Shell on Faster Wheels: Immutable Infrastructure from Core to Cluster

Immutable infrastructure - for both OS and Kubernetes - enhances security, compliance, and supply chain integrity. But does it just shift risks elsewhere, burdening teams with rigid workflows? Critics argue operational friction might negate its benefits. Can inflexibility truly coexist with agility?

This talk flips the script. Immutable layers simplify maintenance: messy upgrades become atomic in-place updates, “day 2” toil shrinks, and security is enforced by design. We’ll show how systemd-sysext streamlines OS extensions and how ClusterAPI provisions nodes correctly from day one through the immutable Kubernetes Images on an immutable distro.

Demos over theory: Watch immutable systems handle updates smoothly, survive failures, and enforce compliance - no armies of scripts required. No jargon, no theory - just practical steps you can replicate. We will see on how constraints like immutability aren’t roadblocks rather be guardrails that let teams focus on what matters the most.

This talk primarily aims to demo the idea of easier Kubernetes cluster maintenance on an immutable infrastructure using Cluster API, systemd-sysext and Flatcar Container Linux.

Flatcar Container Linux’s immutable OS acts as the foundation, turning nodes into predictable, identical units. Flatcar eliminates configuration drift and half-baked patches - security isn’t an afterthought; it’s the default. Updates roll out atomically, ensuring clusters remain consistent from development to production.

Cluster API builds on this by making Kubernetes orchestration declarative and reliably boring. Define your cluster once, deploy it anywhere, and let automation handle the rest. No more snowflake environments or midnight fire drills - consistency is the default.

But systemd-sysext bridges the gap between rigidity and practicality. systemd system extensions let you layer functionality like toppings on a pizza - without compromising Flatcar’s immutability. These prebuilt images, specifically the Kubernetes sysext images, allow teams to innovate freely while keeping the base OS pristine.

For the community and users, this trio solves the eternal tug-of-war between security and agility. Flatcar’s stability, Cluster API’s automation, and sysext’s modularity help define a blueprint for chaos-free clusters.

This talk will showcase production-ready, provisioning-time node composition in Cluster API and dive into OS-level live in-place updates, illustrating key concepts with live demos throughout the presentation. All demos are simple and self-guided, allowing the audience to easily reenact them at their own pace.