MKEx is an integrated container orchestration platform that is powered by an immutable Rocky Linux operating system, offering next-level security and reliability.
An immutable Linux operating system is designed to be unchangeable following installation, with system files that are read-only, and limited only to those packages that are required to run the applications. Such an OS is more resistant to tampering and malwares, and is well protected from accidental or malicious modification. Also, as updates or changes can only be made to an immutable OS by creating a new instance, such an OS is easier to maintain and troubleshoot.
Mirantis, in conjunction with our partner CIQ, worked to preassemble ostree-based Rocky Linux with Mirantis Container Runtime (MCR) and Mirantis Kubernetes Engine (MKE), to provide users with an immutable, atomic upgrade/rollback, versioning stack that offers a high degree of predictability and resiliency.
rpm-ostree is a hybrid image/package system for managing and deploying Linux-based operating systems. It combines the concepts of Git and traditional package management to provide a version-controlled approach to system updates and rollbacks. As with Git, rpm-ostree treats the operating system as an immutable tree of files, which enables you to atomically update or roll back the entire system.
rpm-ostree and Ostree system term glossary
A Git-like content-addressed object store that manages operating system images or deployments and provides versioning, branching, and atomic upgrades.
The primary command-line tool used in the Ostree system. It enables system administrators to manage deployments, perform upgrades, rollbacks, and package installations using RPM-based packages.
A specific versioned state of the operating system captured by Ostree. Deployments are atomic, immutable, and can be booted into.
- Atomic upgrade
The process of transitioning from one deployment to another, providing a complete and consistent update to the system in a single transaction.
The ability to revert to a previous deployment, restoring the system to a known working state.
A unique identifier that represents a specific version of a deployment in Ostree. Each commit consists of a set of objects that represent the file system and metadata.
A collection of commits and objects that store the operating system images or deployments. It serves as a central location for storing and distributing the deployments.
A reference to a remote repository from which deployments can be fetched. Remotes provide the location and access information for the repository server.
A named reference to a specific commit in a repository. It allows for easier access to a particular version of the deployment.
A small initial RAM file system that is loaded by the boot loader and used to bootstrap the operating system during a system startup.
- Overlay filesystem
A mechanism that enables changes to be made to a read-only file system by creating a writable layer on top of it.
- Atomic host
A variant of a Linux distribution that uses Ostree and rpm-ostree for managing the operating system deployments. It provides an immutable and transactional operating system experience.
Software responsible for loading the operating system during system startup. In an OSTree-based system, the bootloader is often configured to boot into specific deployments.
- OSTree-based package manager
A package manager that interacts with the OSTree system, allowing for the installation and management of packages within the deployments. For example, DNF and PackageKit.
Kernel arguments passed to the Linux kernel during boot. In rpm-ostree, kargs can be used to customize the boot process or enable specific features.
- Package layering
The ability to install RPM packages on top of an existing deployment without modifying the base deployment. This allows for customizations and additional software installations without affecting the base system.
A compressed binary diff between two versions of a deployment. Deltas are used to optimize the download and storage of updates, reducing bandwidth and storage requirements.
- System upgrade
The process of updating the entire operating system to a new version, typically achieved by transitioning to a new deployment.
Information about a deployment or commit, such as version numbers, labels, descriptions, or dependencies.