Use Cases
Introduction
Garden Linux is a Debian GNU/Linux derivative that provides small, auditable, and highly customizable Linux images for cloud providers, bare-metal servers, and container runtimes. It is the official Container Operating System for Gardener, the Kubernetes-as-a-Service project, and excels in cloud-native and containerized environments.
When to Choose Garden Linux
Consider Garden Linux when you need:
- Small, reproducible builds with a minimal attack surface
- Full hardware access or cloud-native optimizations
- Security-hardened or compliance-ready systems (FIPS, CIS)
- A modular, feature-based build system for custom OS variants
- Consistent operating system across multiple infrastructure platforms
Primary Use Cases
Gardener Kubernetes Nodes
Garden Linux is the default and officially recommended OS for Gardener and serves as the reference implementation in all Kubernetes conformance tests, ensuring full compatibility and reliability across cloud providers.
It is listed in the Gardener extensions documentation and maintained via the gardener-extension-os-gardenlinux controller. Garden Linux ships with the gardener feature pre-configured: containerd is installed (systemd unit disabled, enabled by Gardener).
This use case applies to AWS, Azure, GCP, OpenStack, and bare-metal platforms. Choose one of these when operating Kubernetes clusters managed by Gardener in public or private clouds.
Platforms: aws, azure, gcp, openstack, baremetal
Bare-Metal Gardener Kubernetes Nodes via IronCore
For organizations needing to run Gardener-managed Kubernetes on physical hardware, Garden Linux integrates with IronCore to provision bare-metal worker nodes via the Cluster API. This use case combines the capi (Cluster API) feature with the baremetal platform to enable PXE boot, ignition-based provisioning, and full hardware lifecycle management. It is designed for large-scale on-premises or edge deployments where control plane and worker nodes run on dedicated servers without a hypervisor layer.
IronCore provides the IaaS integration layer that translates Gardener's infrastructure requests into bare-metal operations.
Features: capi
Platform:baremetal
Vanilla Kubernetes Nodes
Garden Linux is also perfectly capable of running non-Gardener vanilla Kubernetes Nodes. Garden Linux ships with the khost feature pre-configured: containerd is installed.
This use case applies to all platforms. Choose this when operating vanilla Kubernetes clusters in public or private clouds.
Features: khost
Platforms:aws, azure, gcp, openstack, baremetal
Container Base Images
Garden Linux produces two families of Open Container Initiative (OCI) container images:
- Full images — Complete Debian-based environment with
apt, systemd, and common utilities. Suitable for applications that need a package manager or extensive tooling. - Bare images — Distroless-style images with only the runtime and its dependencies. Variants include
bare-libc(C/C++),bare-python(Python),bare-nodejs(Node.js), andbare-sapmachine(Java/SAP). These images have a minimal footprint and attack surface, omitting shells and package managers by design.
All container images are published to GitHub Container Registry. Use these as base images in your Containerfile or Dockerfile when you need an auditable, minimal foundation.
Features: container (full images), bare-* variants like bare-libc, bare-nodejs, bare-python, bare-sapmachine
Platform: container (full images)
Virtualization Host
Garden Linux serves well as host for virtualized environments by support running workloads in KVM/libvirt. Garden Linux ships with the vhost feature pre-configured:
This use case applies to all platforms. Choose this when operating KVM/libvirt hypervisors in public or private clouds.
Features: vhost
Platforms: aws, azure, gcp, openstack, baremetal
Supported Deployment Environments
Nearly all of the above use cases can be deployed in one of three environment categories:
Cloud Providers
Major public clouds are supported out of the box: AWS, Microsoft Azure, Google Cloud Platform (GCP), and OpenStack for private clouds. Garden Linux images include cloud-init for initialization.
On-Premises / Bare-Metal
Deploy directly to physical servers by writing a raw disk image (.raw) to the target drive or via PXE network boot. This environment gives complete hardware control with no hypervisor overhead. The baremetal platform includes drivers for common server hardware and supports UEFI and legacy BIOS boot modes. Use cases include data-center infrastructure nodes, edge appliances, and single-tenant hardware.
Virtualization & Local Development
Run Garden Linux as a guest virtual machine in libvirt/KVM, VMware and OpenStack or use libvirt/KVM or Lima for local development on Linux and macOS. This environment is ideal for testing, CI pipelines, and developer workflows where rapid iteration and reproducibility are priorities.
Common Flavors
The following table lists commonly used Garden Linux flavors. For the complete matrix including all variants (FIPS, USI, Trusted Boot, architectures), see Flavor Matrix.
| Flavor | Purpose | Key Features | Deployable In |
|---|---|---|---|
aws-gardener_prod | Gardener nodes on AWS | gardener, _prod, aws | Cloud |
azure-gardener_prod | Gardener nodes on Azure | gardener, _prod, azure | Cloud |
gcp-gardener_prod | Gardener nodes on GCP | gardener, _prod, gcp | Cloud |
openstack-gardener_prod | Gardener nodes on OpenStack | gardener, _prod, openstack | Cloud / On-Prem |
kvm-gardener_prod | Gardener nodes on KVM | gardener, _prod, kvm | Virtualization |
baremetal-gardener_prod | Gardener on physical hardware | gardener, _prod, baremetal | On-Prem |
baremetal-capi | IronCore / CAPI nodes | capi, baremetal | On-Prem (PXE) |
container | Generic OCI container base | container | All (build target) |
bare-libc | Minimal C/C++ runtime | distroless libc only | All (build target) |
bare-python | Minimal Python runtime | distroless Python | All (build target) |
bare-nodejs | Minimal Node.js runtime | distroless Node.js | All (build target) |
bare-sapmachine | Minimal Java/SAP runtime | distroless SAPMachine JDK | All (build target) |