Running Flatcar Container Linux on EC2

The current AMIs for all Flatcar Container Linux channels and EC2 regions are listed below and updated frequently. Using CloudFormation is the easiest way to launch a cluster, but it is also possible to follow the manual steps at the end of the article. Questions can be directed to the Flatcar Container Linux IRC channel or user mailing list.

Release retention time

After publishing, releases will remain available as public AMIs on AWS for 9 months. AMIs older than 9 months will be un-published in regular garbage collection sweeps. Please note that this will not impact existing AWS instances that use those releases. However, deploying new instances (e.g. in autoscaling groups pinned to a specific AMI) will not be possible after the AMI was un-published.

Choosing a channel

Flatcar Container Linux is designed to be updated automatically with different schedules per channel. You can disable this feature, although we don't recommend it. Read the release notes for specific features and bug fixes.

The Alpha channel closely tracks master and is released frequently. The newest versions of system libraries and utilities will be available for testing. The current version is Flatcar Container Linux 2671.0.0.

View as json feed: amd64 arm64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-02c90633cdd5ced17 Launch Stack
HVM (arm64) ami-0964633ea6f2af691 Launch Stack
ap-northeast-1 HVM (amd64) ami-0e4e85c890b7bd1da Launch Stack
HVM (arm64) ami-0a479ed46746f2644 Launch Stack
ap-northeast-2 HVM (amd64) ami-090da16d096b8fb79 Launch Stack
HVM (arm64) ami-09e9223f8a3acd23c Launch Stack
ap-south-1 HVM (amd64) ami-0c186365f8ca5f1e5 Launch Stack
HVM (arm64) ami-081cec883e07737b2 Launch Stack
ap-southeast-1 HVM (amd64) ami-0c784f197b316aa6c Launch Stack
HVM (arm64) ami-0c530783407ad68c4 Launch Stack
ap-southeast-2 HVM (amd64) ami-05c1cf492e6456d5c Launch Stack
HVM (arm64) ami-09bdf9095c2ec7e0b Launch Stack
ca-central-1 HVM (amd64) ami-03fef7dafa7e64f6b Launch Stack
HVM (arm64) ami-034aa6b2acce82732 Launch Stack
eu-central-1 HVM (amd64) ami-0bfc2796b24b651ca Launch Stack
HVM (arm64) ami-0895b52c27ebebef0 Launch Stack
eu-north-1 HVM (amd64) ami-03421d583f34a4c3f Launch Stack
HVM (arm64) ami-07471de1b3b027907 Launch Stack
eu-west-1 HVM (amd64) ami-01ce9e39c27faec11 Launch Stack
HVM (arm64) ami-0faee35b6282ca18c Launch Stack
eu-west-2 HVM (amd64) ami-0e58f7c89a564fa31 Launch Stack
HVM (arm64) ami-02d98fe2b5dfd25fa Launch Stack
eu-west-3 HVM (amd64) ami-01b699b6e915dc632 Launch Stack
HVM (arm64) ami-08ef17f937fee8505 Launch Stack
me-south-1 HVM (amd64) ami-013c0703d7215f5ad Launch Stack
HVM (arm64) ami-05f915f5a5ec3769a Launch Stack
sa-east-1 HVM (amd64) ami-03ef10605d8d214cb Launch Stack
HVM (arm64) ami-0921e24653b3e0976 Launch Stack
us-east-1 HVM (amd64) ami-0d539c267683892ad Launch Stack
HVM (arm64) ami-0de23350967a48639 Launch Stack
us-east-2 HVM (amd64) ami-010730c33d23f2519 Launch Stack
HVM (arm64) ami-00a5f4f0b69d98b49 Launch Stack
us-west-1 HVM (amd64) ami-0c459eb9c710f1018 Launch Stack
HVM (arm64) ami-0356def5eaa3789dc Launch Stack
us-west-2 HVM (amd64) ami-0b84a884aa890548e Launch Stack
HVM (arm64) ami-0c6164a6bfd4dc827 Launch Stack

The Beta channel consists of promoted Alpha releases. The current version is Flatcar Container Linux 2643.1.1.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0d281ff82b86662b8 Launch Stack
ap-northeast-1 HVM (amd64) ami-0d42cd77b99d73bbb Launch Stack
ap-northeast-2 HVM (amd64) ami-05743438594770981 Launch Stack
ap-south-1 HVM (amd64) ami-0edd0bbe7cd7da4ae Launch Stack
ap-southeast-1 HVM (amd64) ami-0afd0e7cae6b7dd79 Launch Stack
ap-southeast-2 HVM (amd64) ami-0ff964ce5926a757a Launch Stack
ca-central-1 HVM (amd64) ami-0f382180c48787a87 Launch Stack
eu-central-1 HVM (amd64) ami-03b26558725b0672a Launch Stack
eu-north-1 HVM (amd64) ami-0653fad0b84187c1d Launch Stack
eu-west-1 HVM (amd64) ami-0483309096c585ee1 Launch Stack
eu-west-2 HVM (amd64) ami-084acf53b703a41a3 Launch Stack
eu-west-3 HVM (amd64) ami-0b3c417324fb50f75 Launch Stack
me-south-1 HVM (amd64) ami-0ab9cf6af23675d3a Launch Stack
sa-east-1 HVM (amd64) ami-0c20151fcdaf3ace9 Launch Stack
us-east-1 HVM (amd64) ami-090fe4fa01c15cecf Launch Stack
us-east-2 HVM (amd64) ami-00a38eb907df07525 Launch Stack
us-west-1 HVM (amd64) ami-0613aeb00ed02adbe Launch Stack
us-west-2 HVM (amd64) ami-0c527b79bd8cddfb7 Launch Stack

The Edge channel includes bleeding-edge features with the newest versions of the Linux kernel, systemd and other core packages. Can be highly unstable. The current version is Flatcar Container Linux 2466.99.0.

EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0029ed2c00b284a95 Launch Stack
HVM (arm64) ami-0cde7033fa6bcee17 Launch Stack
ap-northeast-1 HVM (amd64) ami-03de4455102b2a92e Launch Stack
HVM (arm64) ami-0a9ea66ee2b271587 Launch Stack
ap-northeast-2 HVM (amd64) ami-0fa29269023d95001 Launch Stack
HVM (arm64) ami-074cb3948a34017a0 Launch Stack
ap-south-1 HVM (amd64) ami-0fb46b600f2aca4e1 Launch Stack
HVM (arm64) ami-0ceaed7c9d0f87d45 Launch Stack
ap-southeast-1 HVM (amd64) ami-0a6b32f389401c177 Launch Stack
HVM (arm64) ami-0518d47f3b8b44d5b Launch Stack
ap-southeast-2 HVM (amd64) ami-0412490cf5c6a15d3 Launch Stack
HVM (arm64) ami-041e3a6cbb758958a Launch Stack
ca-central-1 HVM (amd64) ami-076025e2f28c65607 Launch Stack
HVM (arm64) ami-07fdb592799a132cf Launch Stack
eu-central-1 HVM (amd64) ami-009f30f06e90a2962 Launch Stack
HVM (arm64) ami-05fc26d5d73ca1f6b Launch Stack
eu-north-1 HVM (amd64) ami-093a034857b0e19ae Launch Stack
HVM (arm64) ami-0fd671b8a15ca5e0f Launch Stack
eu-west-1 HVM (amd64) ami-0acd84e3d8e79c595 Launch Stack
HVM (arm64) ami-00fca33bcd7f93826 Launch Stack
eu-west-2 HVM (amd64) ami-0a844c6e6ed7e8591 Launch Stack
HVM (arm64) ami-0ff13ff8623ef93f4 Launch Stack
eu-west-3 HVM (amd64) ami-09bb22740c97e5fb0 Launch Stack
HVM (arm64) ami-02b8b9c099f9868f9 Launch Stack
me-south-1 HVM (amd64) ami-066ef9a0660b99958 Launch Stack
HVM (arm64) ami-0d7a8f9f15c1e5234 Launch Stack
sa-east-1 HVM (amd64) ami-0f1401074345667c6 Launch Stack
HVM (arm64) ami-0de4279896aa46920 Launch Stack
us-east-1 HVM (amd64) ami-0157dca117b3d3e5d Launch Stack
HVM (arm64) ami-0422302ecc961671f Launch Stack
us-east-2 HVM (amd64) ami-06f0a4868bcdfd485 Launch Stack
HVM (arm64) ami-0a2b7312228a58f6c Launch Stack
us-west-1 HVM (amd64) ami-081652cd66d10f632 Launch Stack
HVM (arm64) ami-02bd3609d5a2b957a Launch Stack
us-west-2 HVM (amd64) ami-053930c06131d49ad Launch Stack
HVM (arm64) ami-0d8325578a3100869 Launch Stack

The Stable channel should be used by production clusters. Versions of Flatcar Container Linux are battle-tested within the Beta and Alpha channels before being promoted. The current version is Flatcar Container Linux 2605.8.0.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0a5e8db3f2d9a83d7 Launch Stack
ap-northeast-1 HVM (amd64) ami-0da7ff5b0d88b0f70 Launch Stack
ap-northeast-2 HVM (amd64) ami-001762e18e5b9ad65 Launch Stack
ap-south-1 HVM (amd64) ami-045aea6d72d3198a9 Launch Stack
ap-southeast-1 HVM (amd64) ami-04ea62937d9ce8e98 Launch Stack
ap-southeast-2 HVM (amd64) ami-0934a29645bf8c9c3 Launch Stack
ca-central-1 HVM (amd64) ami-03cf05aa25f3b8654 Launch Stack
eu-central-1 HVM (amd64) ami-01b3ed9fb3861422d Launch Stack
eu-north-1 HVM (amd64) ami-0964e6edec73c754e Launch Stack
eu-west-1 HVM (amd64) ami-0ce8041e111a5e0c1 Launch Stack
eu-west-2 HVM (amd64) ami-0de1cf6a241b43cb4 Launch Stack
eu-west-3 HVM (amd64) ami-0cbf5357d24278be2 Launch Stack
me-south-1 HVM (amd64) ami-0fd9927614cb049d9 Launch Stack
sa-east-1 HVM (amd64) ami-02ac7cb1e91d1ecf4 Launch Stack
us-east-1 HVM (amd64) ami-006c88b6ca69f7811 Launch Stack
us-east-2 HVM (amd64) ami-058a15cede9a8dbe8 Launch Stack
us-west-1 HVM (amd64) ami-0b553b7d6c8ae2e4d Launch Stack
us-west-2 HVM (amd64) ami-07ead16a3df6a7bd4 Launch Stack

AWS China AMIs maintained by Giant Swarm

The following AMIs are not part of the official Flatcar Container Linux release process and may lag behind (query version).

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
cn-north-1 HVM (amd64) ami-04f9e6933f6fa15b9 Launch Stack
cn-northwest-1 HVM (amd64) ami-0d111dd1105ac9280 Launch Stack

CloudFormation will launch a cluster of Flatcar Container Linux machines with a security and autoscaling group.

Container Linux Configs

Flatcar Container Linux allows you to configure machine parameters, configure networking, launch systemd units on startup, and more via Container Linux Configs. These configs are then transpiled into Ignition configs and given to booting machines. Head over to the docs to learn about the supported features.

You can provide a raw Ignition config to Flatcar Container Linux via the Amazon web console or via the EC2 API.

As an example, this Container Linux Config will configure and start etcd:

etcd:
  # All options get passed as command line flags to etcd.
  # Any information inside curly braces comes from the machine at boot time.

  # multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
  advertise_client_urls:       "http://{PRIVATE_IPV4}:2379"
  initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
  # listen on both the official ports and the legacy ports
  # legacy ports can be omitted if your application doesn't depend on them
  listen_client_urls:          "http://0.0.0.0:2379"
  listen_peer_urls:            "http://{PRIVATE_IPV4}:2380"
  # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
  # specify the initial size of your cluster with ?size=X
  discovery:                   "https://discovery.etcd.io/<token>"

Instance storage

Ephemeral disks and additional EBS volumes attached to instances can be mounted with a .mount unit. Amazon's block storage devices are attached differently depending on the instance type. Here's the Container Linux Config to format and mount the first ephemeral disk, xvdb, on most instance types:

storage:
  filesystems:
    - mount:
        device: /dev/xvdb
        format: ext4
        wipe_filesystem: true

systemd:
  units:
    - name: media-ephemeral.mount
      enable: true
      contents: |
        [Mount]
        What=/dev/xvdb
        Where=/media/ephemeral
        Type=ext4

        [Install]
        RequiredBy=local-fs.target

For more information about mounting storage, Amazon's own documentation is the best source. You can also read about mounting storage on Flatcar Container Linux.

Adding more machines

To add more instances to the cluster, just launch more with the same Container Linux Config, the appropriate security group and the AMI for that region. New instances will join the cluster regardless of region if the security groups are configured correctly.

SSH to your instances

Flatcar Container Linux is set up to be a little more secure than other cloud images. By default, it uses the core user instead of root and doesn't use a password for authentication. You'll need to add an SSH key(s) via the AWS console or add keys/passwords via your Container Linux Config in order to log in.

To connect to an instance after it's created, run:

ssh core@<ip address>

Multiple clusters

If you would like to create multiple clusters you will need to change the "Stack Name". You can find the direct template file on S3.

Manual setup

TL;DR: launch three instances of ami-0d539c267683892ad (amd64) in us-east-1 with a security group that has open port 22, 2379, 2380, 4001, and 7001 and the same "User Data" of each host. SSH uses the core user and you have etcd and Docker to play with.

Creating the security group

You need open port 2379, 2380, 7001 and 4001 between servers in the etcd cluster. Step by step instructions below.

This step is only needed once

First we need to create a security group to allow Flatcar Container Linux instances to communicate with one another.

  1. Go to the security group page in the EC2 console.
  2. Click "Create Security Group"
    • Name: flatcar-testing
    • Description: Flatcar Container Linux instances
    • VPC: No VPC
    • Click: "Yes, Create"
  3. In the details of the security group, click the Inbound tab
  4. First, create a security group rule for SSH
    • Create a new rule: SSH
    • Source: 0.0.0.0/0
    • Click: "Add Rule"
  5. Add two security group rules for etcd communication
    • Create a new rule: Custom TCP rule
    • Port range: 2379
    • Source: type "flatcar-testing" until your security group auto-completes. Should be something like "sg-8d4feabc"
    • Click: "Add Rule"
    • Repeat this process for port range 2380, 4001 and 7001 as well
  6. Click "Apply Rule Changes"

Launching a test cluster

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-0d539c267683892ad (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:3
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-090fe4fa01c15cecf (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:4
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-006c88b6ca69f7811 (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:5
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

Installation from a VMDK image

One of the possible ways of installation is to import the generated VMDK Flatcar image as a snapshot. The image file will be in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2. Make sure you download the signature (it's available in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2.sig) and check it before proceeding.

$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2
$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2.sig
$ gpg --verify flatcar_production_ami_vmdk_image.vmdk.bz2.sig
gpg: assuming signed data in 'flatcar_production_ami_vmdk_image.vmdk.bz2'
gpg: Signature made Thu 15 Mar 2018 10:27:57 AM CET
gpg:                using RSA key A621F1DA96C93C639506832D603443A1D0FC498C
gpg: Good signature from "Flatcar Buildbot (Official Builds) <buildbot@flatcar-linux.org>" [ultimate]

Then, follow the instructions in Importing a Disk as a Snapshot Using VM Import/Export. You'll need to upload the uncompressed vmdk file to S3.

After the snapshot is imported, you can go to "Snapshots" in the EC2 dashboard, and generate an AMI image from it. To make it work, use /dev/sda2 as the "Root device name" and you probably want to select "Hardware-assisted virtualization" as "Virtualization type".

Using Flatcar Container Linux

Now that you have a machine booted it is time to play around. Check out the Flatcar Container Linux Quickstart guide or dig into more specific topics.