kinvolk supports Generation 1 and Generation 2 hypervisor images, with Generation 1 being the default. If you want to use Generation 2, add
-gen2 to the channel name in the SKU and URN sections of the installation scripts.
Alternatively, you can Download the selected Flatcar image directly for Azureby placing it in an Azure storage account. Kinvolk provides a script that requires a resource group name and a storage account. In practice, however, using the Azure Marketplace is the best option, as the Flatcar image is already in Azure and you will not incur any storage costs.
Although AKS (Azure Kubernetes Service) uses Ubuntu as its operating system, you can still take advantage of Azure’s Flatcar by using your own Kubernetes installation or Azure version of the Cluster API provider to launch your own managed instance of Kubernetes. There are instructions for using the AKS Engine on the Kinvolk website, and although it is possible to use the standalone version of AKS, it is obsolete and no longer updated.
Configure and run Flatcar
After installing a Flatcar image, you will need to configure it with a tool called Ignition, which injects a JSON configuration file into the Flatcar user land before the first boot. Once loaded, the Flatcar read-only file system means you can’t make changes. Configuration files are saved using YAML, creating a Linux Config Container. This sets up the basic configuration of the container host, defines which service containers it loads, how they run, and how the host responds to a container failure. For example, you can reload the most recent container images at startup, remove old versions, stop clean at shutdown, and restart failed containers after a certain amount of time.
Kinvolk provides a tool for translating CLC YAML into JSON for use with Ignition. Once JSON is created, it can be inserted into Flatcar using the Azure CLI as custom data when setting up your container. Azure CLI can add users and SSH keys to images if you need to log in to them for development and debugging purposes. Production copies will not need this, as it adds security risks.
The team recommends flatcar VM testing on a developer machine before going into production. Although you can use Hyper-V, most of the documentation uses open source QEMU, so you may prefer to test on a Linux system. This approach allows you to use Kinvolk’s own test images by installing the Ignition JSON file on startup. If you are experimenting with different containers and configurations, simply delete the VM each time you make a change and use another copy of the Flatcar image.
Flatcar is not just for Azure. Works on all major public clouds, as well as end and private clouds. Because the same configuration files work on all systems, Flatcar makes an interesting option for hybrid cloud and peripheral deployments, where you can develop workloads once and deliver them to multiple targets with minimal changes. There is also support for tools like Terraform, so you can make Flatcar part of a platform as an infrastructure like code, separating host management into container containers from applications.
In the last few years, Microsoft has learned a lot about managing open source acquisitions. Like Deis Labs, Kinvolk remains an almost independent organization. This allows him to continue to maintain his open source community and to build and conduct his own experiments. Meanwhile, Microsoft can use the lessons from Flatcar as it expands its internal Linux offerings and adds more open source projects to its portfolio. At the same time, cloud application developers can continue to use a familiar container host with the peace of mind that comes from a committed supporter with deep pockets.
Copyright © 2022 IDG Communications, Inc.