Containers and SUSE® Manager 4
Linux container technology dials up efficiency and keeps costs to a minimum, but only if you have the tools you need to keep control of audits, updates, configuration and other lifecycle tasks. And with the ever-changing technology landscape, it has become critical that such management technology can work with containers. Fortunately, SUSE® Manager 4 includes such a solution, with tools for easily managing your container-based Linux resources.
What Is SUSE® Manager 4?
SUSE® Manager 4 is a best-in-class open source infrastructure management solution that lowers costs, enhances availability and reduces complexity for lifecycle management of Linux systems in large, complex and dynamic IT landscapes. You can use SUSE® Manager 4 (Figure 1) to configure, deploy and administer thousands of Linux systems running on hypervisors, as containers, on bare metal systems, on IoT devices, and on third-party cloud platforms. SUSE® Manager 4 also allows you to manage virtual machines (VMs) and containers.
Figure 1: The SUSE® Manager user interface lets you control a comprehensive collection of essential management tasks from a single user interface.
Container technology has revolutionized the IT industry, but containers can place big demands on IT departments and budgets. If you want to maximize efficiency and minimize downtime, you need tools for configuring, managing, updating and auditing your Linux container run-time environment. Many organizations run applications in VMs, on bare metal systems and in containers, and the proliferation of tools and procedures necessary for managing all lifecycle phases of all those instances can cause serious headaches for your IT staff—unless you get smart and tool up.
SUSE® Manager 4 is a single application that enables you to manage the complete lifecycle of your Linux-based workloads running on containers, VMs or bare metal. SUSE® Manager 4 extends the power and reach of a single admin, improving efficiency and reducing the learning curve for new staff. Close support for the Kubernetes orchestration system completes the picture of SUSE® Manager 4 as a powerful solution for managing Linux in container-based environments.
All in One
SUSE® Manager 4 is a single tool for managing all your Linux resources. You can use SUSE® Manager 4 to automate deployment and manage patches and updates. You can audit your systems to prevent unauthorized changes and even ensure compliance with CVE or OpenSCAP security standards. The Salt configuration management solution included with SUSE® Manager 4 enables you to create secure and optimized system templates in advance, so you can roll out new systems quickly and easily.
The powers of SUSE® Manager 4 find full expression in its support for container technologies. With SUSE® Manager 4, it is possible to configure a Kubernetes Virtual Host Manager, using your own kubeconfig file. This task is handled via Systems | Virtual Host Managers, where you can select to create a new Kubernetes Cluster (Figure 2).
Figure 2: Creating a new Kubernetes Cluster in SUSE® Manager 4.
It should be noted that SUSE® Manager 4 is not intended to serve as a front end for Kubernetes. However, by way of the SUSE Container as a Service (CaaS) Platform (which includes Kubernetes), it is possible to create the necessary connections that allow you to work with Kubernetes. In order to make this work, the following prerequisites must be taken care of:
• At least one Kubernetes or SUSE CaaS Platform cluster available in the network
• SUSE Manager version 3.1.2 or greater
• SUSE Manager prepared for container management (required channels are present, and a registered build host should be available)
• The virtual-host-gatherer-Kubernetes package must be installed on the SUSE® Manager server for additional Kubernetes features to be available from the user interface
The container environment lends itself to rapid orchestration and deployment of new systems created for a single purpose. In this high-volume and high-velocity setting, SUSE® Manager 4 is capable of integrating with Kubernetes to lock down security and ensure orderly process management, allowing for easy customization to adapt to your changing needs.
Containers depend on system images, and SUSE® Manager 4 specializes in image building and management. With SUSE® Manager 4, you can automate building and rebuilding of custom container images from your Dockerfiles and the latest packages. SUSE® Manager 4 allows you to create and manage image profiles for easy and systematic rollout, and you can adapt profiles using manual or automated techniques. You can also access external container registries or create your own local registry.
The SUSE® Manager 4 programming interface allows you to automatically trigger image rebuilding for rapid integration of patches and new features in a continuous integration environment.
Software: What’s Inside
A container is only as safe as the software running inside it. SUSE® Manager 4 offers efficient control over software updates and sources, ensuring that your systems stay current and offering airtight control over the software that reaches the system. You can define a software channel as an exclusive source for software that will be installed on a container or container image at build time. A software channel eliminates the possibility of unauthorized software reaching the system. Software channels also adapt easily to delivery based on use case. For instance, you could define a channel for web servers to push out updates that only a web server will require.
SUSE® Manager 4 provides close integration with the Open Build Service, enabling you to create and digitally sign packages that can then be inserted automatically into container images. Once a container is up and running, SUSE® Manager 4 will continue to watch over it, auditing and reporting on any deviation from the predefined configuration.
SUSE® Manager 4 watches your containerized Linux resources to ensure that security requirements and patch levels are maintained. You can even audit your systems automatically to ensure compliance with the Common Vulnerabilities and Exposures (CVE) list (see Figure 3).
Figure 3: Running a CVE audit against servers within SUSE® Manager 4.
The automation and control provided with SUSE® Manager 4 is another powerful form of security. The highly structured SUSE® Manager 4 environment enables you to manage your systems in a safe and systematic way, minimizing the risk of configuration error or accidental oversight.
The SUSE® Manager 4 environment offers close and convenient integration with the popular Kubernetes container orchestration system. SUSE® Manager 4 is the perfect counterpart for Kubernetes, providing automated configuration, auditing and other lifecycle services for Linux containers within the Kubernetes framework. You can even use SUSE® Manager 4 to check the run-time status of your Kubernetes pods and monitor any deviation of the container image from the original image used at container creation.
Future 4.x versions of SUSE® Manager will also include support for the SUSE CaaS Platform—an integrated environment that combines SUSE® Manager and Kubernetes with a powerful collection of deployment, automation and management tools.
Built for DevOps
A powerful set of Application Programming Interfaces (APIs) enables you to create scripts and custom solutions, extending the automation features in SUSE® Manager 4 to support a rich environment for rapid deployment and continuous integration. The strong support for container technology, its close integration with Kubernetes and its built-in support for automated deployment, configuration and auditing make SUSE® Manager 4 a powerful addition to any container-based DevOps environment.
Containers offer great opportunities for efficiency and security, but they also place special demands on the IT staff. SUSE® Manager 4 helps you meet the challenges of the container environment, with special support for Kubernetes and an array of powerful features for configuring and auditing container-based Linux systems, as well as managing system images, checking security and controlling software installation.
Talk to the experts at SUSE® to learn more about how you can bring the power of SUSE® Manager 4 to your container environment.