Host OS Options

development
architecture

#1

Hi All,

I am currently running RHEL on my Nodes but would like to change that to a container OS.
So I was wondering what container OS’ are out there in production and available to use. I also think it would be good to have a list for everyone to see what options are available.

Here’s a running list so far, which is far from complete.

What else is out there and production ready?


#2

Just a thing to note re: CoreOS – They are undergoing a fundamental rework. Container Linux and Fedora project atomic are merging with some aspects being kept from both. The big thing is that it will be based on fedora and use ostree for updates instead of omaha. The current ongoing discussion about it is happening in the Fedora forums.

The original path of Container Linux has been taken up by Kinvolk and their Flatcar Linux project and they have pledged to maintain it.


#3

Ya I remember there being talk at Kubecon about that. From what I recall Red Hat will support two OS version Red Hat CoreOS and Fedora CoreOS (being upstream as you said). The catch would be that to use Red Hat Core OS would be stable you have to go all in with OpenShift.

Good to hear someone took up CoreOS’ place. I was aiming to target that before the Red Hat acquisition.


#4

One more thing, container Linux, I think, will EOL at the end of 2019. That is not the case for flatcar Linux.

Also, you don’t need a container specialized distro to run kubernetes. You can use a plain Debian, for example, with specific docker versions. Kops, for example, supports this.

But container oriented distros (like container Linux form coreOS or flatcar Linux) tend to have nice approaches (like two partitions for booting and managing updates in a nice fashion), be harden by default (like read only mounts that may avoid some vulnerabilities, see for example https://kinvolk.io/blog/2019/02/runc-breakout-vulnerability-mitigated-on-flatcar-linux/) and may have backports from kernel patches that are relevant for containers (as the focus is mainly that).

Nevertheless, as I said before, as long as you run Linux and have a container runtime, you can use any distro :slight_smile:


#5

The reasons you listed are exactly why I am trying to track down more options.

I really like the idea of having a smaller OS and having a reduced attack surface is great to for helping manage security concerns.

But like you said any distro will work, and right now our RHEL Nodes are pretty stable even with all those unneeded packages :slight_smile:


#6

Hope these options help. Please share if you try them :slight_smile:


#7

It is true that any Linux-based operating system will work as your base, but NIST recommends the use of a container-specific operating system as it reduces the attack surface (Page v), if that sort of thing matters to you.


#8

It’s on my list of things to do over the next few months, I will share any findings I have :slight_smile:


#9

While I wouldn’t consider it prod ready by any means yet, I’m keeping tabs Talos. It’s looking to be a very nice light and secure option.


#10

That does sound promising, thanks for reminding me about it. I’ll add it to the list