Running Flatcar Container Linux on Google Compute Engine

Before proceeding, you will need a GCE account ( GCE free trial ) and install gcloud on your machine. In each command below, be sure to insert your project name in place of <project-id>.

After installation, log into your account with gcloud auth login and enter your project ID when prompted.

Uploading an Image

Official Flatcar Container Linux images are not available on Google Cloud at the moment. However, you can run Flatcar Container Linux today by uploading an image to your account.

To do so, run the following command:

docker run -it quay.io/kinvolk/google-cloud-flatcar-image-upload \
  --bucket-name <bucket name> \
  --project-id <project id>

Where:

  • <bucket name> should be a valid bucket name.
  • <project id> should be your project ID.

During execution, the script will ask you to log into your Google account and then create all necessary resources for uploading an image. It will then download the requested Flatcar Container Linux image and upload it to the Google Cloud.

To see all available options, run:

docker run -it quay.io/kinvolk/google-cloud-flatcar-image-upload --help

Usage: /usr/local/bin/upload_images.sh [OPTION...]

 Required arguments:
  -b, --bucket-name Name of GCP bucket for storing images.
  -p, --project-id  ID of the project for creating bucket.

 Optional arguments:
  -c, --channel     Flatcar Container Linux release channel. Defaults to 'stable'.
  -v, --version     Flatcar Container Linux version. Defaults to 'current'.
  -i, --image-name  Image name, which will be used later in Lokomotive configuration. Defaults to 'flatcar-<channel>'.

 Optional flags:
   -f, --force-reupload If used, image will be uploaded even if it already exist in the bucket.
   -F, --force-recreate If user, if compute image already exist, it will be removed and recreated.

The Dockerfile for the quay.io/kinvolk/google-cloud-flatcar-image-upload image is managed here .

Upgrade from CoreOS Container Linux

You can also upgrade from an existing CoreOS Container Linux system .

Container Linux Config

Flatcar Container Linux allows you to configure machine parameters, configure networking, launch systemd units on startup, and more via Container Linux Configs. These configs are then transpiled into Ignition configs and given to booting machines. Head over to the docs to learn about the supported features .

You can provide a raw Ignition config to Flatcar Container Linux via the Google Cloud console’s metadata field user-data or via a flag using gcloud.

As an example, this config will configure and start etcd:

etcd:
  # All options get passed as command line flags to etcd.
  # Any information inside curly braces comes from the machine at boot time.

  # multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
  advertise_client_urls:       "http://{PRIVATE_IPV4}:2379"
  initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
  # listen on both the official ports and the legacy ports
  # legacy ports can be omitted if your application doesn't depend on them
  listen_client_urls:          "http://0.0.0.0:2379"
  listen_peer_urls:            "http://{PRIVATE_IPV4}:2380"
  # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
  # specify the initial size of your cluster with ?size=X
  discovery:                   "https://discovery.etcd.io/<token>"

Additional storage

Additional disks attached to instances can be mounted with a .mount unit. Each disk can be accessed via /dev/disk/by-id/google-<disk-name>. Here’s the Container Linux Config to format and mount a disk called database-backup:

storage:
  filesystems:
    - mount:
        device: /dev/disk/by-id/scsi-0Google_PersistentDisk_database-backup
        format: ext4

systemd:
  units:
    - name: media-backup.mount
      enable: true
      contents: |
        [Mount]
        What=/dev/disk/by-id/scsi-0Google_PersistentDisk_database-backup
        Where=/media/backup
        Type=ext4

        [Install]
        RequiredBy=local-fs.target

For more information about mounting storage, Google’s own documentation is the best source. You can also read about mounting storage on Flatcar Container Linux .

Adding more machines

To add more instances to the cluster, just launch more with the same Ignition config inside of the project.

SSH and users

Users are added to Container Linux on GCE by the user provided configuration (i.e. Ignition, cloudinit) and by either the GCE account manager or GCE OS Login . OS Login is used if it is enabled for the instance, otherwise the GCE account manager is used.

Using the GCE account manager

You can log in your Flatcar Container Linux instances using:

gcloud compute ssh --zone us-central1-a [email protected]<instance-name>

Users other than core, which are set up by the GCE account manager, may not be a member of required groups. If you have issues, try running commands such as journalctl with sudo.

Using OS Login

You can log in using your Google account on instances with OS Login enabled. OS Login needs to be enabled in the GCE console and on the instance. It is enabled by default on instances provisioned with Container Linux 1898.0.0 or later. Once enabled, you can log into your Container Linux instances using:

gcloud compute ssh --zone us-central1-a <instance-name>

This will use your GCE user to log in.

Disabling OS Login on newly provisioned nodes

You can disable the OS Login functionality by masking the oem-gce-enable-oslogin.service unit:

systemd:
  units:
    - name: oem-gce-enable-oslogin.service
      mask: true

When disabling OS Login functionality on the instance, it is also recommended to disable it in the GCE console.

Using Flatcar Container Linux

Now that you have a machine booted it is time to play around. Check out the Flatcar Container Linux Quickstart guide or dig into more specific topics .