Open in app

Sign in

Write

Sign in

Popular Micro OSes for containers you should know

Mohammad Humayun Khan
9 min readNov 26, 2021
Photo by Carlos Leret on Unsplash

The current trend is to run applications in containers, which has led to a logical consideration of removing non-essential packages and services from the host Operating System (OS). In response to this need, various vendors have introduced specialized minimal OSes designed exclusively for running containers.

Once we remove the packages that are not essential to boot the base OS and run container-related services, we are left with specialized OSes, which are referred to as Micro OSes for containers. Some popular Micro OSes are:

Alpine Linux

Alpine Linux is a Linux distribution that stands out for its emphasis on security, simplicity, and efficient resource usage. It is an independent and non-commercial distribution that has gained popularity, particularly in the context of container environments.

One notable feature of Alpine Linux is its small footprint, typically around 8 MB per container. This compact size contributes to its resource efficiency, making it a lightweight choice compared to traditional distributions. Users have granular control over the binary packages they install, allowing them to create a streamlined and efficient system tailored to their specific needs.

Alpine Linux utilizes its own package manager called apk, which simplifies the process of managing software packages. The distribution also incorporates the OpenRC init system and includes set-up scripts that facilitate ease of use. This flexibility enables users to add additional packages as required, such as PVR, iSCSI storage controllers, mail server containers, or embedded switches, expanding the capabilities of the system.

In terms of security, Alpine Linux was designed with a proactive approach. It incorporates embedded security features that actively safeguard against the exploitation of various vulnerabilities, including zero-day vulnerabilities. This focus on security aims to provide a robust and secure foundation for containerized applications.

Overall, Alpine Linux’s unique blend of security, simplicity, and resource efficiency makes it a popular choice for those seeking a lightweight and secure operating system, particularly in the realm of container deployments.

Key benefits of using Alpine Linux are:

  • It is a minimal OS designed to run containerized applications as well.
  • It is designed for security, simplicity, and resource efficiency.
  • It requires 8 MB as a container.
  • It requires 130 MB as a standalone minimal OS installation.
  • It provides increased security by compiling user binaries as Position Independent Executables (PIE) with stack smashing protection.
  • It can be installed as a container, on bare metal, as well as VMs.
  • It offers flavors optimized to support Xen and Raspberry Pi.

Find more here: https://www.alpinelinux.org/

Atomic Host

Atomic Host is a lightweight operating system that has been specifically constructed using RPM content. It offers a fast and reliable platform for running containerized applications, both in private and public cloud environments. There are three editions of Atomic Host available: Fedora Atomic Host, CentOS Atomic Host, and Red Hat Enterprise Linux (RHEL) Atomic Host.

Atomic Host serves as the core component of the broader Project Atomic initiative, which encompasses various sub-projects such as Cockpit and Atomic Developer Bundle. The primary objective of Project Atomic and its sub-projects is to reimagine the operating system architecture by embracing the principles of immutable infrastructure. This approach revolves around the Linux, Docker, and Kubernetes (LDK) stack, with many components sourced from the upstream elements of OpenShift Origin. The project leverages additional open-source tools like Buildah, Kompose, Bubblewrap, and skopeo.

One of the notable features of Atomic Host is its out-of-the-box inclusion of Kubernetes and related utilities such as etcd and flannel. This pre-configured setup allows for seamless integration with Kubernetes-based container orchestration.

Atomic Host introduces a command-line tool called “atomic,” which acts as a comprehensive entry point to the system. It addresses various gaps not covered by Linux container implementations. The atomic command facilitates tasks like system upgrades to the new rpm-ostree, launching containers with predefined docker run options using labels, and image verification.

In summary, Atomic Host provides a lightweight and purpose-built operating system for efficiently running containerized applications. Its integration with Kubernetes and accompanying utilities, along with the atomic command, streamlines container management and system administration tasks, making it a compelling choice for container deployments.

Key benefits of using Atomic Host are:

  • It is an OS specifically designed to run containerized applications.
  • It provides close-to-VM-like isolation but increased flexibility and efficiency.
  • It enables us to perform quick updates and rollbacks.
  • It provides increased security through namespaces, cgroups, and SELinux.
  • It can be installed on bare metal, as well as VMs.
  • It is available in Fedora, CentOS, and Red Hat Enterprise Linux editions.
  • Containers can be deployed with Kubernetes and CRI-O.
  • It integrates with Cockpit, a cross-cluster container hosts management tool.

Find more here: https://projectatomic.io/

Fedora CoreOS

Fedora CoreOS (FCOS) is an open-source project partnered with the Fedora Project. It was formerly known as Red Hat CoreOS and CoreOS Container Linux prior to that. It combines the best of both CoreOS Container Linux and Fedora Atomic Host (FAH) while aiming to provide the best container host to run containerized workloads securely and at scale.

Fedora CoreOS is a minimal operating system for running containerized workloads, that updates automatically and is available on multiple platforms. Although a container-focused operating system, by design CoreOS, is operable in both clusters and standalone instances. In addition, it is optimized to work with Kubernetes but it also works very well without the containerized workload orchestrator.

Key benefits of using Fedora CoreOS are:

  • It is an OS designed to run containerized applications, in both clustered environments or as stand-alone.
  • It enables us to perform quick updates and rollbacks.
  • It provides increased security through SELinux.
  • It can be installed on bare metal, virtual environments, and the cloud, or launched directly on AWS.
  • It combines features of both Fedora Atomic Host and CoreOS Container Linux.
  • It works well with Kubernetes.
  • It uses Ignition as a provisioning tool for early boot disk partitioning, formatting, and other administrative configuration tasks.

Find more here: https://getfedora.org/en/coreos/

RancherOS

RancherOS stands out as a lightweight and highly secure Linux distribution that takes a unique approach to container management. It is designed to be composed entirely of containers, ensuring an exceptionally small footprint compared to other Micro OSes. RancherOS achieves this efficiency by including only the essential software required to run Docker, while all other OS features are dynamically pulled through Docker.

The combination of Docker and Kubernetes as the core container management tools makes RancherOS particularly adept at handling containerized workloads across development, testing, and production environments. Its seamless integration with Docker and Kubernetes simplifies the process of running containers at scale.

One of the notable advantages of RancherOS is its containerized system services, which offer a reliable and straightforward method for managing a container-ready environment. By leveraging containerization for the OS itself, RancherOS provides a high level of modularity and isolation, ensuring optimal performance and security.

RancherOS is developed and provided by Rancher, a prominent Kubernetes-as-a-Service (KaaS) provider. With its focus on supporting enterprise containerized workloads in multi-cluster Kubernetes environments, RancherOS complements Rancher’s offerings and contributes to the smooth operation of container-based infrastructures.

In summary, RancherOS is a lightweight and secure Linux distribution that embraces a container-centric approach to manage other containers. Through its reliance on Docker and Kubernetes, RancherOS streamlines the deployment and management of containers at scale, while its containerized system services contribute to a robust and manageable container environment.

Key benefits of using RancherOS are:

  • It is a minimalist OS, by eliminating unnecessary libraries and services.
  • It decreases complexity and boot time.
  • It is highly secure due to a small code base and a decreased attack surface.
  • It runs directly on top of the Linux kernel.
  • It isolates user-level containers from system containers by running two separate Docker daemon instances.
  • It enables us to perform updates and rollbacks in a simple manner.
  • We can use the Rancher platform to set up Kubernetes.
  • It boots containers within seconds.
  • It automates OS configuration with cloud-init.
  • It can be customized to add custom system Docker containers using the cloud-init file or Docker Compose.

Find more here: https://rancher.com/docs/os/v1.x/en/

Ubuntu Core

Ubuntu Core, a lightweight variant of Ubuntu, offers a compelling solution not only for IoT devices but also for extensive container deployments. While primarily targeting the IoT domain, it has gained traction in the container space as well. Notably, Ubuntu Core outshines other container-focused operating systems with its modest size, weighing in at approximately 260MB. This surpasses the sizes of CentOS Atomic and Fedora CoreOS, placing Ubuntu Core at the forefront of container OSes.

Like its counterparts, Ubuntu Server and Ubuntu Desktop, Ubuntu Core leverages a unique software packaging format called snaps. Snaps provide a secure and convenient method for packaging applications and their dependencies, ensuring consistent behavior across different Ubuntu Core devices.

The compactness of Ubuntu Core makes it an attractive choice for resource-constrained IoT devices, enabling efficient utilization of system resources. Additionally, its adoption in container deployments brings the benefits of Ubuntu’s extensive ecosystem and community support to the world of containerized applications.

In summary, Ubuntu Core’s lightweight nature and support for snaps make it a versatile operating system suitable for both IoT devices and containerized environments. Its compact size, coupled with the flexibility of snaps, contributes to enhanced performance and streamlined management, making Ubuntu Core a compelling option for various use cases.

Security is a top concern for the designers of Ubuntu Core, implemented by features such as:

  • Hardened security with immutable packages and persistent digital signatures.
  • Strict application isolation.
  • Reduced attack surface by keeping a small OS, stripped down to bare essentials.
  • Automatic vulnerability scanning of packages.

In addition, Ubuntu Core was designed with extreme reliability, implemented by:

  • Transactional updates increase OS and data resiliency by allowing automated rollbacks when errors are encountered.
  • Automated restore points allow returns to the last working boot in the case of an unsuccessful kernel update.
  • Consistent application data snapshots.

Ubuntu Core was built for the enterprise by including secure app store management and license compliance. Developers using Core as their platform enjoy cross-platform portability of snaps from Desktop and Server to Core, together with CI/CD pipeline support and integration with Travis.

Key benefits of using Ubuntu Core are:

  • It has one of the smallest footprints of all Micro OSes available.
  • It supports automated updates and rollbacks.
  • It is highly resilient.
  • It boots the containers within seconds.
  • It is highly secure and extremely reliable.
  • It provides application isolation through AppArmor and Seccomp.
  • It integrates with CI/CD pipelines.

Find more here: https://ubuntu.com/core

VMware Photon

Photon OS™, an offering from VMware, is a minimal Linux container host tailored specifically for cloud-native applications. Its primary focus is on optimizing performance and efficiency, ensuring swift boot times on VMware vSphere deployments and cloud computing platforms. Notably, Photon OS™ is compatible with various container formats, including Docker, rkt, and Cloud Foundry Garden, expanding its versatility.

Photon OS™ is available in two versions: a minimal version and a full version. The minimal version serves as a lightweight container host runtime environment, equipped with the essential packaging and functionality necessary for efficient container management. It prioritizes speed and agility as a runtime environment. On the other hand, the full version encompasses additional packages that support the development, testing, and deployment of containerized applications, providing a comprehensive set of tools for developers.

With optimization for VMware products and cloud platforms in mind, Photon OS™ seamlessly integrates with VMware solutions. It embraces Docker, rkt, and Cloud Foundry Garden container specifications, empowering users with flexibility in their container deployments. The OS utilizes Tiny DNF (tdnf), an open-source, yum-compatible package manager, to efficiently handle package management, while service management is handled by systemd.

Photon OS™ places a strong emphasis on security. It is built with security recommendations provided by the Kernel Self-Protection Project (KSPP), ensuring a security-hardened Linux environment. Furthermore, it boasts ease of management, patching, and updates to keep the system up to date and protected. Photon OS™ even offers support for persistent volumes, leveraging VMware vSAN™ to store data for cloud-native applications.

If you’re eager to explore Photon OS™, it is readily available on major cloud platforms such as Amazon EC2, Google Compute Engine (GCE), Microsoft Azure, and even on Raspberry Pi 3, providing convenient accessibility for testing and deployment.

Key benefits of using VMware Photon are:

  • It is an open-source technology with a small footprint.
  • It supports Docker, rkt, and Cloud Foundry Garden container runtimes.
  • It includes Kubernetes in the full version, to allow for container cluster management, but it also supports Mesos.
  • It boots extremely quickly on VMware platforms.
  • It provides efficient lifecycle management with a yum-compatible package manager.
  • Its kernel is tuned for higher performance when it is running on VMware platforms.
  • It is a security-enhanced Linux as its kernel and other aspects of the operating system are configured according to the security parameter recommendations given by the Kernel Self-Protection Project.

Find more here: https://vmware.github.io/photon/assets/files/html/3.0/Introduction.html

So, these were some of the most utilized Micro OSes. I hope you enjoyed the article. 😸

Thanks, Have a great week! 🚀

Computer Science
Networking
Docker
Containers
Operating Systems

--

--

Mohammad Humayun Khan

Written by Mohammad Humayun Khan

16 Followers

Software Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams