Container Linux by CoreOS

Important features for security and cluster management

Container Linux uses the etcd daemon, which is installed across all servers in the cluster to provide a common registry for cluster nodes to share configuration data. It reinforces server abstraction for consistent configuration across cluster hosts. The etcd daemon also provides service discovery capabilities, which offer visibility into applications. The OS supports Docker as the abstraction layer and includes the Docker container system. It also includes CoreOS Rkt, which is the company's container virtualization engine and a Docker competitor.

CoreOS uses systemd -- another central daemon in the OS package -- for initialization and process management. CoreOS recommends that the user rely on Rkt or on open source Kubernetes for cluster management.

CoreOS uses isolated user space instances for security. These instances are based on the Linux kernel's control groups -- called cgroups -- feature, rather than using hypervisors and creating virtual machines (VMs). This offers namespace isolation and manages resource usage, such as processor, memory and disk I/O, for every process. Although they share the underlying Linux kernel, each container acts as a separate Linux machine. Container Linux also offers an auto update capability, CoreUpdate, for secure operations. CoreUpdate pushes updates to the kernel and system-level components, rather than waiting for the administrator to request an update. It helps keep the OS patched and consistent with kernel changes.

The OS works with x86 and x64 processors. A software developer or administrator can use the OS on bare-metal systems or run the platform as a VM. It also runs on public cloud instances, such as those from Amazon Web Services Elastic Compute Cloud (AWS EC2), Microsoft Azure and Google Compute Engine (GCE), as well as on OpenStack and other cloud frameworks. CoreOS estimates that users create 1 million unique instances of the OS each month.

Container Linux by CoreOS scaling

With Docker installed, the developer or administrator can initiate a cluster and then add nodes to it. The etcd instances of Container Linux machines must be connected to form a container cluster. Service discovery via etcd eases container scaling.

Once the cluster is set up, the user deploys containers to the cluster. The containers interact with Container Linux via a Kubernetes agent that talks to the container runtime in use. Docker provides container management, while the CoreOS fleet distributed init system provides process and container lifecycle management.

Atomic, static configurations are defined in Container Linux Config, which then validates and translates configurations to apply them as individual units to the hosts efficiently and automatically. This configuration process is declarative, and the host-level state never changes. The CoreOS Ignition utility provisions machines according to Container Linux Config specifications, reading the metadata from the user's chosen cloud provider.

CoreOS offers several products in addition to Container Linux, including the Rkt container engine and a commercial enterprise version of Kubernetes named Tectonic. While Container Linux is open source, CoreOS sells support for the OS.

Container Linux by CoreOS is one of many Linux distributions designed to support containers. Other container OSes include Red Hat Atomic Host, Boot2docker, Alpine Linux and Microsoft's Windows Server 2016.