Flatcar Container Linux
Flatcar Container Linux is a container optimized OS that ships a minimal OS image, which includes only the tools needed to run containers. The OS is shipped through an immutable filesystem and includes automatic atomic updates.
Getting Started
If you’re new to Flatcar and if you’re looking for a brief introduction on getting Flatcar up and running, please have a look at our quickstart guide .
Find more elaborate guides covering specific aspects of Flatcar use in our Flatcar self-paced learning series .
Core Tenets
- Immutable and image-based.
- In contrast to general purpose Linux distributions, the OS cannot be modified. The OS partition is read-only and dm-verity protected. OS binaries cannot be changed. Updates always update all binaries of the base OS, including kernel and initrd.
- There is no way to install applications to the Flatcar base OS; you get what’s shipped in the OS image, that’s it.
- There is no package manager or package management; tools shipped with the OS image cannot be added / removed or individually updated. This prevents version drift: any given Flatcar release version corresponds to the complete version set of all tools and binaries shipped with the respective OS release.
- Minimal and optimised for container workloads.
- The OS ships the minimal set of tools necessary to run container workloads: docker and containerd.
- Basic tools and utilities for setting up nodes (partitioning, crypto, volume management, networking tools etc.) are also included.
- User-level services and applications must be run as container images, or, when OS level access is required, as system extensions .
- Fully automated.
- Provisioning and operations are fully automated.
- Nodes are configured via declarative configuration that is passed to node provisioning. The configuration is applied once, at first boot, preventing configuration drift.
- Thoroughly tested and self-updating.
- We never break user workloads, ever. We guarantee even major distribution upgrades are seamless and frictionless, user workloads will continue to run.
- Flatcar releases, nightlies, and even pull requests to the OS repository are thoroughly and rigorously tested. Our automated test suite covers well over 100 scenario tests.
- Flatcar supports atomic in-place updates of the OS, with flexibly customisable scheduling / signaling of node refreshes (reboots).
- Flatcar also supports atomic, fully automatable roll-backs in case of issues.
- Flatcar users have the opportunity to field-test incoming releases via Beta canaries, and report issues with their workloads. No Beta with known issues will ever transition to Stable.
- Community stewarded, not vendor driven.
- Flatcar is a CloudNative Computing Foundation project.
- Flatcar maintainers and contributors come from a variety of backgrounds and work for different employers, or participate privately in the project. Flatcar is not a vendor driven product nor aims to ever be one.
Installing Flatcar
Flatcar Container Linux runs on most cloud providers, virtualization platforms and bare metal servers.
Cloud Providers
- Amazon EC2
- Microsoft Azure
- Google Compute Engine
- VMware
- DigitalOcean
- Hetzner
- OpenStack
- Brightbox
- Scaleway (community support)
- OVHcloud (community support)
- Akamai/Linode
- STACKIT
Virtualization options
It’s easy to run a local Flatcar VM on your laptop for testing and debugging purposes. You can use any of the following options.
- QEMU
- libVirt
- VirtualBox (community support)
- Vagrant (community support)
- Hyper-V (community support)
- KubeVirt (community support)
- Proxmox VE (community support)
Bare Metal
You can install Flatcar on bare metal machines in different ways: using ISO images, booting from PXE or iPXE, and even by running an installation script on an existing Linux system.
If you want to provide metadata to your baremetal machines, we recommend using Matchbox .
Upgrading from CoreOS Container Linux
Flatcar Container Linux is a drop-in replacement of CoreOS Container Linux. If you are a CoreOS Container Linux user looking for a replacement, checkout our guides to migrate from CoreOS Container Linux , or you can update from CoreOS Container Linux directly.
Provisioning Tools
Ignition is the recommended way to provision Flatcar Container Linux at first boot. Ignition uses a JSON configuration file, and it is recommended to generate it from the Container Linux Config YAML format, which has additional features. The Container Linux Config Transpiler converts a Container Linux Config to an Ignition config.
- Understanding the Boot Process
- Configuring the Network with Ignition
- Using metadata during provisioning
- Getting started with Butane
- Examples of using Butane
- Using Terraform to provision Flatcar Container Linux
- Extending the base OS with systemd-sysext images
Setting Flatcar Up and Common Operations
Follow these guides to connect your machines together as a cluster, configure machine parameters, create users, inject multiple SSH keys, and more.
Customizing Flatcar
- Using networkd to customize networking
- Using systemd drop-in units
- Using environment variables in systemd units
- Using systemd and udev rules
- Using NVIDIA GPUs on Flatcar
- Scheduling tasks with systemd timers
- Configuring DNS
- Configuring date & timezone
- Adding users
- Kernel modules / sysctl parameters
- Adding swap
- Power management
- ACPI
Managing Releases and Updates
- Switching release channels
- Configuring the update strategy
- Flatcar update configuration specification
- Verifying Flatcar Images with GPG
- Nebraska
Creating Clusters
Managing Storage
- Using RAID for the root filesystem
- Adding disk space
- Mounting storage
- iSCSI configuration
- ZFS Extension
Additional security options
- Setting up LUKS disk encryption
- Customizing the SSH daemon
- Configuring SSSD on Flatcar Container Linux
- Hardening a Flatcar Container Linux machine
- Trusted Computing Hardware Requirements
- Adding Cert Authorities
- Using SELinux
- Disabling SMT
- Enabling FIPS
- Using the audit subsystem
Debugging Flatcar
- Install debugging tools
- Working with btrfs
- Reading the system log
- Collecting crash logs
- Manual Flatcar Container Linux rollbacks
Container Runtimes
Flatcar Container Linux supports all of the popular methods for running containers, and you can choose to interact with the containers at a low-level, or use a higher level orchestration framework. Listed below are some guides to help you choose and make use of the different runtimes.
- Getting started with Docker
- Customizing Docker
- Using systemd to manage Docker containers
- Use a custom Docker or containerd version
- Authenticating to Container registries
- Getting started with Kubernetes
- High availability Kubernetes
Developer guides and Reference
APIs and troubleshooting guides for working with Flatcar Container Linux.
- Developer guides : Comprehensive guides on developing for Flatcar, working with the SDK, and on building and extending OS images.
- Integrations
- Migrating from cloud-config to Container Linux Config
- Flatcar Supply Chain Security (SLSA and SPDX SBOM) detailing security mechanisms employed at build / release time as well as at run-time to ensure validity of inputs processed and outputs shipped.
Provisioning Tools
Several different tools can be used to automate the provisioning of Flatcar Container Linux images. These guides can help you understand what each of the tools do, as well as provide plenty of examples of how to use them.
Setup and Operations
Follow these guides to connect your machines together as a cluster. Configure machine parameters, create users, inject multiple SSH keys, and more with Butane configs.
Container Runtimes
Flatcar Container Linux supports all of the popular methods for running containers, and you can choose to interact with the containers at a low-level, or use a higher level orchestration framework. These guides can help you choose and use the different container runtimes supported.
Reference
Processes, concepts, APIs and troubleshooting guides for working with Flatcar Container Linux.