Mathieu Tortuyaux
Mathieu is working as a Linux OS software engineer @ Microsoft mainly involved in Flatcar development (an open-source Container OS Linux distribution). He mainly works on the tests automation, release cycle and feature development. Outside of the work, he co-founded the SRE France association to organize DevOps/SRE Meetups in France and co-created the SRE SummerCamp: a 2 days event mixing outdoors activities and SRE/DevOps talks.
Session
On general purpose image based systems such as Flatcar and Fedora CoreOS, users are encouraged to run all their applications using containers. To make updates safe and predictable, the system is mounted as read only and local modifications are discouraged.
While containers offer a lot of flexibility on Linux, there are still cases where installing binaries or running applications directly on the host operating system is preferred. For example to add kernel modules, use an alternative container runtime version, add more udev rules, etc.
Some of those use cases could be addressed with statically linked binaries, but their management is manual and their usage creates new issues around updates, versionning, memory footprint and not everything can be statically compiled. Alternatively, one can build its own image but at non-negligeable maintenance costs.
Systemd's system extensions (sys-ext) provide a mechanism to extend the content of the host while preserving the safety guarentees around updates. We will demonstrate how Flatcar, Fedora CoreOS and Atomic Desktops are leveraging sysext images to securely extend the OS. With practical examples and usecases (e.g Cluster API) learn how to install Python, Podman, Kubernetes, ZFS, everything at the same time, by composing your very own image with systemd-sysext.