CoreOS's Linux platform bolsters enterprise Kubernetes features

Some of the new additions to Tectonic are still in beta, but many unlock enterprise-empowering features from the latest edition of Kubernetes

CoreOS's Linux platform bolsters enterprise Kubernetes features
Credit: Thinkstock

Tectonic, CoreOS's Linux platform built to run containers, was revamped this week to version 1.6.2. Underneath that minor point revision label lie some significant changes.

According to an official CoreOS blog post, this version of Tectonic rolls in the latest version of Kubernetes (1.6.2) to create a CoreOS/Kubernetes combo that's easier to install in a variety of environments and has better separation of workloads, more robust auditing and logging, and boasts a major change a key underlying Kubernetes technology.

A more elastic etcd

That key technology is etcd, the distributed data store used by CoreOS generally and by Kubernetes in particular. With a new experimental feature, CoreOS can manage etcd with CoreOS Operators.

Operators allow applications that aren't built to be scaled to run on Kubernetes. They have to be customized to handle a given app, but CoreOS recently created etcd-operator to allow Kubernetes to scale and manage etcd. Thus, as CoreOS's Brandon Philips put it in a video community meeting, CoreOS can provide good high-quality etcd clusters for Kubernetes's API server.

This arrangement allows admins to use Kubernetes's APIs to monitor the state of etcd. It also means key operational parameters for etcd—for instance, the default cluster size—can be administered using the same language and metaphors as any other clustered app, so etcd doesn't have to be treated as a corner-case application.

Terraform this, audit that

Tectonic and Kubernetes are designed to run in a variety of environments, but natural variations between environments can make deployment a chore.

Automation can help with that, and Tectonic 1.6.2 integrates with HashiCorp's Terraform infrastructure tool for "scriptable and customizable installations of self-hosted Kubernetes on AWS and bare metal." Being able to customize deployments to AWS is more important than it might seem; running Kubernetes via Tectonic on AWS is in some senses a substitute for AWS not having native Kubernetes support along the lines of Microsoft Azure or Google Cloud Platform.

Two other enterprise-grade features, RBAC and audit logging, also received a polish this time around. The web console for working with RBACs in Tectonic has been reworked to make it easier to, for example, assign roles across an entire cluster. Audit logging, now enabled in Tectonic, uses the same mechanisms for logging in Tectonic generally—you can use any Fluentd-compatible logging system to aggregate, store, and search the resulting audit logs.

The most recent beta editions of Kubernetes, now found in Tectonic, added several workload separation features, called tolerations, taints, and pod affinity. They let specific workloads to either group together (tolerations, affinity) or be scheduled apart from each other (taints), whether for the sake of performance or security. Kubernetes now uses these features to keep certain internal services from having multiple instances of same scheduled on the same nodes.