We like to define Kairos as a meta-Linux Distribution, as its goal is to convert other distros to an immutable layout with Kubernetes Native components.


The Kairos stack is composed of the following:

  • A core OS image release for each flavor in ISO, qcow2, and other similar formats (see the list of supported distributions) provided for user convenience
  • A release with K3s embedded.
  • A set of Kubernetes Native API components (CRDs) to install into the control-plane node, to manage deployment, artifacts creation, and lifecycle (WIP).
  • A set of Kubernetes Native API components (CRDs) to install into the target nodes to manage and control the node after deployment (WIP).
  • An agent installed into the nodes to be compliant with Kubernetes Native API components mentioned above.

Every component is extensible and modular such as it can be customized and replaced in the stack and built off either locally or with Kubernetes.

Internal components

Kairos encompasses several components, external and internal.


  • kairos is the main repository, building the kairos-agent and containing the image definitions which runs on our CI pipelines.
  • immucore is the immutability management interface.
  • AuroraBoot is the Kairos Node bootstrapper
  • elemental-cli manages the installation, reset, and upgrade of the Kairos node.
  • system packages contains additional packages, cross-distro, partly used in framework images
  • kcrypt is the component responsible for encryption and decryption of data at rest
  • kcrypt-challenger is the kairos plugin that works with the TPM chip to unlock LUKS partitions
  • osbuilder is used to build bootable artifacts from container images
  • entangle a CRD to interconnect Kubernetes clusters
  • entangle-proxy a CRD to control interconnetted clusters


  • K3s as a Kubernetes distribution
  • edgevpn (optional) as fabric for the distributed network, node coordination and bootstrap. Provides also embedded DNS capabilities for the cluster. Internally uses libp2p for the P2P mesh capabilities.
  • nohang A sophisticated low memory handler for Linux.