Containers are lightweight executable units of software along with its dependencies and libraries. They use Operating System (OS) virtualization in which the host OS features are used to isolate processes and manage the distribution of CPU, memory, and disk. Containers do not need a guest OS to run every instance. Rather they use the features provided by the host OS.
Flatcar container Linux is one such Operating System that is designed for container workloads. The OS is shipped through an immutable file system and includes automatic atomic updates. The OS is customized for container workloads. This means the OS image includes the minimal tools needed to run containers.
Immutability: The OS image is immutable as /usr is a read-only partition, and no other packages are allowed, which suggests that there are fewer chances of both intentional and accidental information leakages.
Scale: Flatcar includes tools to control large-scale, global infrastructure. Update policies, group instances, and versions can be managed easily.
Complexity: By eliminating the package manager, Flatcar reduces dependency and complexity issues. With containers, dependencies and libraries are shipped in container images.
Security: Flatcar automates security updates preventing potential vulnerabilities. In addition, by making the partition read-only and including only what is required, Flatcar eliminates high-impact security vulnerabilities and reduces the attack surface.
You can learn more about setting up Flatcar through their official documentation.
Free Resources