Linux has come a long way since Linus Torvalds released it to the community for use. It has served many legendary ventures and exploits until now when the time for containers has come and has been fully accepted. The traditional Linux distribution bundles a large amount of software, which makes it a wonderful general-purpose tool. This was never an issue until the idea of containers incepted.
The copious amount of software in traditional Linux boxes has the following disadvantages, it adds bloat, increases the security threat surface, and expands the testing matrix required to certify a new release. Microservices which is fueled by containers require fewer dependencies, uses a minimal container operating system and thus easily enable your applications to reach great levels of scale.
We will be demystifying minimal container operating systems that have shown a lot of promise in this article.
1. CoreOS/Container Linux
Container Linux, normally known as CoreOS is a pioneer in the business of container-based Linux distributions. It is an extremely lightweight Linux operating system designed for clustered deployments providing automation, security, and scalability for your most critical applications. Applications, as you might guess run in containers, providing developer-friendly tools for deploying software. Admittedly, CoreOS Container Linux is the leading container operating system, designed to be managed and run at a massive scale, with minimal operational overhead.
How CoreOS internals work
Adapted from CoreOS website, “Container Linux contracts the boundary of the distribution to include just the essentials: the operating system and basic user utilities are stripped to their bare minimum and shipped as an integral unit. All other applications and dependencies run inside containers, where they can be consistently managed, updated and distributed. As a user of Container Linux, you have a consistent, secure base to run your applications. CoreOS engineers continuously deliver patches to the OS, keep the container engines up to date and ensure your containers run securely.“
Features of CoreOS
- Container Linux runs on nearly any platform whether physical, virtual, or private/public cloud.
- All applications separate from the core operating system and dependencies run inside containers
2. Photon OS
Introduction to Photon OS
VMWare produced a minimalist Linux OS that is sharpened to suit cloud computing platforms, VMware vSphere deployments, and applications native to the cloud and called it Photon OS.
As a Linux container host, Photon OS has been optimized for vSphere and cloud-computing platforms such as Amazon Elastic Compute and Google Compute Engine. It works with the most common container formats, including Docker, Rocket, and Garden. Moreover, Photon OS includes a yum-compatible, package-based lifecycle management system called tdnf.
One amazing feature about Photon OS is that you can use it with development tools and environments such as VMware Fusion, VMware Workstation. In the process, it allows you to seamlessly migrate container-based applications from development to production.
Features of Photon OS
The most distinguishing features of Photon OS are as follows
i. Photon OS has a small footprint and fast boot and run times.
This makes Photon OS highly optimized for cloud computing and cloud applications.
ii. It manages services with systemd.
By using systemd, Photon OS adopts a contemporary Linux standard to manage system services. Photon OS bootstraps the user space and concurrently starts services with systemd. The systemctl utility controls services on Photon OS. For example, instead of running the /etc/init.d/ssh script to stop and start the OpenSSH server on an init.d-based Linux system, you run the following systemctl commands on Photon OS:
- systemctl stop sshd
- systemctl start sshd
It manages packages with an open-source, yum-compatible package manager called tdnf for Tiny DNF.
Tdnf keeps the operating system as small as possible while preserving yum’s robust package-management capabilities. On Photon OS, tdnf is the default package manager for installing new packages. It is a C implementation of the DNF package manager.
If you would wish to run Docker without much fuss or hassle, then consider using RancherOS. It is the smallest, easiest way to run your workloads in a production environment using Docker. Since the future seems to be going the container way, the Rancher team made every process in RancherOS run as a container managed by Docker. This architecture is pretty different from what exists in Linux Distributions because even system services such as udev and syslog run as containers.
Because it only includes the services necessary to run Docker, RancherOS is significantly smaller than most traditional operating systems. By removing unnecessary libraries and services, requirements for security patches and other maintenance are also reduced. This is possible because, with Docker, users typically package all necessary libraries into their containers.
Features of RancherOS
i. Everything in RancherOS is a container
All elements and featured pertaining containers have been looked at and features implemented to make sure RancherOS is technically sound. For example, RancherOS is designed to run the latest version of Docker which allows users to take advantage of the latest Docker capabilities and bug fixes. As you can see, no more worrying about upgrades and updates on the terminal, you just focus on your core business.
ii. RancherOS is as fast as Flash
Nothing compares to minimalist Linux distributions when it comes to booting time. RancherOS, which enjoys this league boots incredibly fast. Moreover, firing up of Docker containers is waterfall fast, similar to starting any other process. If you are an organization embracing microservices then these features are precisely ideal for you.
RancherOS requires very low hardware resources to run on. This eliminates the constraints that hardware expenses may have on your project.
How RancherOS Works
One can wonder how an OS that runs exclusively on containers does what it does behind the scenes. Rancher accomplished that by launching two instances of Docker. They call one instance System Docker which represents the first process on the system like init in the normal Linux distros. All other system services, like terminal, syslog, and ntpd are running in Docker containers. System Docker replaces traditional init systems like systemd and is used to launch additional system services.
So how would one avoid deleting all containers running in the user space together with System’s containers? RancherOS handles this with brilliance. This is how it goes, System Docker runs and manages a special container called Docker, which is another Docker daemon responsible for managing all of the user’s containers. Any containers that you launch as a user from the console will run inside this Docker. This creates isolation from the System Docker containers and ensures that normal user commands don’t impact system services (Rancher).
4. Red Hat CoreOS (RHCOS)
Red Hat Enterprise Linux CoreOS was created by the same development teams that created Red Hat Enterprise Linux Atomic Host and CoreOS Container Linux. Its main goal is to bring together the best quality standards of Red Hat Enterprise Linux (RHEL) with the automated, remote upgrade features from Container Linux.
Key RHCOS features
i. The underlying operating system consists primarily of RHEL components.
What this briefly means is that you will get the same quality, security, and control measures that are implemented on RHEL are strictly supported in RHCOS.
ii. RHCOS features transactional upgrades using the rpm-ostree system.
Updates are delivered via container images and are part of the OpenShift update process. When deployed, the container image is pulled, extracted, and written to disk, then the bootloader is modified to boot into the new version.
iii. RHCOS uses Podman CLI For tasks such as building, copying, and otherwise managing containers.
This replaces the Docker CLI tool with a compatible set of container tools found in podman CLI.
iv. RHCOS incorporates the CRI-O container engine instead of the Docker container engine.
CRI-O offers specific compatibility with different Kubernetes versions and also offers a smaller footprint and reduced attack surface than is possible with container engines that offer a larger feature set.
5. Fedora CoreOS
Reading from Fedora Documentation, Fedora CoreOS is an automatically updating, minimal, monolithic, container-focused operating system, designed for clusters but also operable standalone, optimized for Kubernetes but also great without it. It aims to combine the best of both CoreOS Container Linux and Fedora Atomic Host, integrating technology like Ignition from Container Linux with rpm-ostree and SELinux hardening from Project Atomic. Its goal is to provide the best container host to run containerized workloads securely and at scale.
To get started with Fedora CoreOS (FCOS), it has no install-time configuration. Every FCOS system begins with a generic disk image. For each deployment mechanism (cloud VM, local VM, bare metal), the configuration can be supplied at first boot. FCOS reads and applies the configuration file with Ignition. For cloud deployments, Ignition gathers the configuration via the cloud’s user-data mechanism. In the case of bare metal, Ignition injects the configuration at install time.
Want to get started, check:
As Microservices is gaining more traction as time goes by, the foundation is being set so well with these industry leaders to make sure that future applications and workloads enjoy a better experience than today. The advantages that containers bring to the table cannot be overemphasized.
The portability, ability, and ease of deployment under microservices are the efficiencies that have been missing and here they are. Minimal Container Operating Systems are going to be the focal building blocks for hyperscaling Kubernetes clusters due to their structure that marries well with Kubernetes.
In case you are interested in Kubernetes-related material, then please do not miss the guides below: