monogon

Summary

This is a pre-release of Metropolis, an up-and-coming cluster operating system. While a lot of things already work, others aren't implemented yet. You are encouraged to play with this release in a QEMU instance or real hardware for testing. However, it would be unadvised to treat this prerelease as anything more than a curiosity, let alone run it anywhere near production payloads.

To get started, follow our documentation at https://docs.monogon.dev/metropolis-v0.1/handbook/ch02-00-local-demo-cluster.html

That warning out of the way, let’s see what’s available today:

Metropolis Node

A combined Linux kernel and userland which forms the basis of a cluster node, configured ahead of time with “Node Parameters”.

• Immutable, signed kernel and userland.
• Encrypted, TPM sealed data partition.
• Self-managing etcd-based control plane started on all nodes.
• All management performed by gRPC/TLS, no shell/SSH access.
• Hardened Kubernetes userland started on all nodes.

Metropolis Installer

A simple EFI-based installer for the Metropolis Node Code. Partitions the local disk and installs Metropolis.

WARNING: The installer generated by metroctl will wipe the first disk it finds, and install Metropolis there. Interactive installation is out of scope of this release.

Metroctl

An all-in-one command line tool to generate a Metropolis Installer image, connect to a running cluster, and manage it.

Roadmap to production

These are a number of features that we’re working on for the next release to make Metropolis ready for production use:

• Secure authentication via gRPC/TLS is available, but currently only supports a single superuser 'owner' identity. The next release will feature a full-fledged authentication mechanism.

• There will be separate worker and control plane roles for nodes. All nodes currently run both the control plane and Kubernetes workloads.

• Documentation is still rudimentary and will be improved to cover the full cluster lifecycle.

• A cluster will not currently come back up after all nodes are turned off.

• Logs are currently only available on nodes' consoles.

• There are no metroctl interfaces for the Cluster management API.

• metroctl CLI stability is not guaranteed between this and upcoming versions of the OS.

• Metropolis is a working title and will almost certainly be renamed before the first stable release - we would advise against permanent tattoos.