CoreOS is designed with security, consistency and reliability in mind. Instead of installing packages via yum or apt, CoreOS uses Docker containers to manage your applications. A single service's code and all dependencies are packaged within a container that can be run on one or many CoreOS machines.

CoreOS provides the building blocks for large-scale distributed platforms consisting of many containers. A highly-available and consistent key/value store (etcd) is built in for storing configuration data with consistent changes and distributed locks. etcd is automatically distributed across all of your CoreOS machines. A distributed init system, fleet, runs containers on your cluster based on defined relationships and restarts them on different machines based on their health. etcd helps you programmatically find containers (as fleet manages them) through service discovery.

We believe that frequent, reliable updates are critical to good security. By default, CoreOS will download OS updates in the background and utilize the user-defined strategy to apply the update across the cluster. The update process is safe because vital files are always read-only, it has built-in roll-back via an active-passive partition scheme and is fast because the reboot simply switches the active partition without needing to run an upgrade script or process. In a properly distributed world utilizing fleet and etcd, automatic updates wont cause any downtime and will keep you dramatically more secure.