
Fedora CoreOS Out of Preview - ecliptik
https://fedoramagazine.org/fedora-coreos-out-of-preview/
======
usr1106
The positive headline hides bad news for those of us who run CoreOS. CoreOS
will be out of support soon(?). Migration instructions have been announced,
but not written yet...

There is a CoreOS fork at [https://www.flatcar-
linux.org/](https://www.flatcar-linux.org/) promising seamless continuation. I
have no experience with or further knowledge about it.

~~~
hunta2097
Is there a firm date for this? The original statement was "at least to the end
of 2019". My employer uses CoreOS Container Linux extensively. It's really
frustrating not knowing when the hammer will drop.

I'm not sure Flatcar Linux will make it through our security team. I'm
"looking forward" to the migration guide to see how much pain i'm in for!

~~~
blixtra
Chris from Kinvolk here.

We're happy to talk about what you need on the security front. Some of the
folks working on Flatcar Container Linux have a very strong security
background; worked on AWS' EC2 security team, do regular pentesting for
distributed systems[1], have reported dozens of security issues to upstream
projects packaged in Flatcar Container Linux, including the kernel.

We've just now started breaking away from the upstream project, and updating
packages. Addressing any open security issues is front and center in our
efforts. If you have concerns we'd love to hear them.

We worked with CoreOS team for years (was our founding project) and they
trusted us on the security front. We feel that if you trusted CoreOS and know
our team + background, you should have just as much trust in Kinvolk.

[1]
[https://www.youtube.com/watch?v=ze1vgh8sjlE](https://www.youtube.com/watch?v=ze1vgh8sjlE)

~~~
hunta2097
Hi Chris,

Thanks for the informed response. To be honest I hope Flatcar does well, I
notice the Docker version has been updated on your edge release - long overdue
from the upstream project!

I will let you know if our security team has any issues if and when they look
at it.

Thanks for giving everyone the option of staying on Container Linux!

~~~
blixtra
The whole point of CoreOS Container Linux was to deliver a steady stream of
security/software updates. We've been eager to update packages for Flatcar
Container Linux but have wanted to maintain as much compatibility as possible
for as long as possible. Fairly soon, however, we'll be introducing an updated
kernel and user space (systemd, Docker, etc.) into the alpha channel. For us,
this will mark the point where we feel like we're fully taking the reins from
CoreOS and carrying forward the original objectives.

------
rossmohax
Ignition is a killer feature, so much better than cloud-init, glad to see it
surving and being actively worked on.

------
grizzles
Is this the best solution if I want a standalone bare metal server that can
spin up VMs? I'm looking for the closest analog to for example, an open source
digitalocean style platform. Also interested in something that lets me manage
CUDA/TF/PyTorch jobs. I know and understand docker and kvm but not kubernetes
yet. TBH I find this entire space totally confusing.

~~~
jordanbeiber
If Ubuntu is acceptable, Canonical LXD/LXC is worth looking at - containers,
but full OS ones. Just so simple to configure and use, and minimal overhead.

Have used it without much problems for all kinds of workloads.

~~~
CameronNemo
LXD will fully support KVM soon, too.

------
Jonnax
Should I be using CoreOS for my containers?

Generally I've been using either Ubuntu or Alpine as bases.

Also it looks to be Red Hat based? Is there a Debian equivalent?

~~~
GordonS
I think CoreOS is more intended for use as a container host - so you'd run
CoreOS on a VM or bare metal, and that machine would run your Ubuntu/Alpine
containers.

~~~
Jonnax
Ah I see. I totally missed that.

So that's quite interesting. Because on the host I generally run Ubuntu 18.04.
Because I know how it works and can ensure it's secured and up to date.

Same with someone with familiarity with Redhat/Centos etc.

But installing a whole different OS?

Like I get it on niche Linux distros where people like packaging their desktop
environments whilst pulling in Debian packages for everything else, for
example.

But what's the advantage here?

~~~
GordonS
There are a few advantages.

First is minimalism - it's designed to run containers.

Next is automatic, atomic updates - layers that comprise the entire OS are
"pulled" and updated when the host boots, similar to how updates work with
containers. Because updates are atomic, they can also be rolled back.

I think there is also built-in support for rolling updates across a fleet of
host machines.

I find CoreOS a very interesting proposition, but because it's so different
from other distros, there is going to be a learning curve.

~~~
BossingAround
> I find CoreOS a very interesting proposition

I personally find CoreOS very confusing. None of the advantages you mentioned
are a problem nowadays, for personal computing. I haven't heard of Debian,
Ubuntu, or RHEL update that would bork the system in a long while. All of
these distros are more than capable of running containers...

And, for corporate use? You'd use Debian + Kubernetes to take care of your
needs, wouldn't you?

As I said, I'm left here scratching my head, thinking up usecases for this
system.

~~~
krn
> I haven't heard of Debian, Ubuntu, or RHEL update that would bork the system
> in a long while. All of these distros are more than capable of running
> containers.

Fedora CoreOS is designed to have the smallest possible attack surface out of
all operating systems currently capable of hosting containers.

Unlike Ubuntu, Debian, and CentOS, Fedora CoreOS doesn't contain packages that
aren't required for hosting containers, and is automatically kept up-do-date
without any manual interventions.

Just like Chromium OS on PCs, Fedora CoreOS on servers eliminates the need for
"dist-upgrade", and thus reduces risks and increases reliability.

------
kim0
Still no okd 4.3 though. Waiting

~~~
pepemon
This. I was waiting for new CoreOS just because of being the blocker for OKD
release.

~~~
smarterclayton
Still trying to land the remaining changes to 4.4. It’s working, just a lot of
workarounds still waiting to be replaced with real changes. It has definitely
taken longer than anticipated to line up all of the impact from Fedora CoreOS
cleanup and changes.

