CoreOS brings auto-updates to Kubernetes

New version of Tectonic allows components to update themselves, so clusters of systems can be patched speedily with minimal oversight

CoreOS brings auto-updates to Kubernetes
MIT News (Creative Commons BY or BY-SA)

CoreOS, creator of the Docker alternative rkt and many other container-centric innovations, is delivering a “self-driving” update to Kubernetes for its container-based Linux distribution. This self-updating methodology comes with the new version of Tectonic, a mix of CoreOS’s Linux (now known as Container Linux) with Kubernetes.

CoreOS is also watching this development to see how a cluster of systems that provide internet infrastructure can receive constant updates—whether for fast-moving projects like Kubernetes or Docker or for components like TLS, which are more static.

Let Kubernetes do the driving

The initial plan is to allow updates to Kubernetes to automatically deploy throughout a cluster running Container Linux. Kubernetes is subject to frequent changes, and in CoreOS’s view, its users have become accustomed to the idea of running the most recent production version as soon as it’s available.

Pushing out timely updates to Kubernetes is more than a matter of convenience. CoreOS CEO Alex Polvi described in a phone call that rapid deployment also means users don’t have to wait for, say, security updates to be double-checked before they’re distributed. In other words, it’s for patching nearly every part of the cluster, not Kubernetes alone.

“Before this was possible,” said Polvi, “if there was a security vulnerability in Kubernetes, then every Kubernetes operator in the world had to figure out how to patch it—they had to stop whatever they were doing and go fix the problem.”

Patch early and often

Polvi sees the self-driving update as a contrast to Red Hat’s approach. With Red Hat Enterprise Linux, for instance, any changes that are submitted upstream and accepted by Red Hat into its codebase have to be reviewed internally by engineers to certify that they will work with RHEL. What you gain in stability, you lose in flexibility and speed.

By contrast, deployments across a cluster of systems are meant to be forgiving of problems, an advantage CoreOS hopes to harness. Updates can be delivered as soon as they’re submitted upstream. If a particular update breaks something, the rest of the cluster can temporarily pick up the slack. If a problem with an update is discovered, it’s possible to roll out a fix more quickly.

CoreOS is interested in seeing if this approach catches on outside of its immediate customer base. Thus, users who want to try out Tectonic on up to 10 nodes can now do so for free.