Following up a discussion at KubeCon Barcelona:

Gardener now defines a resource of kind "OperatingSystemConfig" and it could be used to choose the alternative Flatcar Linux.

As far as I understand, the file controllers/provider-aws/charts/provider-aws/values.yaml defines the AWS AMIs for "coreos". We could add an entry for "flatcar" here with its 4 channels: stable, beta, alpha, edge

This was motivated by Inspektor Gadget that currently works on the edge channel of Flatcar Linux.

This would also require to pass a new parameter on the Kubelet command line (--cgroup-driver=systemd) or KubeletConfiguration (cgroupDriver: systemd). But I am not sure where to specify that in the gardener extensions. Any pointers?

/cc @vasu1124

How to categorize this issue?

/area os
/kind enhancement
/priority 3

What would you like to be added:
Add support for newer versions of Flatcar using cgroup v2 and systemd cgroup driver

1. Kubernetes <=v1.18 does not support cgroup v2, needs to be decided if this extension will support older k8s versions with newer Flatcar versions. The good thing is that k8s 1.18 is out of maintenance since long time and it is highly unlikely to be used.
2. cgroup v2 is not working with cgroupfs driver which is explicitly set in the kubelet config. This extension needs to change it to systemd

More details what needs to be changed can be found in this nice blog from Kinvolk.

Why is this needed:
To enable support for newer flatcar versions with this extension.

By @rfranzke: We are using CoreOS cloud init which has been superseded by Ignition [1] and is now deprecated.

We should check what needs to be done in order to switch to Ignition. What we definitely require is the possibility to execute Ignition files via the command line (as we do it here with cloud init).

[1] https://github.com/coreos/coreos-cloudinit

How to categorize this issue?

/area os open-source
/kind enhancement

What would you like to be added:

As part of #96, @dergeberl and @timebertt are added as codeowners of this repository.

To the Gardener CI/CD team:
Can you ensure to grant us the following permissions, please?

• maintain permissions in this repository
• permission to trigger release pipelines for this repository

Why is this needed:

This will allow us to merge PRs, add other maintainers, and solve problems like this and this.

What would you like to be added:
Implement the requirements from https://github.com/gardener/gardener/blob/master/docs/proposals/10-shoot-additional-container-runtimes.md#design-details.

Why is this needed:
To enable containerd as CRI for CoreOS/Flatcar. Also needed for the docker deprecation gardener/gardener#4110

/area os usability
/kind enhancement
/priority 3

How to categorize this issue?

/area os
/kind bug

What happened:

The containerd-logrotate service fails with:

Dec 14 11:40:00 shoot--fcloud--mad-prod-shared-wrk-sw1c-n2dc8-z1-77b7c-spxkx systemd[678791]: containerd-logrotate.service: Failed at step EXEC spawning /usr/sbin/logrotate: No such file or directory

The logrotate binary indeed isn't in /usr/sbin, but in /usr/bin.

What you expected to happen:

The containerd configuration specifies the correct location of the logrotate binary and thus runs successfully.

How to reproduce it (as minimally and precisely as possible):

Spin up the environment below. Probably equal Gardener (including this extension) versions and the Flatcar version are sufficient.

Anything else we need to know?:

Environment:

• Gardener version (if relevant): 1.59.2
• Extension version: 1.15.0
• Kubernetes version (use kubectl version): 1.24.8
• Cloud provider or hardware configuration: Google Cloud
• Others: Flatcar version 3227.2.4

How to categorize this issue?

/area os
/kind enhancement

What would you like to be added: I'd like to rename the extension to flatcar

Why is this needed: To ensure people find that gardener supports flatcar linux. Just by searching for it, one might not find it, as you'd have to search for "coreos"

could we fork & rename the repo maybe?

From https://github.com/gardener/gardener-extensions/issues/122

All make commands require various dev resources to be available:

• golang
• helm
• various gnu utils such as tar, gzip, tr, base64, cut, find, grep, xargs.
• gingo
• linters.

I think that the most reasonable way to get reproducible builds and things such as make generate is to run those commands in a pre-build container image.