What is Lokomotive?

Lokomotive is a self-hosted, upstream Kubernetes distribution with strong security defaults and frictionless updates.

Comes with a fully-supported collection of open source infrastructure technologies.

Keep your entire cluster up to date with Lokomotive’s seamless in-place updates.

Built-in security and application debugging tools backed by the Kinvolk Labs team.

Fully self-hosted Kubernetes

Lokomotive is the only Kubernetes distribution to run all infrastructure components—including all Kubernetes components—in Kubernetes itself.

Frictionless Kubernetes

By running Kubernetes in Kubernetes, Lokomotive is able to leverage a unified update facility for the entire cluster, including Kubernetes components.

In-place update support

Alongside standard update mechanisms, Lokomotive also supports in-place updates, perfect for bare-metal and large storage nodes.

Enforced update policies

Lokomotive automatically enforces the upstream Kubernetes version skew policy to ensure continuous uptime during updates.

Frictionless Kubernetes

By running Kubernetes in Kubernetes, Lokomotive is able to leverage a unified update facility for the entire cluster, including Kubernetes components.

In-place update support

Alongside standard update mechanisms, Lokomotive also supports in-place updates, perfect for bare-metal and large storage nodes.

Enforced update policies

Lokomotive automatically enforces the upstream Kubernetes version skew policy to ensure continuous uptime during updates.

Security as a forethought

Lokomotive takes the guess work out of applying security best practices by shipping with pre-configured security tools and policies.

Security hardened

Lokomotive is backed by the Kinvolk Labs pentesting team who apply their experience to make sure Lokomotive is as secure as possible and evaluate new hardening measures regularly.

Built-in security tooling

Kinvolk’s expert team has handpicked and configured the best-in-class open source security tooling. Benefit from Kinvolk’s on-going support and continued enhancements.

Rapid security updates

A key aspect of a secure system is running updated software. With Lokomotive’s frictionless update mechanism, ensuring your cluster is up to date becomes almost effortless.

Security hardened

Lokomotive is backed by the Kinvolk Labs pentesting team who apply their experience to make sure Lokomotive is as secure as possible and evaluate new hardening measures regularly.

Built-in security tooling

Kinvolk’s expert team has handpicked and configured the best-in-class open source security tooling. Benefit from Kinvolk’s on-going support and continued enhancements.

Rapid security updates

A key aspect of a secure system is running updated software. With Lokomotive’s frictionless update mechanism, ensuring your cluster is up to date becomes almost effortless.

Composable Kubernetes

Lokomotive can run as a full-stack Kubernetes cluster atop Flatcar Container Linux or on managed Kubernetes offerings.

The layers of Lokomotive

Lokomotive consists of 3 well-defined layers; Flatcar Container Linux as the OS, vanilla upstream Kubernetes, and Lokomotive infrastructure components for all your clustering needs.

Full-stack Kubernetes

Lokomotive is not just upstream Kubernetes, it also includes Flatcar Container Linux and a full suite of infrastructure components integrated and configured for easy of operations.