CoreOS’s Linux platform bolsters enterprise Kubernetes
Tectonic, CoreOS’s Linux platform built to run containers, has been revamped to version 1.6.2. Underneath that minor point revision label lie some significant changes.
According to an official CoreOS blog post, this version of Tectonic rolls in the latest version of Kubernetes (1.6.2) to create a CoreOS/Kubernetes combo that’s easier to install in a variety of environments and has better separation of workloads, more robust auditing and logging, and boasts a major change a key underlying Kubernetes technology.
More elastic etcd
That key technology is etcd, the distributed data store used by CoreOS generally and by Kubernetes in particular. With a new experimental feature, CoreOS can manage etcd with CoreOS Operators.
Operators allow applications that are not built to be scaled to run on Kubernetes. They have to be customised to handle a given app, but CoreOS recently created etcd-operator to allow Kubernetes to scale and manage etcd. Thus, as CoreOS’s Brandon Philips put it in a video community meeting, CoreOS can provide good high-quality etcd clusters for Kubernetes’s API server.
This arrangement allows admins to use Kubernetes’s APIs to monitor the state of etcd. It also means key operational parameters for etcd, for instance, the default cluster size, can be administered using the same language and metaphors as any other clustered app, so etcd does not have to be treated as a corner-case application.
Terraform this, audit that
Tectonic and Kubernetes are designed to run in a variety of environments, but natural variations between environments can make deployment a chore.
Automation can help with that, and Tectonic 1.6.2 integrates with HashiCorp’s Terraform infrastructure tool for “scriptable and customisable installations of self-hosted Kubernetes on AWS and bare metal.” Being able to customise deployments to AWS is more important than it might seem; running Kubernetes via Tectonic on AWS is in some senses a substitute for AWS not having native Kubernetes support along the lines of Microsoft Azure or Google Cloud Platform.
Two other enterprise-grade features, RBAC and audit logging, also received a polish this time around. The web console for working with RBACs in Tectonic has been reworked to make it easier to, for example, assign roles across an entire cluster. Audit logging, now enabled in Tectonic, uses the same mechanisms for logging in Tectonic generally—you can use any Fluentd-compatible logging system to aggregate, store, and search the resulting audit logs.
The most recent beta editions of Kubernetes, now found in Tectonic, added several workload separation features, called tolerations, taints, and pod affinity. They let specific workloads to either group together (tolerations, affinity) or be scheduled apart from each other (taints), whether for the sake of performance or security. Kubernetes now uses these features to keep certain internal services from having multiple instances of same scheduled on the same nodes.