Authors Sarah Julia Kriesch,
License CC-BY-SA-4.0
openSUSE Kubic
The Container Platform by openSUSE
https://kubic.opensuse.org
Sarah Julia Kriesch
sarah.kriesch@opensuse.org
Agenda
• About me
• The openSUSE project
• openSUSE Kubic
• Features
• Transactional Updates
• Velum as a Dashboard
• openSUSE Leap and Kubic
• Podman
• How to contribute
2
About me
• Student in Computer Science (B.Sc.), TH Nürnberg
• Student Representative in Senate/ University Council
• Student Representative in AG Study Plan, AG Laboratories
• Founder AG Open Source (Educator + Trainer), TH Nürnberg
• Global Translation Coordinator, QA, Wiki, Advocate
(openSUSE) at openSUSE
• Chairman at One Week Experience e.V. (One Week Student)
3
4
openSUSE Kubic project
• Container as a Service Platform
• MicroOS, based on openSUSE Tumbleweed
• Velum, Cluster Bootstrapper & Cluster Dashboard
• Based on SUSE Container as a Service Platform
(CaaSP)
5
Features
• Transactional Updates
• Latest packages with openSUSE Tumbleweed
• Based on Podman
• Created with Docker base(part of Atomic Project)
6
Transactional Updates
• Is Atomic:
‒ Fully applied or not at all
‒ Update does not influence the running system
• Can be rolled back:
‒ A failed or incompatible update can be discarded and the
previous system can be restored
7
Requirements
• BtrFS root filesystem with snapper (snapshots)/
rollback enabled
• zypper
• btrfsprogs
8
Snapshots vs. Transactional Updates
current root current root
ro ro
ro ro
ro ro
ro ro
9
Transactional Update
• Clone of current root to ro
• Change rw
• zypper up
• Change to ro
• “Rollforward” with btrfs subvol set-default
• After reboot change / update executed
• Quickly rollback
10
Executing Transactional Updates
• Update/Upgrade:
transactional-update
[up|dup|patch]
• Installation/ Remove /
Update 1 package:
transactional-update pkg
[install|remove|update]
pkg
• Rollback:
transactional-update
rollback
11
Project Atomic
• Container Tools
(incl. Compose)
• Integrated docker
commands
• Easy to use with
container experience
12
Velum as a Dashboard
13
How does Leap profit from Kubic?
• Transactional Updates
available in Tumbleweed
and Leap
14
kubeadm
• toolkit produced by
Kubernetes
• Creation of kubeadm nodes
for a cluster
• Initialization of the network
and joining a node:
• kubeadm init –pod-network-
cidr=10.244.0.0/16
• kubeadm join
15
kubicctl
• Adding Worker Nodes:
‒ kubicctl node add node1,node2,…
• Verifying the cluster:
‒ kubectl get nodes
16
Verification of the cluster
17
Kubic Node Roles
• Kubic Admin Node: • Kubic Loadbalancer Node:
‒ kubicd ‒ MicroOS without container
runtime
(daemon which
communicates via gRPC ‒ haproxy installed
with clients and setup of
• Additional Kubic Node:
Kubernetes network)
‒ Additional Master for HA
‒ salt-master (for node
management via ‒ Worker Node
Dashboard)
‒ Kubernetes Master Node
18
Podman
• Alternative container engine instead of docker
• Same commands as docker
• Daemonless and rootless containers possible
• Container Manager as docker-compose
• Sharing of one network namespace
• Compatible with multiple image formats including
the OCI and Docker image formats
19
Pods
• 1 Kubernetes pod in 1 Linux namespace and the
same cgroup
• Flexible combinations of services possible
(webserver, github pull, database, ...)
20
Daemonless
• Docker daemon is (mostly) executed by root
• Podman is working without central daemon
• Additional process conmon is monitoring and gives
correct start parameters for the container runtime
21
Rootless
• Start of a container without root privileges
• Mapping of the UID in the namespace
• Using root in a container possible (isolating root)
• User in the container has default access on host
system
• Docker offers that since version 19.03
22
Example of a rootless podman process
23
Podman commands – as docker
• podman run • podman build
• podman exec • podman image
• podman info • podman images
• podman logs • podman commit
• podman ps • podman history
• podman cp • podman stop
• podman rm • podman start
• podman poll • podman volume
• podman push
24
Podman (only) commands
• podman generate kube • podman pod create
• podman container cleanup • podman pod kill
• podman container exists • podman pod ps
• podman container restore • podman pod pause
• podman image exists • podman pod restart
25
“Do you wonna become a
Contributor?”
26
Packaging
• Creation of packages with the Open Build Service
• Submit to openSUSE Factory
‒ > openSUSE Tumbleweed
• https://build.opensuse.org/project/show/devel:kubic
27
Development of openSUSE Kubic
• Github contributions:
‒ https://github.com/kubic-project
28
Quality Assurance
• Test it!
• Try it!
• Perform it!
• Report bugs!
• Bugzilla:
https://bugzilla.opensuse.org/buglist.cgi?component
=Kubic&product=openSUSE%20Tumbleweed
29
References
• openSUSE Kubic:
https://kubic.opensuse.org
• https://www.projectatomic.io
• Podman:
https://jaxenter.de/docker/podman-container-daem
onless-rootless-89349
• Podman Usage:
https://github.com/containers/libpod/blob/master/tr
ansfer.md
30
Questions?
openSUSE Summit 2020
Dublin
May 27 – 28, 2020
https://events.opensuse.org
Join our conference,
contribute & have a lot of fun!
events.opensuse.org
Thank you.
Have a Lot of Fun, and Join Us At:
www.opensuse.org
34
License
This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0
International license. It can be shared and adapted for any purpose (even commercially) as
long as Attribution is given and any derivative work is distributed under the same license.
Details can be found at https://creativecommons.org/licenses/by-sa/4.0/
General Disclaimer
This document is not to be construed as a promise by any participating organisation to develop,
deliver, or market a product. It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making purchasing decisions. openSUSE makes
no representations or warranties with respect to the contents of this document, and specifically
disclaims any express or implied warranties of merchantability or fitness for any particular
purpose. The development, release, and timing of features or functionality described for
openSUSE products remains at the sole discretion of openSUSE. Further, openSUSE reserves the
right to revise this document and to make changes to its content, at any time, without obligation
to notify any person or entity of such revisions or changes. All openSUSE marks referenced in
this presentation are trademarks or registered trademarks of SUSE LLC, in the United States and
other countries. All third-party trademarks are the property of their respective owners.
Credits
Template
Richard Brown
rbrown@opensuse.org
Design & Inspiration
openSUSE Design Team
http://opensuse.github.io/branding-
guidelines/