Level 1 k8orization Example: Ubuntu OS for Kubernetes
Mars Marni
Raj Mars Marni
Description of the image

By applying Level 1 k8orization to your Ubuntu images, you can create lean, secure, and optimized foundations for your K8s deployments, paving the way for efficient and scalable containerized applications.

Let's consider a scenario where you're preparing an Ubuntu image for K8s deployments. Here's how Level 1 k8orization can optimize it:

Standard Ubuntu Image:

Ubuntu 20.04 LTS with default package selection, including:

  • Unnecessary user accounts and groups.

  • Pre-installed applications like LibreOffice, games, etc.

  • Redundant documentation and man pages.

  • Unused system services and daemons.

k8orized Ubuntu Image (Level 1):

  • User and Group Reduction: Remove redundant user accounts and groups, leaving only essential system users and those required for your applications. Tools like userdel and groupdel can be used for this purpose.

  • Package Removal: Uninstall pre-installed applications and packages unrelated to K8s deployments. This might involve tools like apt remove or dpkg --purge.

  • File Removal: Identify and eliminate unnecessary documentation files, man pages, and other non-essential data using tools like find and rm.

  • Service Disabling: Disable system services and daemons not required for K8s functionality. Utilize tools like systemctl disable for service management.

Key Optimizations:

  • Reduced Image Size: This can decrease by 30-50% compared to the standard image, leading to faster deployments, lower storage costs, and improved resource utilization.

  • Enhanced Security: Fewer packages and users minimize the attack surface and potential vulnerabilities.

  • Simplified Management: Consistent base images across deployments streamline configuration and security updates.

Additional Techniques:

  • Tailored Optimization: Analyze your specific K8s needs and remove packages based on your application requirements. Don't remove essential system components.

  • Security Hardening: Implement additional security measures, such as setting strict file permissions and disabling root login.

  • Automation: Integrate k8orization steps into your image build process for efficient and consistent base image creation.

Level 1 focuses on the base OS image. Further optimization for security, efficiency, and resource utilization can be achieved through higher k8orization levels targeting package layers (Level 2) and application layers (Level 3).

This document presents an example hGraph visualization of the operating system k8orization process implemented at BOTops company.

Sector 1:

The user authorization process requires accessing and verifying credentials across all necessary services: Google, AWS, Jira, Miro, Toggle Tracker, GitHub, and DockerHub.

Sector 2:

This sector outlines the creation of manifest files in YAML format for various Kubernetes resources.

  • The first manifest defines a StorageClass, enabling volume creation.

  • The second manifest creates a PersistentVolumeClaim, claiming a volume.

  • The fourth manifest deploys another service with mounted volumes, focusing specifically on volumes within the /usr directory.

Sector 3:

Section 3 outlines the pre-deployment steps, including authorizing access to a Jump EC2 instance, establishing a connection to the EKS cluster, switching to the appropriate namespace, and verifying connectivity to the Node Group, ensuring a smooth and secure deployment process.

Sector 4:

Section 4 dives into deploying the StorageClass, detailing the steps: uploading the manifest file, establishing the StorageClass itself, and the subsequent automatic volume creation, streamlining storage provisioning for your application.

Sector 5:

Section 5 outlines the deployment of the PersistentVolumeClaim (PVC), guiding you through uploading the manifest file and subsequent PVC creation. This empowers your application to request and utilize persistent storage seamlessly.

Sector 6:

Section 6 delves into the deployment process, guiding you through applying the deployment manifest, creating the deployment resource, spawning a replica set, and finally launching individual pods, orchestrating the entire application rollout in a step-by-step manner.

Sector 7:

Section 7 tackles automated pod storage attachment, demonstrating how to specify StorageClass and PersistentVolumeClaim information within your manifest file. This ensures seamless storage provisioning for your deployed pods.

Sector 8:

Section 8 dives into content migration, guiding you through executing the created pod, copying all files from /usr to the mounted /mnt directory, and then verifying memory usage remains consistent across both directories. This final step confirms successful migration and data persistence within the mounted volume.

Description of the image

Looking to expand your k8or knowledge?

k8or is easier to use with a basic understanding of Kubernetes principles and core concepts. Learn and apply fundamental k8or practices to run your application in k8or.
Join k8or

Explore BLOCK framework, k8orization, custom images, deployments, and more