April 2019 - openSUSE Kubic - openSUSE Mailing Lists

[opensuse-kubic] Announcing separate openSUSE MicroOS Installation Media

by Richard Brown

Hi all We are now building, testing, and shipping separate MicroOS installation media in addition to the long established Kubic Media You can download it today from https://download.opensuse.org/tumbleweed/iso/openSUSE-MicroOS-DVD-x86_64-Cu… Below are some FAQ's to explain why we're doing this, which will likely be a part of a future MicroOS website/blogpost/marketing. Meanwhile please download, play around, and let us know what you think! Feel free to question/add/comment/correct any of the FAQs also. FAQ === Q: What is openSUSE MicroOS? A: MicroOS is a Tumbleweed based operating system focused on being the perfect "single purpose" operating system. Q: What is meant by "single purpose" Operating System? A: Traditional Operating Systems are designed and implemented with an assumption that they will be deployed on a system that could do multiple tasks at once (eg. Web Server, and Mail Server). The operating system needs to therefore be designed in a particular way that allows the simultaneous running, maintenance, and upgrade of the OS and all the services atop it. This creates complex real world issues, such as ensuring multiple systems running the same OS all act the same way after upgrades, regardless of which services they run. A "single purpose" OS assumes that a single installed system will only be used for one task, with other tasks being handled by either other means or other systems. This could be multiple VMs or physical machines each running a "single purpose" OS, or using some kind of containerisation framework to provide multiple services. Q: What are the benefits of MicroOS for "single purpose" workloads? A: MicroOS is built around the same transactional-update stack long used in Kubic. Transactional Updates are the perfect update mechanism for "single purpose" systems, as they guarantee that the running system never changes, and that any changes that do occur happen in single atomic operations that can trivially be undone. With MicroOS Transactional Updates are automatic by default, patching the whole OS, rebooting and able to rollback without any user interaction. This makes it perfect for systems that need to be deployed, do one job, and keep doing it for a long time even while the OS and service provided are receiving updates for a long period of time. As a Tumbleweed derivative, MicroOS benefits from having all of the software packages available from regular Tumbleweed. This means Q: What system roles can be chosen when installing MicroOS? A: There are currently two system roles in MicroOS "MicroOS" which provides the standard MicroOS runtime environment, with no services installed or configured. "MicroOS Container Host" which adds the Podman so the system is ready and configured to run containers as its "single purpose". If you have any ideas for additional System Roles that should be offered with MicroOS, please reply with your suggestion. Q: What is the difference between MicroOS and Kubic? A: Kubic is now a derivative of MicroOS and identifies itself as such in it's /etc/os-release. Kubic has been and will continue to be focused on Containers and Kubernetes, whereas regular MicroOS is intended to be used for a more diverse range of use cases. The Kubic system role that was formerly called "openSUSE MicroOS" is now renamed "MicroOS Container Host" and is absolutely identical to the "MicroOS Container Host" provided by the MicroOS install media. Q: Will there be official qcow/vmware/vagrant images? A: Yes, absolutely. We would also expect there to be Raspberry Pi images soon as MicroOS should be a perfect fit for many users of that hardware -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org

1 year, 10 months

1
1
0 0

[opensuse-kubic] CNI plugins binary path

by Michal Rostecki

Hi, Recently I'm trying to deploy Cilium on Kubic and to create k8s manifest which is using Kubic container images. Everything is going well except one thing - I'm not sure what to do with cilium-cni binary (a CNI plugin which needs to be visible by kubelet). I assumed that since we use (almost) vanilla Kubernetes with kubeadm, kubelet is going to look for plugins in /opt/cni/bin and that I can just mount that directory, then copy the binary there from the initContainer (or as a part of preStart step). But it seems that kubelet is lookng only at /usr/lib/cni, which is read only and there are only CNI plugins installed from packages. I see two potential solutions: 1. Changing the cni-bin-dir parameter for Kubelet to `/usr/lib/cni,/opt/cni/bin` to support both CNI plugins installed on host and those installed dynamically. 2. Adding cilium-cni package to patterns-containers. What do you think? BTW, I have the manifest here: https://github.com/kubic-project/k8s-manifests/blob/cilium/cilium.yaml It should work if you do `transactional-update pkg install cilium-cni` and restart nodes before. Cheers, Michal -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org

1 year, 10 months

3
8
0 0

[opensuse-kubic] New tool to setup kubernetes on openSUSE Kubic

by Thorsten Kukuk

Hi, As learning exercise for go and gRPC and to kill some time on airports and in planes I started to implement a client/server tool using gRPC in go. While the original idea was to replace a dbus implementation, I had to find out that gRPC was not suiteable for that case so I used it to replace my scripts to setup kubernetes on openSUSE Kubic ;) The result is with kubicd/kubicctl a client/server architecture, using MutualTLS and certificates for authentication and encrypted communication. It has RBAC, so you can define which user can do what based on his certificate. Else you can initialize the control plane of the kubernetes master, add nodes, remove nodes and reboot nodes. You can upgrade the kubernetes cluster (tested from kubernetes 1.13.4 to 1.14) and download the kubeconfig file. Since salt is used to communicate with the nodes, there are the following prerequires: 1. kubicd needs to run on the machine, which should become the kubernetes master 2. salt master needs to run on the same machine 3. all nodes need to be a minion reporting to the salt master. - on the nodes: echo "master: <hostname>" > /etc/salt/minion.d/master.conf systemctl enable --now salt-minion - on the master: salt-key -A to accept the minions kubicd and kubicctl packages are part of the openSUSE Tumbleweed repositories. So after installation of openSUSE Kubic, you can install them with "transactional-update pkg install kubicd" on the master node. We will add them to the openSUSE Kubic media the next days. kubicctl can run on any machine you like, so even on your personal workstation. Test coverage, documentation and error handling could need quite some improvements ;), so feel free to create pull requests and file issues. Any kind of feedback is greatly appreciated! I also hope that we can improve the salt usage and integrate it into installer, so that you don't need to setup salt at your own before. The github project can be found here: https://github.com/thkukuk/kubic-control Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendoerffer, Mary Higgins, Sri Rasiah, HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org

1 year, 10 months

1
0
0 0

[opensuse-kubic] openSUSE Kubic is Certified Kubernetes 1.14

by Richard Brown

Hi all, Just sharing the good news - the CNCF has certified that Kubic 0408 and later are Certified Kubernetes Version 1.14 Thanks to all who helped make it happen - Rich -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org

1 year, 10 months

3
2
0 0

[opensuse-kubic] FYI: patterns-caasp removed from Factory

by Richard Brown

Hi all, I just realised I didn't announce my intention to do this beforehand Patterns-caasp has been removed from Factory, after being replaced by patterns-microos and patterns-containers This is all part of our previously discussed effort to offer MicroOS as separate media in addition to the Kubic media If you were using any patterns-caasp-* pattern packages, you will find them replaced by patterns-microos-* or patterns-containers-* I did also tidy up a bit of a naming. I removed "SUSE" from all the pattern provides references, and replaced all the "-" hyphens from the names with "_" underscores to make specfiles more readable. Functionally though, the new patterns do the same as the old ones, so everything should be 1-1 replaceable with the new patterns. The new patterns should provide/obsolete the old patterns smoothly during upgrades. If you have any references to the old patterns which are now broken, with this information you should be able to find the new equivalents Thanks! - Richard -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org

1 year, 10 months

1
0
0 0

[opensuse-kubic] MicroOS custom image build

by Tardif, Christian

Hi, We're starting to look at MicroOS as the base OS for our Kubernetes stacks. And as we're now using RKE to deploy k8s, we're stuck with Docker right now. Added to this, we have other things to customize in order to ease the OS deployment (mostly targeting, but not limited to bare metal deployment) Two questions here: 1) Can I (I assume yes) leverage kiwi to build a raw image (as our metal deployer requires raw image)? If so, I haven't found how to do it in the available docs 2) Providing that everything is automated and standardized, using cloud-init NoCloud datasource is not an option (as it's unlikely we'll be having a connected unpartitioned disk to hold the cloud-init configuration), and I haven't been able to make the LocalDisk datasource (again, I most probably just haven't the docs required to make it work). Thanks! Christian -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org

1 year, 11 months

4
32
0 0

2021

2020

2019

2018

openSUSE Kubic April 2019