Flatcar Container Linux is a fully supported, open source Linux distribution optimised for use in container environments. It was developed by the Berlin-based consulting and development company Kinvolk and is based on CoreOS. Flatcar is often used for container orchestration systems such as Kubernetes or Docker Swarm. Therefore, it is an operating system specifically designed for running containers and cloud-native applications. It is an alternative to other operating systems such as CoreOS Container Linux or RancherOS, which are also designed for container workloads.
As already mentioned, Flatcar is based on CoreOS. The reason for this decision was that CoreOS was acquired by Red Hat in 2018, resulting in Red Hat Core OS (RHCOS). This new version was no longer compatible with the original version in the long run, which forced many users to adapt their setup. For this reason, Kinvolk forked the last stable version of CoreOS and started to develop Flatcar from it (end of 2019).
In April 2021, it was officially announced that Flatcar would be acquired by Microsoft. However, Microsoft and Kinvolk want to ensure that Flatcar Container Linux remains an open and community-driven project for the user community. Microsoft is officially acting as a sponsor and wants to learn from the open source community around Flatcar. However, the aim is not to provide a kind of “Microsoft Linux”.
The community idea is also clear in the company’s external communication. There are appropriate channels via Matrix and Slack to communicate directly with maintainers. This relates to release information or even technical topics. In addition, they hold regular Office Hours, release planning sessions, bug smashing sessions or docs-writing days. All of these are public online meetings.
When taking over, the aim was also to include the same features as CoreOS. These include in particular the terminal environment as well as etcd to build up a central configuration store in cluster mode between the various Flatcar instances. Another important feature that remains is the micro-updates for the individual components, which can also be executed during runtime. Since there are still many users who use CoreOS, it is possible to update directly to Flatcar, as both systems are still compatible. This can also be done at runtime.
In conclusion, it can be said that it is basically a CoreOS with an update guarantee.
Versioning
Flatcar is now released in four different versions. First, there is the alpha version, which is mainly intended for developers. Then there is the beta version, which is usually released as a canary release. Through this process, a new version is first delivered to a smaller group of users in order to identify possible problems early on and reduce the risk of failures. For productive operation, however, the stable version should be used.
Lastly, there is an LTS version that is updated with patches over the course of a year. These updates are provided via Nebraska, a FOSS update server run by Kinvolk itself. Every 12 months a new release version is made available, while each version has a lifetime of 18 months. This ensures that one has 6 months to perform the corresponding update. By comparison, CoreOS did not have such an LTS version.
Flatcar’s first feature is that it is an immutable infrastructure. The aim is to define the operating system with the desired settings already during provisioning or to let this happen dynamically at runtime. Since it should not be possible to make one’s own changes at runtime, it can be ensured that the state of the operating system is kept as low as possible. This is achieved through isolation, so that no dependencies arise between the operating system and the application. Instead, a clean API exists that is documented via configuration files. This makes it possible to carry out operating system updates without dangerous side effects. Due to the previously described properties, it is an image-based operating system that enables automatic and stateless installation. This is achieved through a declarative configuration using Ignition. Fully automated roll-outs as well as easy integration into orchestration environments such as Kubernetes are also possible as a result, using Terraform Provider.
Structure and updates
In general, as already described, Flatcar was developed on the basis of CoreOS to be specifically optimised for container workloads. This in turn is based on the principles of Gentoo, with the aim of working with a minimal set of packages. The update mechanism was taken over from ChromeOS.
Let’s now take a closer look at the structure and the update function. Of course, automatic updates and rollbacks of the operating system itself are also possible. This can be ensured by providing two partitions for the operating system. There is OS-A, which is active and read-only. For security reasons, this is set so that no binaries can be changed. The second partition called OS-B, is empty when provisioned to provide storage for an update. Both are provided with one gigabyte of storage space. In addition, there is a small boot area and at the end there is the root area.
Due to the structure described, it is now possible to carry out automatic updates. The new version is downloaded in the background and installed on the free OS partition. Afterwards, a restart takes place without changing the root partition. During this process, the dependency chain is checked to determine whether the node is healthy. This chain determines which applications or services must be started in order to achieve the desired status. If errors occur when restarting during the update, a rollback is automatically carried out to prevent errors. However, if the node is marked as healthy, the new partition is marked as the new root partition. To ensure that automatic updates do not reboot too many nodes at the same time, this can be controlled either via etcd or via FLUO (Flatcar Linux Update Operator) if a control plane is available. FLUO is a Kubernetes operator that was developed specifically for the automated management of software updates on Flatcar Container Linux systems. It automates and simplifies the update process through monitoring, preparation and execution. FLUO also comes from Kinvolk.
Installation
Flatcar is variable in terms of installation, be it with cloud providers, virtual machines or even installation on different bare-metal systems. There is an installation guide for each use case listed.
-
Cloud provider
-
AWS EC2: Flatcar offers pre-configured AMIs for its container Linux platform on Amazon Web Services, available in different regions and deployable via different methods.
-
Equinix Metal: Equinix Metal offers bare metal cloud hosting and Flatcar Container Linux is one of the available operating system options.
-
Microsoft Azure: Flatcar Container Linux offers official images in the Azure Marketplace and can be automatically updated.
-
OpenStack: Official images available.
-
-
VMware
-
Google Compute Engine: Official images available.
-
Google Cloud Launcher: Provides a quick way to launch and use FCL in the Google Cloud.
- Digital Ocean: Available as a custom image.
-
Hetzner
-
-
Custom Images
-
Virtual Machines
-
libvirt
-
QEMU
-
Vagrant
-
VirtualBox
-
-
Bare Metal
-
ISO
-
iPXE / PXE
-
Raspberry Pi 4
-
installation script
-
Conclusion
In summary, Flatcar is an open source container Linux distribution based on CoreOS and developed by Kinvolk. The distribution focuses on providing a lean, performant, secure and reliable operating system for managing containers. An important feature of Flatcar is the automatic update function, which ensures that the operating system is always up to date and potential security threats are minimised. Especially for users who are still using CoreOS, this is a good opportunity to switch to Flatcar, as you have the same functions and also receive the latest updates. Getting started is made even easier with instructions directly from Flatcar.
Translated with our automatic markdown translator! 🙌