Most open source projects are the outcome of someone scratching their own itch. LinuxKit is no exception.
Around a year ago Docker was getting huge demand from users to bring native Docker support for the environments they were using.
Solomon Hykes, the founder and CTO of Docker, said during DockerCon 2017, that as they started building Docker for these platforms they hit a technical challenge. They realized that many of these environments didn’t provide a Linux subsystem, which is needed for Docker containers.
Being a container pioneer, Docker wanted this Linux subsystem to be modular, secure, lean and portable. Docker worked with a group of partner companies to build this Linux subsystem for their container platform and ended up creating Docker for Mac, Docker for Windows, Docker for servers, as well as Docker for AWS, Azure and Google Cloud.
Docker decided to open source the ‘kit’ they developed to build all these platforms. They call it ‘LinuxKit’ because Linux is the core component of this toolkit.
LinuxKit is essentially a container-native toolkit that allows organizations to build their own containerized operating systems that are secure, lean, modular and portable.
Linux itself is extremely secure, so Docker didn’t have to worry much about security, but when you are building a containerized system you have the luxury of adding extra layers of security. Hykes said that systems can be hardened further by making specialized patches and configurations. You can can sandbox all the system services because now they are all in containers. Since the entire system is very small and tight it reduces the attack surface, making it secure. In addition to that, Docker also worked with many innovating security projects to add additional security to the kit.
In order to keep LinuxKit extremely lean, Docker started with nothing and added the bare minimum kernel, the bare minimum system libraries and container runtime. That’s it. That is the core of LinuxKit. Everything else is optional, because everything else is essentially containers. That approach allowed LinuxKit to have a very small footprint, while allowing users to build from there to meet their needs.
Docker wanted LinuxKit to be able to run ‘anywhere’, so they looked at different use cases. They worked with partners like HP, Intel, ARM and Microsoft to ensure that LinuxKit was could run on the desktop, server, cloud ARM, x86, virtual environment and on bare metal. Hykes said that they have optimized tooling for portability so if someone wants to bring a new architecture, a new system into Linux Kit, it’s very easy to do so.
Who is LinuxKit for?
Building a highly customized yet containerized operating system can be a super expensive, high-infrastructure requirement for new companies. These companies should be investing their resources on building their products and not the operating system. LinuxKit unlocks that capability for such users.
LinuxKit will also help Linux vendors, including some of Docker's competitors, to assemble their own containerized OS to help their customers.
Essentially it’s catering to those companies that want a very custom Linux distribution as part of a component in a wider container-based system.
During DockerCon, Docker teams gave a demo where they showed us how easy it is to create a new Linux OS using LinuxKit and a YAML file in a matter of seconds or minutes.
Patrick Chanezon, chief developer advocate at Docker, told me that there are many industrial use cases where companies need a specific distribution with drivers for very specific industrial hardware. These customers may want to build such an operating system for lots of different industrial hardware.
Docker is planning to donate the LinuxKit project to the Linux Foundation so it can be governed and maintained by an independent organization. The details have not been finalized so it isn't clear whether it will be a top-level Linux Foundation project or, like Containerd, become part of a project like Cloud Native Computing Foundation.
The LinuxKit project is hosted on GitHub, under an Apache 2 licence.
This article is published as part of the IDG Contributor Network. Want to Join?