Kubernetes Overwhelms the Keepers of Linux
Although open source, Kubernetes may be challenging the way traditional open source Linux distributions package their releases, according to this illuminating post from Linux Weekly News editor Jonathan Corbet. The kerfuffle points to how the new ways of cloud native computing may put pressure on traditional open source to move to a more dynamic way of updating their software.
The story starts with volunteer-led Debian, perhaps one of the purest open source Linux distributions. Like many distros, Debian was designed to be as efficiently packaged as possible. This means all the applications and tools in the package should share the common libraries, such as a C library. This approach streamlines the size of the distro, while keeping the security footprint as small as possible — by deduplicating the multiple copies of the same code base.
Over the years, however, a growing movement in the cloud native and web development communities has been taking a different approach, that of bundling all an application’s dependencies with the application itself. Commercial software vendors and support providers like this approach. During install time, they don’t have to troubleshoot missing libraries, nor worry about version drift of some dependency. This practice is called “vendoring,” according to Corbet.
Kubernetes has taken this approach and, thanks to the overwhelming number of dependencies Kubernetes, it has become too bulky for Debian to manage (Not helping is the fact that Kubernetes was written in Golang, which itself is built on a great number of dependencies). One maintainer kept Kubernetes updated for each release of Debian for awhile, though commented that the job was probably too large for any one person to manage.
Now the Debian Technical Committee is looking at whether to allow Kubernetes to “vendor” in its own copies of needed libraries, or whether to exclude it from Debian releases altogether, allowing users to download and run Kubernetes separately.
At The New Stack, we are primarily interested in cloud native open source tools such as Kubernetes, Prometheus, Istio, and so on. Hence our name. But we also keep tabs on the more traditional open source software, such as Linux. Both are needed to keep infrastructure running smoothly, even if their operating practices are not the same.