How-To

Deploying Containers on Specialized Flatcar OS

• By Tom Fenton
• 01/10/2025

Earlier this year, while attending KubeCon, the Cloud Native and Container Foundation (CNCF) accepted Flatcar Container Linux as an incubating open-source project, highlighting its value in the container ecosystem.

A flatcar is a bespoke railroad car specifically designed to carry containerized loads. Flatcar Container Linux is a Linux distribution specifically designed to run containers. I like its play on its namesake. Unlike general-purpose distributions, it cuts out unnecessary packages, resulting in a lightweight and secure OS with a smaller footprint.

Flatcar is not some Johnny-come-lately distribution, as it was started back in 2018 and is now sponsored by Microsoft. It has a thriving community of developers and users and is poised for continued growth and innovation. Its acceptance into CNCF was huge, further solidifying its position as a leading choice for organizations seeking a secure and efficient platform for their containerized workloads. It has been proven in production as major industry players like Adobe and Wipro already use it for their container deployments.

In a previous article, I pointed out key features that make Flatcar ideal for containerized workloads. For example, it is extremely security-focused, with regular security updates and a minimal footprint to reduce attack surfaces. Its immutable nature ensures stability and security by treating the node configuration as immutable. Finally, it has a container-centric design optimized for performance for container deployments.

Another article I wrote covered how easy it was to install Flatcar from an OVA on a VMware Workstation. It should be noted that it will most likely be installed on bare metal or in a public cloud. I just installed it on Workstation to get a general feel for it.

Flatcar supports all major container runtime technologies, offering flexibility in how you interact with your containers. You can manage them directly or utilize higher-level orchestration frameworks like Docker or Kubernetes. This article will show how easy it was for me to run containers on Flatcar and showcase its core functionality.

Running Docker on Flatcar
I first did a simple test of running a container on Flatcar using Docker.

I entered docker run hello-world, the most basic test you can run on Docker. It ran as expected.

I powered down the VM, set it to use 8GB of RAM, and gave it four vCPUs to meet the minimum recommended hardware.

I then ran a more ambitious test by running Ubuntu in a container on Docker by entering docker run -it ubuntu bash.

This command creates a new Docker container by downloading and using the "ubuntu" docker image, enabling interactive access through a terminal. The -i flag allows input to the container, while -t allocates a pseudo-TTY for interactive use. The bash command launches a bash shell within the container, providing a command-line interface to interact with the Ubuntu operating system.

This allowed me to experiment with the environment, test applications, and learn if Ubuntu ran Docker on Flatcar without any issues, which it did.

For my final test, I entered docker run --rm -p 80:80 -d nginx. This command creates a detached (-d) Docker container using the NGINX image, maps port (-p) 80 on the host machine to port 80 within the container, and automatically removes the container (-d) when it stops. This allowed me to run a NGINX web server within a Docker container and access it from my host machine.

I tested to see if NGINX was working properly by entering curl localhost. It kicked out some HTML code, which was expected.

All my Docker tests were easy to set up and ran quickly and as expected.

For more information about running Docker on Flatcar, see its Getting started with Docker documentation.

Going Further with Flatcar
Although a few people will be happy just running a single node of Flatcar with Docker to experiment with it, most will want to run it on multiple nodes and configure it for their production needs. It supports all the major container managers, including Kubernetes, so people choose use the one that fits their needs. It also supports Ignition and Butane, which will most likely be used with most Flatcar deployments.

Both Ignition and Butane are CNCF projects facilitating declarative system configuration before the system boots. However, they differ in their approach and target use cases.

Ignition is a more general-purpose tool that provides a comprehensive framework for defining system configurations, including network settings, package installations, and service management. It is widely adopted and integrated with various operating systems and cloud platforms.

Butane (formerly the Fedora CoreOS Config Transpiler, FCCT) translates human-readable Butane Configs into machine-readable Ignition Configs, which is more specialized. It focuses on providing a user-friendly YAML-based syntax for defining system configurations, which can then be translated into the Ignition format. This simplifies the configuration process for users who prefer a more concise and human-readable syntax. Butane is often used with Flatcar to streamline system provisioning and management.

In essence, Ignition is the underlying engine for system configuration, while Butane provides a more user-friendly interface for defining configurations in a specific format.

Final Thoughts
Although no one will use VMware Workstation as a production platform to run Flatcar, I was excited to see that it was so easy to install and use it. Workstation or another desktop hypervisor is an excellent way to experiment with and learn how to use Flatcar.

One of the bonuses of using Workstation is that you can quickly create clones of your VM if you want to make a cluster of Flatcar nodes. Using Workstation's instant clone feature, you can create the clones faster and use less disk space. If you want to go into production with your Flatcar VM, you can quickly transfer the VM to ESXi. By the way, did I mention that Workstation is now free! You can read about five cool things you can do with Workstation here.

With Microsoft's backing and a growing community, Flatcar is poised for continued growth and innovation. Its acceptance as a CNCF project further strengthens its position as a leading choice for secure and efficient container deployments.