diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh b/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh
index 80b0fb5834..6c6e1ba0cd 100644
--- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh
+++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh
@@ -2,14 +2,18 @@
 
 set -euo pipefail
 
-readonly SDK_OUTER_TOPDIR="${HOME}/flatcar-sdk"
+readonly SDK_OUTER_TOPSCRIPTSDIR="${HOME}/flatcar-sdk/scripts"
+readonly SDK_OUTER_TOPDIR="${SDK_OUTER_TOPSCRIPTSDIR}/sdk_container"
 readonly SDK_OUTER_SRCDIR="${SDK_OUTER_TOPDIR}/src"
 readonly SDK_INNER_SRCDIR="/mnt/host/source/src"
 
 readonly BUILDBOT_USERNAME="Flatcar Buildbot"
 readonly BUILDBOT_USEREMAIL="buildbot@flatcar-linux.org"
 
-function enter() ( cd ../../..; exec cork enter -- $@ )
+function enter() {
+  ${SDK_OUTER_TOPSCRIPTSDIR}/run_sdk_container -n "${PACKAGES_CONTAINER}" \
+    -C "${SDK_NAME}" "$@"
+}
 
 # Return a valid ebuild file name for ebuilds of the given category name,
 # package name, and the old version. If the single ebuild file already exists,
@@ -32,36 +36,48 @@ function get_ebuild_filename() {
 }
 
 function prepare_git_repo() {
-  local our_remote_url
-
+  # the original coreos-overlay repo outside the SDK container
   git config user.name "${BUILDBOT_USERNAME}"
   git config user.email "${BUILDBOT_USEREMAIL}"
   git reset --hard HEAD
   git fetch origin
-  git checkout -B "${BASE_BRANCH}" "origin/${BASE_BRANCH}"
-  our_remote_url=$(git remote get-url origin)
 
-  # setup overlay repo inside SDK too (be fork friendly)
-  git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" remote add our_remote "${our_remote_url}"
-  git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" fetch our_remote
-  git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" checkout -B "${BASE_BRANCH}" "our_remote/${BASE_BRANCH}"
+  git checkout -B "${BASE_BRANCH}" "origin/${BASE_BRANCH}"
+
+  # inside the SDK container
+  git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" config \
+    user.name "${BUILDBOT_USERNAME}"
+  git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" config \
+    user.email "${BUILDBOT_USEREMAIL}"
 }
 
 # caller needs to set pass a parameter as a branch name to be created.
 function checkout_branches() {
   TARGET_BRANCH=$1
+  CHECKOUT_SCRIPTS=$2
 
   [[ -z "${TARGET_BRANCH}" ]] && echo "No target branch specified. exit." && return 1
 
-  git -C "${SDK_OUTER_SRCDIR}/scripts" checkout -B "${BASE_BRANCH}" "github/${BASE_BRANCH}"
-  git -C "${SDK_OUTER_SRCDIR}/third_party/portage-stable" checkout -B "${BASE_BRANCH}" "github/${BASE_BRANCH}"
-
-  if git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" show-ref "remotes/our_remote/${TARGET_BRANCH}"; then
-    echo "Target branch already exists. exit.";
-    return 1
+  # Check out the scripts repo only if CHECKOUT_SCRIPTS == true, due to
+  # a corner case of its LTS-2021 branch does not have run_sdk_container.
+  if [[ "${CHECKOUT_SCRIPTS}" = true ]]; then
+    git -C "${SDK_OUTER_TOPSCRIPTSDIR}" checkout -B "${BASE_BRANCH}" \
+      "origin/${BASE_BRANCH}"
   fi
 
-  git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" checkout -B "${TARGET_BRANCH}" "our_remote/${BASE_BRANCH}"
+  # update submodules like portage-stable under the scripts directories
+  git submodule update --init --recursive
+
+  if git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" show-ref "remotes/origin/${TARGET_BRANCH}"; then
+    echo "Target branch already exists. exit.";
+  fi
+
+  # Each submodule directory should be explicitly set from BASE_BRANCH,
+  # as the submodule refs could be only updated during the night.
+  git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" checkout \
+    -B "${TARGET_BRANCH}" "origin/${BASE_BRANCH}"
+  git -C "${SDK_OUTER_SRCDIR}/third_party/portage-stable" checkout \
+    -B "${TARGET_BRANCH}" "origin/${BASE_BRANCH}"
 }
 
 function regenerate_manifest() {
@@ -115,7 +131,8 @@ function generate_patches() {
 
   pushd "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" >/dev/null || exit
 
-  enter ebuild "${SDK_INNER_SRCDIR}/third_party/coreos-overlay/${CATEGORY_NAME}/${PKGNAME_SIMPLE}/${PKGNAME_SIMPLE}-${VERSION_NEW}.ebuild" manifest --force
+  enter ebuild "${SDK_INNER_SRCDIR}/third_party/coreos-overlay/${CATEGORY_NAME}/${PKGNAME_SIMPLE}/${PKGNAME_SIMPLE}-${VERSION_NEW}.ebuild" \
+    manifest --force
 
   # We can only create the actual commit in the actual source directory, not under the SDK.
   # So create a format-patch, and apply to the actual source.
diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/setup-flatcar-sdk.sh b/sdk_container/src/third_party/coreos-overlay/.github/workflows/setup-flatcar-sdk.sh
index 6c7c06ecc4..08ef96bf37 100755
--- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/setup-flatcar-sdk.sh
+++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/setup-flatcar-sdk.sh
@@ -2,62 +2,51 @@
 
 set -euo pipefail
 
-sudo apt-get install -y lbzip2
+sudo ln -sfn /bin/bash /bin/sh
+sudo apt-get install -y ca-certificates curl git gnupg lbzip2 lsb-release \
+    qemu-user-static
+sudo mkdir -p /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
+    | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+echo \
+    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
+    https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
+    | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt-get update
+sudo apt-get install -y docker-ce docker-ce-cli containerd.io \
+    docker-compose-plugin
 
-CORK_VERSION=$(curl -sL https://api.github.com/repos/kinvolk/mantle/releases/latest | jq -r .tag_name | sed -e 's/^v//')
-curl -L -o cork https://github.com/kinvolk/mantle/releases/download/v"${CORK_VERSION}"/cork-"${CORK_VERSION}"-amd64
-curl -L -o cork.sig https://github.com/kinvolk/mantle/releases/download/v"${CORK_VERSION}"/cork-"${CORK_VERSION}"-amd64.sig
-curl -LO https://kinvolk.io/flatcar-container-linux/security/image-signing-key/Flatcar_Image_Signing_Key.asc
-gpg --import Flatcar_Image_Signing_Key.asc
-gpg --verify cork.sig cork
-rm -f cork.sig Flatcar_Image_Signing_Key.asc
-chmod +x cork
-mkdir -p ~/.local/bin
-mv cork ~/.local/bin
-
-export PATH=$PATH:$HOME/.local/bin
 mkdir -p ~/flatcar-sdk
+git -C ~/flatcar-sdk clone https://github.com/flatcar-linux/scripts
 
-pushd ~/flatcar-sdk || exit
-cork create || true
+pushd ~/flatcar-sdk/scripts || exit
 
-sudo tee "./chroot/etc/portage/make.conf" <<EOF
-PORTDIR="/mnt/host/source/src/third_party/portage-stable"
-PORTDIR_OVERLAY="/mnt/host/source/src/third_party/coreos-overlay"
-DISTDIR="/mnt/host/source/.cache/distfiles"
-PKGDIR="/var/lib/portage/pkgs"
-PORT_LOGDIR="/var/log/portage"
-EOF
+source ci-automation/ci_automation_common.sh
+source sdk_container/.repo/manifests/version.txt
 
-sudo tee "./chroot/etc/portage/repos.conf/coreos.conf" <<EOF
-[DEFAULT]
-main-repo = portage-stable
+git submodule update --init --recursive
 
-[gentoo]
-disabled = true
+arch="amd64"
+channel_version="alpha-${FLATCAR_VERSION_ID}"
+check_version_string "${channel_version}"
 
-[coreos]
-location = /mnt/host/source/src/third_party/coreos-overlay
+export SDK_NAME="flatcar-sdk-${arch}"
 
-[portage-stable]
-location = /mnt/host/source/src/third_party/portage-stable
-EOF
+# Pin the docker image version to that of the latest release.
+docker_sdk_vernum="$(curl -s -S -f -L \
+    https://alpha.release.flatcar-linux.net/amd64-usr/current/version.txt \
+    | grep -m 1 FLATCAR_SDK_VERSION= | cut -d = -f 2- \
+)"
 
-# /var under the chroot has to be writable by the runner user
-sudo chown -R runner:docker ~/flatcar-sdk/chroot/var
+docker_image_from_registry_or_buildcache "${SDK_NAME}" "${docker_sdk_vernum}"
+export SDK_NAME="$(docker_image_fullname "${SDK_NAME}" "${docker_sdk_vernum}")"
 
-function enter() ( exec cork enter -- $@ )
+vernum="${channel_version#*-}" # remove main-,alpha-,beta-,stable-,lts- version tag
+docker_vernum="$(vernum_to_docker_image_version "${vernum}")"
+export PACKAGES_CONTAINER="flatcar-packages-${arch}-${docker_vernum}"
 
-# To be able to generate metadata, we need to configure a profile
-# /etc/portage/make.profile, a symlink pointing to the SDK profile.
-enter sudo eselect profile set --force "coreos:coreos/amd64/sdk"
-
-# make edb directory group-writable to run egencache
-enter sudo chmod g+w /var/cache/edb
-
-git -C src/third_party/coreos-overlay reset --hard github/main
-git -C src/third_party/coreos-overlay config user.name 'Flatcar Buildbot'
-git -C src/third_party/coreos-overlay config user.email 'buildbot@flatcar-linux.org'
 popd || exit
 
 echo ::set-output name=path::"${PATH}"
+echo ::set-output name=PACKAGES_CONTAINER::"${PACKAGES_CONTAINER}"
+echo ::set-output name=SDK_NAME::"${SDK_NAME}"