|
|
|
|
|
|
by bigmac
3354 days ago
|
|
|
Importantly updates are not handled by LinuxKit itself[1] but the concept is that that a higher level system or packager might take care of via CloudFormation and an out-of-band re-provisioning method. This was an explicit omission, at least for now. We left update out of scope because it's better handled by the infrastructure provisioning system (in our case, infrakit). We'll use infrakit to supply updates (and the dm-verity hash, for that matter). Thus we treat infrastructure provisioning system as the trusted 'bootloader' for a cluster of machines. Most datacenter clusters end up having an infrastructure provisioning system, so it makes more sense for those systems to have the OS update responsibility. This ends up meaning less attack surface on the host itself, and serves as a good separation of concerns and least privilege design. |
|
|