Adolfo Delorenzo
8d25e1890e
Implement atomic OS updates via A/B partition scheme with automatic rollback. GRUB bootloader manages slot selection with a 3-attempt boot counter that auto-rolls back on repeated health check failures. GRUB boot config: - A/B slot selection with boot_counter/boot_success env vars - Automatic rollback when counter reaches 0 (3 failed boots) - Debug, emergency shell, and manual slot-switch menu entries Disk image (refactored): - 4-partition GPT layout: EFI + System A + System B + Data - GRUB EFI/BIOS installation with graceful fallbacks - Both system partitions populated during image creation Update agent (Go, zero external deps): - pkg/grubenv: read/write GRUB env vars (grub-editenv + manual fallback) - pkg/partition: find/mount/write system partitions by label - pkg/image: HTTP download with SHA256 verification - pkg/health: post-boot checks (containerd, API server, node Ready) - 6 CLI commands: check, apply, activate, rollback, healthcheck, status - 37 unit tests across all 4 packages Deployment: - K8s CronJob for automatic update checks (every 6 hours) - ConfigMap for update server URL - Health check Job for post-boot verification Build pipeline: - build-update-agent.sh compiles static Linux binary (~5.9 MB) - inject-kubesolo.sh includes update agent in initramfs - Makefile: build-update-agent, test-update-agent, test-update targets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
KubeSolo OS
An immutable, bootable Linux distribution purpose-built for KubeSolo — Portainer's ultra-lightweight single-node Kubernetes.
Status: Phase 1 — Proof of Concept
What is this?
KubeSolo OS combines Tiny Core Linux (~11 MB) with KubeSolo (single-binary Kubernetes) to create an appliance-like K8s node that:
- Boots to a functional Kubernetes cluster in ~30 seconds
- Runs entirely from RAM with a read-only SquashFS root
- Persists K8s state across reboots via a dedicated data partition
- Targets < 100 MB total image size (OS + K8s)
- Requires no SSH, no package manager, no writable system files
- Supports atomic A/B updates with automatic rollback (Phase 3)
Target use cases: IoT/IIoT edge, air-gapped deployments, single-node K8s appliances, kiosk/POS systems, resource-constrained hardware.
Quick Start
# Fetch Tiny Core ISO + KubeSolo binary
make fetch
# Build bootable ISO
make iso
# Test in QEMU
make dev-vm
Requirements
Build host:
- Linux x86_64 with root/sudo (for loop mounts)
- Tools:
cpio,gzip,wget,curl,syslinux(or usemake docker-build)
Runtime:
- x86_64 hardware or VM
- 512 MB RAM minimum (1 GB+ recommended)
- 8 GB disk (for persistent data partition)
Architecture
Boot Media → Kernel + Initramfs (kubesolo-os.gz)
│
├── SquashFS root (read-only, in RAM)
├── Persistent data partition (ext4, bind-mounted)
│ ├── /var/lib/kubesolo (K8s state, certs, SQLite)
│ ├── /var/lib/containerd (container images)
│ └── /etc/kubesolo (node configuration)
├── Custom init (POSIX sh, staged boot)
└── KubeSolo (exec replaces init as PID 1)
See docs/design/kubesolo-os-design.md for the full architecture document.
Project Structure
├── CLAUDE.md # AI-assisted development instructions
├── Makefile # Build orchestration
├── build/ # Build scripts, configs, rootfs overlays
├── init/ # Custom init system (POSIX sh)
├── update/ # Atomic update agent (Go, Phase 3)
├── cloud-init/ # First-boot configuration (Phase 2)
├── test/ # QEMU-based automated tests
├── hack/ # Developer utilities
└── docs/ # Design documents
Roadmap
| Phase | Scope | Status |
|---|---|---|
| 1 | PoC: boot Tiny Core + KubeSolo, verify K8s | 🚧 In Progress |
| 2 | Persistent storage, cloud-init, networking | Planned |
| 3 | A/B atomic updates, GRUB, rollback | Planned |
| 4 | Production hardening, signing, Portainer Edge | Planned |
| 5 | OCI distribution, ARM64, fleet management | Planned |
License
TBD