by Swapnil Bhartiya

Core OS brings automatic updating to Kubernetes with Tectonic

Dec 14, 2016
Cloud ComputingLinuxOpen Source

More automation means less vulnerable systems.

Core OS is borrowing the automatic update mechanism from Container Linux (formerly Core OS Linux) and applying it to its Kubernetes distribution Tectonics. The latest release of Core OS Tectonics that was released during the Tectonic Summit in New York comes with what Alex Polvi, the CEO and co-founder of Core OS, called a self-driving model.

What problem does it solve?

When I asked about the problem Core OS was trying to solve with this release, Polvi gave me the example of the most recent Linux vulnerability, Dirty COW. In the case of Dirty COW, while updates were pushed by the vendors, it was still up to the individual operations (Ops) departments to apply the patch. The security of those systems and infrastructure relied on the assumption that those Ops teams were reading the news and were aware of the bug. There is no auto-update mechanism in traditional Linux systems. In contrast to traditional Linux server operating systems, Container Linux automatically applied the patches keeping those systems secure.

What’s less known is that the same day Dirty COW was disclosed, a major Kubernetes vulnerability was also found and every Kubernetes deployment in the world needed to be upgraded.  While systems like Container Linux patched the Dirty COW, that still left the Kubernetes vulnerability unaddressed.

“In the case of Dirty COW, we were able to automatically fix that within 24 hours. In the case of the Kubernetes vulnerability, which did not have a brand name. It had a CVE but not a brand name. We were not able to do that because we did not have the system in place,” said Polvi.

With the release of Tectonic, Core OS is trying to patch that hole, fill that gap. With this release of Core OS Tectonic, the company is bringing the same mechanism that it pioneered with Container Linux to distributed management of applications in Kubernetes.  Next time if there is any vulnerability in Kubernetes, “…we’re automatically going to be able to patch that and fix it,” said Polvi.

In a press release Core OS said, “with self-driving infrastructure, organizations can ensure their containerized application clusters are secure and up to date with the critical security patches and the most recent features available from the open source community.”

This is quite a significant move as Gary Chen, Research Manager, Software Defined Compute, IDC, said, “Maintaining updated software in a distributed system has historically been complex and difficult to manage. Businesses are seeking infrastructure solutions that enable everything as a service with simplicity across environments in the cloud and data center.”

With this release, customers can now use CoreOS Tectonic for free on up to 10 nodes. Those who are running more than 10 notes can get a subscription for it.

The company has also changed the name of Core OS Linux to Container Linux.