💡Overview

Deep technical overview of FLECS Core – the open-source runtime that enables app-based automation on Linux-based industrial systems.

What is FLECS Core?

FLECS Core is the open-source runtime that powers the software layer of modern industrial automation.

It transforms any compatible Linux-based device into a flexible, app-capable controller – enabling you to securely install, manage, and update applications across machines, fleets, and use cases.

Built for performance, extensibility, and integration, FLECS Core bridges the gap between your hardware and the digital services of tomorrow.

🔗 FLECS Core GitHub Repository

Key Capabilities

FLECS Core provides:

A modular runtime for Docker and other app formats
A local WebApp interface and REST API for administration
Marketplace integration for app discovery and licensing
Full app lifecycle management (install, update, rollback, remove)
Over-the-air (OTA) updates for Core and apps
Secure onboarding and multi-device support
Role-based access control and audit logging
WebApp whitelabeling for CI-compliant branded device interfaces

FLECS Core is completely open source and can be extended to match customer-specific requirements.

Architecture Overview

The architecture of FLECS Core — built from the Application Layer, Service Mesh, WebApp, and Device Service Layer — is designed to cover every critical need in industrial software deployment:

The Application Layer takes care of secure app execution, update control, and system integration.
The Service Mesh enables seamless communication between apps, protocols, and services.
The WebApp makes device and app management accessible to anyone, from anywhere — even with limited training.
The Device Service Layer connects your systems to external tools, clouds, and the FLECS Marketplace.

Together, these components form a powerful, flexible foundation for building and scaling software-defined machines and factories.

🧩 Application Layer

The Application Layer manages the lifecycle of apps deployed on the device. It is responsible for:

Installing and removing apps
Starting, stopping, and monitoring container or process states
Managing configurations, user volumes, and environment variables
Performing health checks and triggering recovery actions
Handling updates and version control

By default, apps run in Docker containers – isolated and versioned. However, the runtime is extensible and supports non-Docker formats, such as:

.deb or .rpm packages
Custom shell scripts or binaries
Third-party installers or proprietary formats

Each app is described using a flecs.yaml manifest file. This includes:

App name, version, maintainer
Image location or runtime instructions
Configuration and environment variables
Permissions and exposed interfaces
Optional UI metadata for WebApp integration

🌐 Service Mesh

The Service Mesh within FLECS Core enables apps and services to communicate securely and in a standardized manner.

Key features:

Service discovery between running apps
Protocol adapters for MQTT, OPC UA, HTTP, WebSockets, etc.
Routing and translation of payloads between services
Support for pub/sub and client/server communication models
Enabling cross-container data exchange with minimal coupling

This mesh layer abstracts the communication logic away from individual apps and ensures that even third-party applications can interoperate safely and efficiently. Learn more ...

💻 WebApp

The FLECS WebApp is the lightweight browser-based interface running locally on the device. It is designed for engineers, integrators, and administrators.

Main capabilities:

View and manage all installed apps
Install new apps from Marketplace or manually
Inspect app logs, runtime status, and metadata
Manage system network, proxy, and device settings
Trigger updates and recovery actions
Secure local or remote access (configurable)

The WebApp is tightly integrated with the Application Layer and provides full control without requiring CLI or external tools.

🧩 WebApp Whitelabeling

For customers with specific branding or UX requirements, FLECS offers complete whitelabeling of the WebApp.

This includes:

Custom logos, colors, and fonts
Company-specific terminology or language variants
Predefined login flows or tenant restrictions
Custom legal or support links
CI-compliant layout for your product portfolio

💡 This allows OEMs and solution providers to deliver a branded, professional app environment under their own name – without having to build the frontend themselves.

🔌 Device Service Layer

The Device Service Layer connects the device to the broader FLECS ecosystem and enables centralized workflows such as:

App marketplace browsing and installation
Licensing validation and subscription handling
Device provisioning via Device Onboarding Service (DOS)
Telemetry reporting and remote diagnostics
Grouping devices for mass updates or configuration policies

This is the communication bridge between the on-device runtime and cloud or on-prem deployment control systems.

FLECS Core can be installed in three main ways

1. FILiP – Production Installer

Install via FLECS Installer for Linux Platforms:

curl -fsSL https://install.flecs.tech | bash

Supported on:

Debian, Ubuntu
Yocto-based Linux builds
Custom Linux targets with Docker support

FILiP installs all runtime components, provisions the system, and prepares it for onboarding.

2. Install FLECS Core Using Docker

For users familiar with Docker, FLECS can be installed directly using Docker images. This method is ideal for those who prefer containerized environments and have Docker installed on their system.

3. Pre-installed on Certified Devices

Selected hardware partners offer devices with FLECS Core pre-installed and configured. These systems are ready for deployment and come with guaranteed compatibility.

Security Model

FLECS Core implements security best practices by default:

TLS encryption for all external communications
Role-based access control (RBAC)
App sandboxing (via Docker or runtime isolation)
Audit logging for key system and app events
Signed update verification and rollback protection
User session management for the WebApp

All configurations are editable via CLI, WebApp, or API for flexible integration.

Update & Recovery

FLECS Core handles over-the-air updates and recovery safely and reliably:

Individual app and Core runtime updates
Rollback to previously working app versions
Health checks and auto-restart mechanisms
Backup and restore of configuration and app states
Update status reporting via WebApp and API

The system is designed for industrial-grade robustness and failsafe operations.

Extensibility

FLECS Core is designed to be extended.

You can:

Add support for additional app formats (beyond Docker)
Whitelabel the WebApp to match your brand's corporate identity
Extend the UI with plugins or integration points for your own services
Integrate third-party CI/CD pipelines
Extend the WebApp with custom plugins
Build runtime extensions for specific device capabilities
Connect to external telemetry or provisioning systems

Being open source, the full runtime is adaptable to your architecture, product vision, or business model.

When to Use FLECS Core

FLECS Core is the right solution if you want to:

Build smart, app-capable controllers with minimal effort
Introduce software-defined features on your existing machines
Monetize digital services or apps on hardware
Avoid building your own runtime and update infrastructure
Stay fully in control of your software lifecycle

➡ Installing FLECS Core ➡ Creating and packaging apps ➡ Understanding the Device Onboarding Service

✳️ Get involved: contribute to FLECS Core on GitHub at https://github.com/FLECS-Technologies/flecs-public

PreviousOur Principles NextInstalling FLECS Core

Last updated 1 month ago

Was this helpful?