An interview with CoreOS cofounder Brandon Philips
At the Core
CoreOS was cofounded in 2013 by Brandon Philips, a former SUSE Linux kernel developer. Since then, CoreOS has gained fame as a specialized Linux with the focus on clusters and containers. We caught up with Philips at LinuxCon North America to talk about CoreOS, 25 years of Linux, and the new challenges facing the modern IT infrastructure.
Linux Magazine: Linux celebrated 25 years in August. As the cofounder of the youngest Linux company, what do you think we have achieved in these last 25 years?
Brandon Philips: At this point, Linux is the dominant operating system, and that feat was accomplished by the hard work of a ton of different organizations and people. It's an amazing story. Linux enables lots of disparate people to have a shared goal, and through that shared goal, it created a software project that's enormously successful.
Just look at CoreOS Linux. It went from an idea to our first alpha release in just a few months. That [was] really not possible before the age of Linux. The fact that you can take Linux abstraction and run the same applications that you would on your mobile phone all the way up to the largest supercomputers in the world is a pretty large testament to the success of the project.
Linux has grown tremendously over the years, from back when it wasn't "anything big and professional, like GNU," to a disruptive infrastructure keystone that continues to realign IT values and practices.
Choosing a server operating system today isn't a contest between Windows and Linux – it's deciding which Linux distribution best meets your goals. These days, many contributors and maintainers are part of corporate engineering teams driving innovation for enterprise needs. That's made the Linux community continually stronger. Linux and open source companies have shown that they can thrive in the modern economy, and CoreOS is set to continue that trend.
LM: What, according to you, played a big role in this massive success of Linux?
BP: Really it's the story of the huge expansion and growth of computing hardware, and that's what has caused Linux to grow so rapidly. We're essentially talking about the substrate that makes every single economic engine in the world happen is compute. Then the dominant operating system for that is Linux, and it's really like the success of Linux is really the success of the resources porting globally to make computers work in this huge system that we now call the Internet.
Linux has just had the great fortune of emerging at the correct time with the correct set of licenses with a super passionate set of engineers and developers who were able to make a career out of it. Not just as some hobby project or a collection of vendor interests (what happened to the BSDs), but a legitimate set of career paths opened up to making Linux successful. Not just interesting intellectual pursuits, but an actual legitimate career.
LM: You mentioned licenses. Do you think GNU GPL also played a role in the success of Linux?
BP: I think the GPL was important in the time and place in which Linux was created. Linux started to get traction in a time where the industry didn't understand open source or how to engage with it. I think today, in 2016, companies understand they have to collaborate or get left behind when they integrate open source into their products.
Having that license, I think, is less important today than it was 25 years ago.
Essentially, the industry understands now the norms, the expectations, and the road to success, regardless of what license was actually powering that project. I think the success that we've seen over the last 15 years of Apache-style projects kind of speaks to that. You have vendors, but for the most part they aren't silly enough to hard fork the open source project and never contribute back because they know they will get left behind.
LM: Linux kind of rules the data center. Now that we are entering the era of private cloud, containers are becoming increasingly popular. What role do you think Linux is going to play in the modern IT infrastructure and cloud?
BP: With the demand for cloud and microservices, Linux containers and Kubernetes offer the most effective path to modernizing IT infrastructure. The Linux open source community is a great venue and way for anyone to try and develop on the newest methodologies. And with those in need of enterprise-level solutions delivered by companies like CoreOS, there is a world of possibilities to help any company adopt modern infrastructure.
Commoditization is a mark of the tremendous success of Linux. Today, orchestrating clusters of these individual Linux machines is the center of innovation. Kubernetes has grown from an internal Google project to be the open source and open community center of much of this thinking and work, gathering the best contributions from a cross section of software and industry innovators.
This innovation has turned containers into a secure, agile development and deployment platform. With the high portability container infrastructure provides, users and enterprises can migrate their container images between private data centers and the cloud, changing their deployments to meet their needs and eventually making decisions about "where" an application runs more economic than technical.
LM: Now let's talk a bit about CoreOS. What is CoreOS, a company or a distribution?
BP: It's kind of funny. Early on, we got this advice to name the company after the first product. CoreOS Linux was the first product that we built. But we were not an operating systems company. Our sales pitch was similar to Salesforce [in] that there is no software; you run it in [the] cloud. What we were trying to build was an application management or a services company. We were trying to build services that help people manage their applications, manage upgrades of their clusters, and essentially adopt this style of computing; you can call it cloud native or GIFEE [Google Infrastructure for Everyone Else]. CoreOS just happened to be our first product, and the company was named after it.
LM: What lead to the creation of CoreOS?
BP: I want to start with a clarification: We have CoreOS, the company, and CoreOS Linux, the operating system.
We started CoreOS with the mission to fundamentally improve the security of the Internet. All of our projects, and the work we contribute to other open source projects, build toward that goal. The main mechanism for us to achieve this goal is based on improving the infrastructure that powers the Internet, providing automation, simplifying deployments, and increasing ease of use. We call this kind of infrastructure GIFEE. To deliver GIFEE, we develop[ed] CoreOS Linux, rkt, etcd, Kubernetes, and many other open source projects.
CoreOS Linux is the first project we started on our journey to secure the Internet, and its atomic and automatic updates form a foundation for GIFEE. CoreOS Linux is an open source operating system designed around containers and security from the ground up. CoreOS Linux is optimized for rapid container deployment at [a] massive scale, and automatically applies updates to protect itself and the containers it runs from the latest exploits.
While the OS is important, the path is to deliver a hyperscale infrastructure that helps companies focus on their apps and improve the way they manage and upgrade them.
With Tectonic, we provide a full stack solution for enterprise container deployments – GIFEE in a box. Tectonic is powered by many components maintained by CoreOS and Kubernetes, the open source container orchestration manager, for the most secure and scalable production-ready container environment.
LM: What's the base of CoreOS Linux?
BP: Spiritually, CoreOS Linux is inspired by the automatic update introduced in Firefox, Chrome, and Internet Explorer and the embedded and mobile operating systems like Android, Chrome OS, and iOS with minimal OS surface and discrete system image in mind.
Technically, CoreOS Linux is based on the Chromium OS auto-update concept and its protocol ("Omaha"). This formed the initial basis for CoreOS Linux CoreUpdate tools and services for atomic, automated system updates. A specialized cut of Gentoo forms the minimalist package tree and build system for the CoreOS Linux image. CoreOS uses this kit internally to build the single, discrete operating system image – CoreOS Linux users and admins don't need to interact with Gentoo tools and processes like emerge and build.
LM: I recall you used to work with SUSE as a kernel developer. I wonder why you didn't choose SUSE/openSUSE or Zypper for CoreOS Linux?
BP: Traditional Linux distributions are based around individual application packages and dependency management with tools like Zypper and weren't a fit for the defining features of CoreOS Linux: atomic, automatic whole-system updates.
The best solution for us to create CoreOS Linux was to start with a distribution that most closely matched our goals: A secure operating system, designed to automatically and entirely update itself to gain ground in the zero-day race. From that foundation, we built CoreOS Linux, an operating system for container clusters. CoreOS Linux automatic updates work much like those for web browsers Chrome and Firefox, which are automatically updated with the latest features and security fixes without [the] user having to manually perform an upgrade process.
LM: One of the main features of CoreOS is automatic updates, but there is this culture among sys admins where they are very reluctant about such updates. Also they may not be comfortable with using "upstream" package[s] that have not been fully tested.
BP: For CoreOS Linux, we maximize security by having the operating system update itself automatically. The stack becomes more secure without the need for admin intervention, minimizing the time the stack is vulnerable, especially when an update is rolled out in the middle of the night.
We built CoreOS Linux to run containers, making it lightweight with less attack surface, as well as more idempotent: Applications running above the operating system are discrete containers independent of libraries or supporting applications below them. Since the container run time downloads and manages the necessary container images, the OS doesn't need a package manager. While these features individually provide great security, in combination they provide a secure foundation and uniquely powerful benefits for the rest of the container cluster architecture.
CoreOS Linux is released in familiar "alpha," "beta," and "stable" channels reflecting the positions of each version on the stability-freshness continuum. By staging the three operating system channels proportionally across an orchestrated cluster of machines, such as a Kubernetes and Tectonic cluster, ops teams can smoke test successive alpha and beta releases before migrating them more widely across the cluster as they are promoted by CoreOS to stable . Stable machines form the core reliability and quorum backbone of the cluster, but applications are continually tested against future CoreOS Linux releases at cluster boundaries.
The practice – you could think of it as "continuous OS certification" – provides a deeper assurance of compatibility [than] even the most rigorous static version certification regimes and balances it with the critical race to stay current in the face of evolving security threats.
LM: I have talked to many companies, and at one end are those who like the idea of going fast to stay secure; on the other end are those who believe that once you set up a server, don't touch it. What's your take on it?
BP: Our take is that servicing and operating software is the only legitimate solution to security concerns. You have to have a pipeline in place whereby you find out about an incident, and you can fix that incident. It has to happen [in] the course of minutes to hours. It can't happen [in] days to weeks.
We see that happen over and over and over again. We have seen these cases of enterprise firewalls that had a known security vulnerability; it's unpatched. And there are tens of thousands of deployments. If you don't have the hygiene, then you simply will never have a secure infrastructure. That's our opinion, and we're building those capabilities in[to] our products, as I talked about earlier.
I will repeat that it's really about doing the upgrades in a way that are automated and safe. You simply don't have a choice if you want to actually hold on to important data.
LM: You are a new company and the container cloud space is very dynamic. What are some of the biggest challenges ahead of CoreOS?
BP: The status quo is the challenge. However, with the demand for cloud and microservices, right now enterprises are beginning to seriously realize the need to update their infrastructure for their future – not just the next year, but to the next 10 years and beyond. The market is ready and beginning to embrace container-based infrastructure to keep up with the demands. Our biggest challenge as a whole is to ensure enterprises go beyond the status quo and have a clear path to accelerate and adopt hyperscale infrastructure to power their business. And our significant open source contributions and products, like Tectonic, are making it happen.
Buy this article as PDF
(incl. VAT)