Flatcar Container Linux

    Lokomotive uses Flatcar Container Linux as the underlying operating system.

    Flatcar Container Linux is an open source immutable Linux distribution for containers. It is a friendly fork of CoreOS Container Linux and as such, compatible with it.

    Why Flatcar Container Linux ?

    • Minimal distribution required for containers.
      • Reduced dependencies.
      • Reduced attack surface area.
    • Immutable file system.
    • Automated, streamlined and atomic updates.
      • Easily apply all latest security patches.
      • Rollback partition.
    • Declarative and immutable configuration.
    • Optimization for containerized applications.

    Container runtime properties

    Flatcar Container Linux uses Docker as its container runtime. This is the default configuration:

    Property Value
    cgroup driver cgroupfs
    logging driver json-file
    storage driver overlay2

    Directory locations

    Lokomotive conventional directories:

    Kubelet setting Host location
    cni-conf-dir /etc/cni/net.d
    pod-manifest-path /etc/kubernetes/manifests
    volume-plugin-dir /var/lib/kubelet/volumeplugins

    Kubelet mounts

    Kubelet mount points on Flatcar Container Linux:

    Mount location Host location Options
    /etc/kubernetes /etc/kubernetes ro
    /etc/ssl/certs /etc/ssl/certs ro
    /usr/share/ca-certificates /usr/share/ca-certificates ro
    /var/lib/kubelet /var/lib/kubelet recursive
    /var/lib/docker /var/lib/docker
    /var/lib/cni /var/lib/cni
    /var/lib/calico /var/lib/calico
    /var/log /var/log
    /etc/os-release /usr/lib/os-release ro
    /run /run
    /lib/modules /lib/modules ro
    /etc/resolv.conf /etc/resolv.conf
    /opt/cni/bin /opt/cni/bin

    Customization

    Flatcar Container Linux can be customized via Container Linux Configs (CLC) that are interpreted by Ignition (see some examples ).

    Lokomotive supports defining CLC snippets for clusters running on Equinix Metal and AWS. CLC snippets can be defined both for controllers and for workers with controller_clc_snippets in the controller definition, and clc_snippets for the worker pool definition.

    An example CLC snippet:

      controller_clc_snippets = [
        file("./snippet/controller-snippet.yaml"),
      ]
    

    clc_snippets and controller_clc_snippets also accept inline text:

      clc_snippets = [
      <<EOF
    systemd:
      units:
      - name: helloworld.service
        dropins:
          - name: 10-helloworld.conf
            contents: |
              [Install]
              WantedBy=multi-user.target
    EOF
            ,
      ]