Colin Walters recently announced a new cloud image for Atomic that includes support for cloud-init and Kubernetes. Supporting cloud-init is a great move but running this image locally with KVM needs a different set up than previous images. Here’s a walk through to get started with this latest image and the Fedora Atomic Cloud releases. This was the first time I needed to work with cloud-init, and there was a bit of a learning curve. There are a few different examples floating around the web and none of them seemed to work quite right.
Articles from Matthew Micene
In a interesting coincidence, the same day we posted the super privileged containers post using Sysdig, the Sysdig team announced support for Atomic hosts. You can take a look at that announcement for how sysdig does it’s magic on an Atomic host and which Atomic hosts are supported.
So no more need to build your own sysdig container for your Atomic clusters, you can use the official builds. Here’s what that looks like now.
With the release of Fedora 22 Atomic host, the Cockpit Project team changed the way cockpit was delivered. You can read more about the change on the Cockpit Project wiki page. The team is currently uploading the cockpit container to the Fedora repo on the Docker Hub, but Fedora Release Engineering is working on publishing layered images. We now have a super-privileged container (SPC) for the web service (cockpit-ws) with the bridge, shell, and docker components installed by default on the Atomic host.
cockpit-shell-0.55-1.fc22.noarch cockpit-docker-0.55-1.fc22.x86_64 cockpit-bridge-0.55-1.fc22.x86_64
One of the issues with containers built
The Right Way ™ (e.g., minimal containers that only provide the application code) is figuring out what’s going on inside the container. If you ship just application code, you run the risk of turning your container into a proverbial black box. Atomic hosts can provide a one way view of all of the operations inside a container, if you can find the right tool. Rather than adding more tools to your application container, folks like Dan Walsh have been working on super privileged containers to manage the host, such as the Cockpit container.
I was recently introduced to Sysdig for inspecting running process and activity on a Linux system. It’s a fairly nifty tool that understands Docker containers, and the authors have made sure that sysdig can be run in a container. This made it very simple to install on my laptop and start investigating.