Hi All,
As we all know that CoreOS reached EOL on May 26th, 2020 and with this arose
the need to find a suitable replacement that meets the need of resilience,
popularity, and security. Keeping these aspects in mind, we looked at some
viable options like Alpine Linux, FlatCar Linux, and Debian. Doing some basic
PoCs on each of them and understanding how they fair in the community, we based
our decision on the following metrics/parameters:
FlatCar Linux Alpine Linux Debian
Brief Description Drop-in replacement for CoreOS Alpine Linux is a Linux
distribution based on musl and BusyBox, designed for security, simplicity, and
resource efficiency Debian is one of the oldest operating systems based on
the Linux kernel. New distributions are updated regularly, and the next
candidate is released after a time-based freeze.
Size ~ 500MB – 600MB Small image of approx. 5MB – Because of its small size,
it is commonly used in containers providing quick boot-up times ~ 500MB – 600MB
Security Quite secure as it mitigates security vulnerabilities by means
of delivering the OS as an immutable filesystem All userland binaries are
compiled as Position Independent Executables (PIE) with stack smashing
protection. These proactive security features prevent exploitation of entire
classes of zero-day and other vulnerabilities. Debian is on a par with most
other Linux distributions.
Release Management Frequent releases – almost bi-weekly or monthly There
are several releases of Alpine Linux available at the same time. There is no
fixed release cycle but typically every 6 months Debian announces its new
stable release on a regular basis. 3 years of full support for each release and
2 years of extra LTS support.
Maintenance It is maintained by Kinvolk – a Berlin based consulting firm
known for their work around rkt, Kubernetes, etc. Alpine Linux is backed by a
pretty large community base with mailer lists, etc. to find support
Unparalleled support –claim to provide you with answers for queries on mailing
lists within minutes!
Main Reason for Choosing / Not Choosing NOT CHOSEN: A small community, not a
popular choice and chances of meeting the same fate as CoreOS i.e., EOL NOT
CHOSEN: Init system used by Alpine Linux is openrc – and up until recently k8s
did not support openrc systems
https://github.com/kubernetes/kubeadm/issues/1295 CHOSEN: Huge community
support, and most importantly – we can modify the existing systemVM templates!
With the above, we propose using the Debian-based systemVM template for apart
from the fact that it has a huge community support, we already have it
registered in our CloudStack environments, thus making it readily available for
consumption by CKS for deploying Kubernetes clusters, with no requirement of
registering a new template. To enable systemVM to be consumed by CKS a few
packages like docker, containerd, are installed on the systemVM template,
however, these services are disabled by default in the systemVM template and
are only enabled and started for CKS nodes. We've proposed a PR here:
https://github.com/apache/cloudstack/pull/4329.
Thanks & Regards,
Pearl Dsilva
pearl.dsi...@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
