Flatcar Container Linux – container optimized, immutable fs, config provisioning
Flatcar Container Linux는 컨테이너 워크로드에 최적화된 경량 불변 운영체제로, 불필요한 패키지 매니저를 제거하고 읽기 전용 파일 시스템을 통해 보안성을 극대화합니다. 자동화된 원자적 업데이트 기능으로 항상 최신 보안 패치를 유지하며, 대규모 글로벌 인프라 관리 도구를 내장해 확장성을 지원합니다. Adobe, Wipro, Equinix 등 다양한 기업이 Kubernetes 클러스터와 하이브리드 클라우드 환경에서 Flatcar를 활용해 안정적이고 보안성이 높은 컨테이너 인프라를 운영하고 있습니다.
#containeros #immutableos #kubernetes #automatedupdates #security
I'm running automated updates since years...
I even started running them on PROD at work. People thought I'm nuts but I think the risk of attacks is far more dangerous/likely than a bug taking down everything - especially with recent updates becoming so stable (yes, they are stable despite us moaning - when was the last bug that took down your entire infrastructure?).
I even had positive side effects: my (headless) raspi's ssh once died. I was too lazy to reinstall it that day. When I tied again, it had pulled new updates, fixed the ssh, and rebooted.
How do you do #AutomatedUpdates of #docker containers?
It seems that we have ditched 30+ years of OS package handling.
Docker updates seems to be a) hope the container creator publishes an updated ":latest" whenever there is a security update, b) delete the docker container c) and start the new one
(The latter two can be achieved using something like #watchtower)
Two days ago I finally installed the f-droid privileged extension to my LineageOS. And I can say already that I feel at least 10 times happier with the experience.
Now the last remaining bastions of manual updates: My banking app, my alarm and Signal. Lets see if I can get them under control as well.
sayzard
13reak 
moozer
Sheogorath