Flatcar Container Linux

Lokomotive uses Flatcar Container Linux as the underlying operating system.

Flatcar Container Linux is an open source immutable Linux distribution for containers. It is a friendly fork of CoreOS Container Linux and as such, compatible with it.

Why Flatcar Container Linux ?

  • Minimal distribution required for containers.
    • Reduced dependencies.
    • Reduced attack surface area.
  • Immutable file system.
  • Automated, streamlined and atomic updates.
    • Easily apply all latest security patches.
    • Rollback partition.
  • Declarative and immutable configuration.
  • Optimization for containerized applications.

Container runtime properties

Flatcar Container Linux uses Docker as its container runtime. This is the default configuration:

Property Value
cgroup driver cgroupfs
logging driver json-file
storage driver overlay2

Directory locations

Lokomotive conventional directories:

Kubelet setting Host location
cni-conf-dir /etc/cni/net.d
pod-manifest-path /etc/kubernetes/manifests
volume-plugin-dir /var/lib/kubelet/volumeplugins

Kubelet mounts

Kubelet mount points on Flatcar Container Linux:

Mount location Host location Options
/etc/kubernetes /etc/kubernetes ro
/etc/ssl/certs /etc/ssl/certs ro
/usr/share/ca-certificates /usr/share/ca-certificates ro
/var/lib/kubelet /var/lib/kubelet recursive
/var/lib/docker /var/lib/docker
/var/lib/cni /var/lib/cni
/var/lib/calico /var/lib/calico
/var/log /var/log
/etc/os-release /usr/lib/os-release ro
/run /run
/lib/modules /lib/modules ro
/etc/resolv.conf /etc/resolv.conf
/opt/cni/bin /opt/cni/bin

Customization

Flatcar Container Linux can be customized via Container Linux Configs (CLC) that are interpreted by Ignition (see some examples ).

Lokomotive supports defining CLC snippets for clusters running on Packet and AWS. CLC snippets can be defined both for controllers and for workers with controller_clc_snippets in the controller definition, and clc_snippets for the worker pool definition.

An example CLC snippet:

  controller_clc_snippets = [
    file("./snippet/controller-snippet.yaml"),
  ]

clc_snippets and controller_clc_snippets also accept inline text:

  clc_snippets = [
  <<EOF
systemd:
  units:
  - name: helloworld.service
    dropins:
      - name: 10-helloworld.conf
        contents: |
          [Install]
          WantedBy=multi-user.target
EOF
        ,
  ]