A bootable USB stick that provisions a bare metal node into a self-bootstrapping Kubernetes seed cluster with integrated routing.
- Boots from USB and installs Flatcar Linux to disk
- Configures Gateway (choose your mode):
- Strata Router (default): Native Flatcar routing (~270MB RAM) β Recommended
- VyOS on KubeVirt: VM-based routing (~4GB RAM)
- Runs Strata to provision your infrastructure from
topology.yaml - Pivots the controller to Layer 1 and goes dormant
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Flatcar USB Seed β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Gateway Mode Selection β β
β β (select-gateway-mode.sh) β β
β βββββββββββββββββββββββ¬ββββββββββββββββββββββββ¬ββββββββββββββββββββ β
β β β β
β βββββββββββββββΌββββββββββββββ ββββββΌβββββββββββββββββββββ β
β β Strata Router Mode β β VyOS Mode β β
β β (Recommended) β β (Legacy) β β
β β βββββββββββββββββββββββ β β ββββββββββββββββββββββ β β
β β β systemd-networkd β β β β k0s Cluster β β β
β β β nftables β β β β KubeVirt β β β
β β β FRR (container) β β β β VyOS VM β β β
β β β CoreDNS (container)β β β ββββββββββββββββββββββ β β
β β βββββββββββββββββββββββ β β β β
β β RAM: ~270MB β β RAM: ~4GB β β
β β Boot: ~10s β β Boot: ~60s β β
β βββββββββββββββββββββββββββββ βββββββββββββββββββββββββββ β
β β β β
β βββββββββββββ¬ββββββββββββ β
β βΌ β
β βββββββββββββββββββββββββββββββββ β
β β Strata Provisioner β β
β β (provisions Layer 1+) β β
β βββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Feature | Strata Router | VyOS on KubeVirt |
|---|---|---|
| RAM Usage | ~270MB | ~4GB |
| Boot Time | ~10s | ~60s |
| Throughput | ~40Gbps | ~10Gbps |
| Dependencies | None | k0s + KubeVirt |
| Complexity | Low | High |
| Migration | New standard | Legacy support |
Native Flatcar routing using Linux networking primitives:
- systemd-networkd β Interface configuration, VLANs, VXLAN
- nftables β Stateful firewall and NAT
- FRR β BGP/OSPF routing (containerized)
- CoreDNS β DNS resolver and caching (containerized)
# config/seed-config.yaml
gateway_mode: "strata-router"
strata_router:
wan:
interface: "eth1"
ip: "10.100.0.1/24"
gateway: "10.100.0.254"
lan:
interface: "eth2"
ip: "10.100.1.1/24"
bgp:
asn: 65001
neighbors:
- ip: "10.100.0.254"
asn: 65000Runs VyOS as a KubeVirt virtual machine. Use this for:
- Compatibility with existing VyOS configurations
- Features not yet in Strata Router (IPsec, advanced firewall rules)
# config/seed-config.yaml
gateway_mode: "vyos"
vyos:
bgp_asn: 65001
bgp_neighbor: "192.168.1.254"
bgp_neighbor_asn: 65000# 1. Clone the repo
git clone https://github.com/your-org/flatcar-usb-seed.git
cd flatcar-usb-seed
# 2. Check dependencies
make deps
# 3. Customize configuration
cp config/seed-config.example.yaml config/seed-config.yaml
cp config/ssh_authorized_keys.example config/ssh_authorized_keys
vim config/seed-config.yaml
# 4. Validate and Generate config
make validate
make generate-templates
# 5. (Optional) Embed the Strata provisioner
make embed-provisioner
# 5. Build the USB image
make usb GATEWAY_MODE=strata-router
# 6. Write to USB stick
sudo dd if=build/seed-usb.img of=/dev/sdX bs=4M status=progress
# 7. Plug USB into your seed node and boot from itRequired tools on the build machine:
- butane β Transpiles Butane YAML to Ignition JSON
- coreos-installer β Customizes ISO with Ignition
- jq β JSON processing (for Ignition merging)
- curl β Download Flatcar ISO
- python3 β Config validation (requires PyYAML)
- yq (optional) or python3 β Template generation
Install on Fedora/RHEL:
sudo dnf install butane coreos-installer jq curl python3 python3-pyyamlflatcar-usb-seed/
βββ butane/ # Butane (Ignition) configs
β βββ seed.bu # Base config (common to all modes)
β βββ strata-router.bu # Strata Router mode additions
β βββ vyos.bu # VyOS mode additions
βββ scripts/ # Build and runtime scripts
β βββ select-gateway-mode.sh # Chooses gateway at boot
β βββ configure-strata-router.sh
β βββ install-k0s.sh
β βββ install-kubevirt.sh
β βββ deploy-vyos.sh
β βββ run-provisioner.sh
βββ templates/ # Configuration templates
β βββ nftables.conf # Firewall rules
β βββ frr.conf # FRR routing config
β βββ Corefile # CoreDNS config
βββ manifests/ # Kubernetes manifests
β βββ kubevirt-operator.yaml
β βββ vyos-vm.yaml
β βββ multus-bridge.yaml
βββ config/ # User configuration
β βββ seed-config.example.yaml
β βββ ssh_authorized_keys.example
βββ embed/ # Embedded binaries
β βββ strata # Strata provisioner (fetched via fetch-provisioner.sh)
β βββ topology.yaml # Infrastructure definition
βββ Makefile # Build system
βββ build/ # Output directory (gitignored)
This is the main configuration file. Key sections:
| Section | Description |
|---|---|
gateway_mode |
strata-router or vyos |
network |
Management interface settings |
strata_router |
WAN/LAN interfaces, BGP, DNS |
vyos |
VyOS-specific BGP and DHCP settings |
provisioner |
Strata provisioner settings |
See config/seed-config.example.yaml for all options.
Defines the infrastructure that Strata will provision. This file is embedded in the USB image and used by the Strata provisioner to deploy your datacenter.
See embed/topology.yaml for an example.
USB Boot β Flatcar Install β Ignition
β
βββ select-gateway-mode.sh
β βββ Creates /opt/seed/.strata-router-mode
β
βββ sysctl-router.service
β βββ Enable IP forwarding
β
βββ nftables.service
β βββ Load firewall rules
β
βββ frr.service (Quadlet)
β βββ Start FRR container (BGP/OSPF)
β
βββ coredns.service (Quadlet)
β βββ Start CoreDNS container
β
βββ strata-router-gateway.service
β βββ Verify all components
β
βββ seed-provisioner.service
βββ Run Strata to provision Layer 1+
USB Boot β Flatcar Install β Ignition
β
βββ select-gateway-mode.sh
β βββ Creates /opt/seed/.vyos-mode
β
βββ seed-k0s-install.service
β βββ Install k0s single-node cluster
β
βββ seed-kubevirt-install.service
β βββ Install KubeVirt operator
β
βββ seed-vyos-deploy.service
β βββ Deploy VyOS VM
β
βββ seed-provisioner.service
βββ Run Strata to provision Layer 1+
ssh core@<seed-ip>
# Which mode is active?
ls /opt/seed/.*-mode
# /opt/seed/.strata-router-mode OR /opt/seed/.vyos-mode
# Check running services
systemctl status strata-router-gateway.service # Strata Router
systemctl status seed-vyos-deploy.service # VyOS# Check FRR BGP neighbors
sudo podman exec -it systemd-frr vtysh -c "show bgp summary"
# Check nftables rules
sudo nft list ruleset
# Check CoreDNS
dig @10.100.1.1 example.com
# Check resource usage (should be ~200-300MB)
free -h
# View container logs
sudo podman logs systemd-frr
sudo podman logs systemd-coredns# Check k0s status
k0s status
# Check KubeVirt
kubectl --kubeconfig=/var/lib/k0s/pki/admin.conf get kubevirt -n kubevirt
# Check VyOS VM
kubectl --kubeconfig=/var/lib/k0s/pki/admin.conf get vmi -A
# Access VyOS console
virtctl console vyos-gateway -n defaultThis repository provides the bootable USB image that deploys a seed node. The seed node runs the Strata provisioner which then provisions additional infrastructure layers.
flatcar-usb-seed β Provisions seed node
β
ββββ strata β Provisions Layer 1, 2, 3...
See Strata documentation for topology configuration and provisioning details.
Apache 2.0