Today, Kinvolk is making available a new channel to Flatcar Linux, Flatcar Linux Edge. This channel serves to deliver experimental Linux OS technologies to the Kubernetes developer community in an easily accessible manner. The goal is to accelerate the adoption of cutting-edge Linux technologies in Kubernetes and related projects.
First announced just over a year ago, Flatcar Linux is Kinvolk’s drop in replacement for CoreOS’ Container Linux. There were two main reasons we decided to initiate the fork. Firstly, we believe the technology is sound and valuable. Secondly, we saw the potential for using Flatcar Linux as a means of driving innovative Linux technologies into Kubernetes and the wider cloud native ecosystem. With the Flatcar Linux Edge channel we are now executing on this second point by providing a channel that delivers cutting edge Linux technologies in an easily accessible manner.
What is Flatcar Linux Edge?
Flatcar Linux Edge is an experimental Linux distribution for containers delivered as an additional channel alongside the existing stable, beta, and alpha channels. While the existing channels are intended to serve as a delivery process for stable releases, the edge channel delivers experimental features not intended for production environments. Rather, the edge channel is intended to serve as a common platform for the cloud native and Kubernetes community to experiment with new Linux OS technologies.
The Flatcar Linux Edge channel differs in several key aspects that set it apart from the existing channels. For example, the edge channel
- lives independent of the standard channel flow; changes are not necessarily expected to flow into any of the other channels.
- features are not stable and may come and go. Only features with maintainers will be accepted and unmaintained features will be removed. These changes will be included in the release notes.
- is in no way supported. The other channels are part of Kinvolk’s Flatcar support coverage, the edge channel will not be.
What’s in the initial channel release?
The first release of the Flatcar Linux Edge channel includes the following collection of enhancements, including those needed to demonstrate upcoming BPF tools the Kinvolk team will be highlighting in follow-up posts. These initial features are…
- Wireguard a fast and modern in-kernel VPN technology
- cgroups v2 enabled by default on the system and in container workloads
- cri-o a container runtime built for Kubernetes
- some hardcoded OCI hooks to ease experimentation in Kubernetes
- additional tools installed on the host, available to aforementioned OCI hooks: bpftool, cgroupid
Ideas for future inclusion
In the future, we’d like to see support for
- restricted /proc (see our article on unprivileged container builds),
- experimental kernel patches (especially for BPF),
- new container runtimes and features,
- seccomp with external tracer (SECCOMP_RET_TRACE in Linux 4.8).
These are just the things we at Kinvolk have thought of. We’re looking forward to seeing what kind of things the community would like to add.
Why Flatcar Linux Edge?
At Kinvolk we frequently work on cutting-edge Linux technologies that are not yet available in conventional Linux distributions. In doing so, we spend a good amount of time setting up and configuring systems; compiling kernels, patching software and configurations, etc. With edge we want others to benefit from this effort and also provide the community a platform to deliver and experiment with such technologies. We think Flatcar Linux Edge can be the platform for driving innovative features into Kubernetes and related tooling.
As an unstable, experimental channel, the barrier of getting a feature in is decidedly low. The only requirement is that you commit to maintaining that feature or see it removed in future releases. So if you have ideas, get in touch.