Choosing Flavors
A Garden Linux flavor is a pre-composed combination of a platform target (e.g. aws, baremetal) and one or more features (e.g. gardener, _prod, _fips). The flavor name encodes both: <platform>-<feature1>_<feature2> (e.g. aws-gardener_prod).
This guide walks you through selecting the right flavor in four steps. For background on how flavors work, see Flavors. For the complete list of all published flavors, see the Flavor Matrix.
Step 1: Identify Your Use Case
Determine which of the primary Garden Linux use cases matches your workload. Each use case maps to a specific feature set.
| Use Case | Description | Suitable Feature | Go To |
|---|---|---|---|
| Gardener-managed Kubernetes nodes | Installs containerd for Gardener-managed Kubernetes; systemd unit disabled at build time and enabled by Gardener at runtime | gardener | Gardener Kubernetes Nodes |
| Bare-metal Gardener nodes via IronCore (Cluster API) | Cluster API support for bare-metal provisioning via IronCore | capi | Bare-Metal via IronCore |
| Vanilla (non-Gardener) Kubernetes nodes | Installs containerd for vanilla (non-Gardener) Kubernetes | khost | Vanilla Kubernetes Nodes |
| OCI container base image | Creates a tarball to use on all OCI Runtime Environments | container or bare-* | Container Base Images |
| KVM/libvirt virtualization host | Installs KVM kernel modules and libvirt for use as a hypervisor host | vhost | Virtualization Host |
TIP
If no existing use case matches, you can compose a custom flavor. See Building Images for instructions.
Step 2: Determine Your Target Platform
The platform identifies the hardware or cloud environment where the image runs. Choose the platform that corresponds to your infrastructure.
| Platform | Category | Description |
|---|---|---|
aws | Public cloud | Amazon Web Services EC2 |
azure | Public cloud | Microsoft Azure Virtual Machines |
gcp | Public cloud | Google Cloud Platform Compute Engine |
openstack | Private cloud | OpenStack-based private cloud or hosted OpenStack |
vmware | Hypervisor | VMware vSphere / ESXi |
kvm | Hypervisor | KVM/QEMU-based virtualization |
baremetal | Bare-metal | Physical servers, PXE boot, IronCore |
container | Container | Full OCI base images (Docker, Podman, containerd) |
lima | Local dev | Lima-based local development on Linux and macOS |
One platform per flavor
Each flavor must target exactly one platform. The build system enforces this by default — specifying zero or multiple platforms causes the build to fail. See ADR 0020 for the rationale and opt-in override.
For the full list of platform targets and their YAML schema, see Flavors Reference.
Step 3: Select additional Features
You can extend the use case and platform specific features with additional features. The most common features are listed below.
| Feature | Description |
|---|---|
_prod | Production hardening: disables debug tooling and applies security defaults |
_fips | FIPS 140-2 compliant cryptography |
_ephemeral | Provides an ephemeral encrypted /var |
_usi | Boot using a UKI with embedded EROFS root disk |
_trustedboot | Trusted Boot: validates the entire boot chain including the rootfs (includes _ephemeral and _usi, requires _tpm2 for persistent /var) |
_tpm2 | TPM 2.0 sealed disk encryption for /var, bound to the Secure Boot certificate chain (see Boot Modes: Mutable Data) |
Step 4: Look Up the Flavor Name
Once you have a platform and feature set, look up the exact flavor name and confirm it is published.
How features are joined into a flavor name
Garden Linux uses the CNAME system to construct canonical flavor names.
- Common flavors by use case: The Use Cases page includes a "Recommended Flavors" table under each use case section.
- Complete flavor list: The Flavor Matrix lists every flavor built from
flavors.yaml, with their resolved feature dependencies, architectures, and publication status.
TIP
The Flavor Matrix gives you an overview of pre-built flavors and the exact recursive features they contain.
TIP
If you do not find pre-built existing images for your use case, you can compose a custom flavor. See Building Images for instructions.
Example: Choosing a Gardener Flavor on AWS
The following walkthrough illustrates all four steps for a common scenario, an AWS Gardener node.
- Use case feature:
gardener(Gardener-managed Kubernetes node) - Platform:
aws(Amazon Web Services) - Features:
_prod(production hardening) - Flavor name:
aws-gardener_prod
To obtain the image for this flavor, see Getting Images.