CoreOS: the minimal Linux OS for the container era

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

An OS designed for containers

March 2013 saw the public release of Docker, bringing Linux containers (based on cgroups, namespaces) to mainstream technology status. Traditional Linux distributions — Ubuntu, Debian, CentOS, RHEL — were designed in the 1990s-2000s for pet servers: long-lived machines, manually configured, updated package by package. Typical features (tens of thousands of available packages, stateful management, custom kernels) are oversized for a host that only has to run containers.

CoreOS was born in October 2013 as a startup by Alex Polvi and Brandon Philips with a clear thesis: an OS natively designed for containers is needed. The first stable public release is in December 2013.

Design features

CoreOS Linux introduces radical server-OS choices:

• Minimal image — about 200 MB base, without runtime package manager. Only kernel, systemd, OpenSSH, Docker/rkt
• Read-only root filesystem — /usr is read-only; configuration sits in /etc, data in /var, applications inside containers
• A/B atomic updates — two /usr partitions, CoreOS downloads the new image to the inactive partition, reboots onto the updated one; on failure it can roll back
• Automatic updates — by default each node auto-updates according to “channel” policies (stable, beta, alpha)
• Cloud-config — YAML provisioning file (later replaced by Ignition) to configure systemd units, accounts, network, certificates
• Systemd everywhere — all services are systemd units, including Docker
• Apache 2.0 licence for original CoreOS components

CoreOS components

The initial CoreOS ecosystem articulates as:

• CoreOS Linux — base distribution
• etcd (February 2014) — consistent distributed key-value store (Raft consensus), for distributed configuration. Will become a central Kubernetes component
• fleet — service orchestrator across CoreOS clusters, based on systemd + etcd. Later deprecated in favour of Kubernetes
• rkt (Rocket, 2014) — alternative container runtime to Docker, with a more modular approach
• flannel — container networking
• Container Linux Update Operator — later component for update management

The “immutable infrastructure” philosophy

CoreOS promotes the immutable infrastructure concept: servers are not configured by modifying them but by replacing them. If you change something in the base system, you build a new image, roll it out, the nodes reboot updated. It is the opposite of the traditional pets model; it anticipates practices that will become widespread in the Kubernetes era.

This approach pairs naturally with Docker containers: the application is the container image, the OS is the CoreOS image, both are versioned and reproducible artefacts.

The emerging container market

At the 2013 debut, CoreOS competitors are still few:

• Ubuntu Core (Canonical) — in preparation, 2014-2015 release
• RancherOS (Rancher Labs) — 2015, very minimal
• Project Atomic (Red Hat) — 2014, trimmed RHEL/CentOS distributions for containers

CoreOS has first mover and a strong community. It is the emerging reference choice for production container clusters among Docker-native startups, AWS and GCE deployments, and early on-premise environments.

In the Italian context

As of late 2013 CoreOS is experimentally adopted by advanced Italian teams (Docker-native startups, research labs, some large ISPs). The Italian market is just at the start of the container curve.

References: CoreOS (October 2013), Alex Polvi, Brandon Philips. First public release December 2013. etcd, fleet, rkt. Apache 2.0 licence.