Fedora CoreOS is an automatically updating, immutable operating system built on the trusted Fedora Linux distribution. It allows containerized workloads to run securely and at scale. It combines the benefits of containerization with the reliability and security of an immutable infrastructure. In this article, we’ll explore the unique capabilities of Fedora CoreOS and its use cases.
The Essence of Immutability in Fedora CoreOS
One of the core principles of Fedora CoreOS is immutability. In traditional operating systems, individual packages are updated. In Fedora CoreOS, updates are applied atomically as a complete replacement of the entire OS. This approach ensures consistency and reliability across deployments. It also eliminates potential drift or configuration issues caused by incremental updates.
Automated Deployments with Ignition and Butane
Fedora CoreOS leverages Ignition configuration files for automated provisioning and configuration of instances during the initial boot process. However, instead of manually creating these JSON-formatted Ignition files, you can write the configurations in a simpler, human-readable, YAML based format called Butane config. Butane files are then converted into the corresponding Ignition files using the Butane tool.
By automating the provisioning process with Ignition configs generated from Butane specifications, you can consistently deploy and configure Fedora CoreOS instances across different environments. These configuration files ensure repeatable and reliable deployments. The instances apply the configuration defined in the Ignition config on the first boot.
This automation capability is particularly valuable for infrastructure components use cases that require high availability and minimal downtime. These may include systems such as load balancers, firewalls, and other critical systems.
Container orchestration and Kubernetes cluster setup
Fedora CoreOS is optimized for running containerized workloads and seamlessly integrates with container orchestration platforms like Kubernetes. It comes pre-installed with both Podman and Moby-engine (Docker) for all your container needs.
Fedora CoreOS is also at the core of OKD, the community distribution of Kubernetes. It is built from the same projects as Red Hat OpenShift. Additionally, you can customize Fedora CoreOS for specific workloads or environments. This makes it particularly useful for setting up dedicated Kubernetes clusters for different applications or environments.
One notable example is Typhoon. A free and open-source project that provides declarative Kubernetes infrastructure management and integrates with Fedora CoreOS. With Typhoon, you can define your desired Kubernetes cluster configuration using human-readable language. And it will provision and configure additional cluster components, including Fedora CoreOS machines serving as worker nodes. This integration enables efficient and flexible Kubernetes deployments tailored to your needs. It ensures consistent and repeatable configurations across diverse environments like bare metal, cloud providers, and local networks.
Customization and workload optimization
While Fedora CoreOS is immutable, it is still customizable for specific workloads or environments. This capability enables you to optimize Fedora CoreOS instances for particular applications or use cases by adding necessary packages, configurations, or services.
By tailoring Fedora CoreOS to your workloads, you can strike a balance between the benefits of an immutable operating system and the flexibility to meet your requirements. This approach ensures that your applications run in a consistent and optimized environment while still leveraging the security and reliability advantages of CoreOS.
Automatic Updates and Resilience
Fedora CoreOS follows a structured release cycle. Update releases typically occur every two weeks after undergoing extensive testing and validation through multiple update streams, such as “testing” and “next”. This automatic update mechanism ensures that Fedora CoreOS instances stay up-to-date with the latest stable releases. This mechanism also minimizes security risks and provides access to new features and enhancements.
You can opt to run instances on these testing streams to automatically evaluate upcoming releases before deploying to production. This way, you can identify and mitigate potential issues or incompatibilities. If an update introduces problems or vulnerabilities, the ability to roll back to a previous version further enhances the resilience of Fedora CoreOS-based infrastructure.
Hybrid cloud and General-Purpose Server Capabilities
While Fedora CoreOS is optimized for running containerized workloads and Kubernetes clusters, it is also designed to be operable as a standalone, general-purpose server operating system. This versatility makes it a compelling choice for a wide range of server workloads, beyond just containerized applications or Kubernetes clusters. It can provide benefits such as improved security, reliability, and reduced maintenance overhead, even for traditional server applications.
Exploration and learning on Fedora CoreOS
As an open-source project, Fedora CoreOS serves as a valuable resource for exploration and learning about immutable operating systems, containerization, and modern infrastructure practices. The Fedora CoreOS rich documentation includes articles like “Getting Started with Fedora CoreOS” and a host of other useful information about Fedora CoreOS. The Fedora CoreOS FAQ provides a solid starting point for understanding and experimenting with Fedora CoreOS. If you are new to Fedora CoreOS, the tutorial section is a great place to start. For further information about ignition files and how they are made from butane files, check out this section of the Fedora CoreOS documentation.
Additionally, the open-source nature of Fedora CoreOS fosters community collaboration and contribution, enabling knowledge sharing and collective advancement of the project. This inclusive ecosystem encourages users to explore, learn, and contribute to its development, further enhancing its capabilities and adoption.
In conclusion
Fedora CoreOS offers a powerful combination of immutability, automatic updates, container optimization, and customization capabilities. All of this makes it a versatile choice for modern infrastructure and application deployment scenarios. Fedora CoreOS provides a robust foundation to meet diverse needs. Whether you’re deploying containerized applications, setting up Kubernetes clusters, exploring edge computing or IoT, or building secure and resilient infrastructure.
By embracing the principles of immutable infrastructure, automated deployments, and containerization, you can unlock the full potential of Fedora CoreOS and drive innovation in your organization’s infrastructure and application delivery pipelines.
Hristo Marinov
Great article!
The tutorial section link should refer to the https://docs.fedoraproject.org/en-US/fedora-coreos/tutorial-setup/. Can you please fix it?
Gregory Bartholomew
Thanks for reporting this problem. I think it has been fixed.
Dave
I’ve been using CoreOS since it was released for the RPi4b running Podman pihole container for my homenet. It runs and runs and runs…
Yesterday I did the upgrade to FCOS 40 and rewrote my pod config for quadlet.
So – have a lot of fun!™
(SCRN)
Jasper
I am selfhosting a mailserver, an Owncloud (Infinite Scale) instance and a Prometheus/Grafana stack – and they all run Fedora CoreOS 🙂 Uptime has always been between 99.9 and 100 % during the last months. Every two weeks the machines are updating themselves in the middle of the night – and hardly one minute later the system is working again. Of course I could even optimize things by digging deeper into container orchestration/Kubernetes etc., but it’s just fascinating to see how powerful and reliable three little VPS machines could be!
I was quite happy using Debian before, but deploying Fedora CoreOS was just fun – and I learned a lot about containerization, automation and system administration in general.
Thanks alot – you guys rock! 🎉 Keep up the good work 🙂
Sent from my Silverblue laptop
adam
I have also considered looking at CoreOS for a mail server. I currently use RHEL but CoreOS has always been on my mind. Are you able to share any details?
Jasper
I am using Docker Mailserver (DMS), Roundcube with MariaDB and NGINX as reverse proxy sitting in a pod all together which is starting via systemd at boot time.
Despite the “Docker” in the title, DMS seems to work pretty great with Podman, too 🙂
I originally used this article as a basis to get started (and replaced the matrix-related stuff in the YAML config with DMS and Roundcube containers): https://fedoramagazine.org/deploy-your-own-matrix-server-on-fedora-coreos/
Be aware that this article is already antiquated now (Butane was even called “FCCT” back then 😉 ) – but the associated Github repo has apparently been rewritten using Quadlet a few months ago: https://github.com/travier/fedora-coreos-matrix
I also find this guy’s blog posts very useful to learn more about the topic: https://major.io/posts/
He e. g. wrote a guide to deploy WordPress via Quadlet. It’s not exactly the same use case, but at the end the process is quite similar 🙂
Dominik
What is the difference between Fedora CoreOS and IoT? I could never really grasp the difference, I assume both are container-centric and use rpm-ostree.