Running Flatcar Container Linux on EC2

The current AMIs for all Flatcar Container Linux channels and EC2 regions are listed below and updated frequently. Using CloudFormation is the easiest way to launch a cluster, but it is also possible to follow the manual steps at the end of the article. Questions can be directed to the Flatcar Container Linux IRC channel or user mailing list.

Choosing a channel

Flatcar Container Linux is designed to be updated automatically with different schedules per channel. You can disable this feature, although we don't recommend it. Read the release notes for specific features and bug fixes.

The Alpha channel closely tracks master and is released frequently. The newest versions of system libraries and utilities will be available for testing. The current version is Flatcar Container Linux 2430.0.0.

View as json feed: amd64 arm64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0730934311a5bcae9 Launch Stack
HVM (arm64) ami-0c10dd776de6227ff Launch Stack
ap-northeast-1 HVM (amd64) ami-0beec89908dd94f09 Launch Stack
HVM (arm64) ami-049220f3fd045b312 Launch Stack
ap-northeast-2 HVM (amd64) ami-0825c0e2a992ce82e Launch Stack
HVM (arm64) ami-05b6ad44bf0b14893 Launch Stack
ap-south-1 HVM (amd64) ami-0690e97cfe41a6b13 Launch Stack
HVM (arm64) ami-0b40ead16298f0a52 Launch Stack
ap-southeast-1 HVM (amd64) ami-0335a2279da35dfff Launch Stack
HVM (arm64) ami-086d5171d02d07018 Launch Stack
ap-southeast-2 HVM (amd64) ami-081e8adfc2cf19c1a Launch Stack
HVM (arm64) ami-02fbc7ba3ec21b1a9 Launch Stack
ca-central-1 HVM (amd64) ami-0c02cd7e6ac19f591 Launch Stack
HVM (arm64) ami-03d8c91552321606c Launch Stack
eu-central-1 HVM (amd64) ami-02eb205f202bb4c72 Launch Stack
HVM (arm64) ami-083a11bc5c5051eb7 Launch Stack
eu-north-1 HVM (amd64) ami-0a95a9dc85e8a2461 Launch Stack
HVM (arm64) ami-077473e023b8f174e Launch Stack
eu-west-1 HVM (amd64) ami-00ccc647f05ddd3aa Launch Stack
HVM (arm64) ami-0a8485bdb18256a40 Launch Stack
eu-west-2 HVM (amd64) ami-056852bc96569fe08 Launch Stack
HVM (arm64) ami-0f8202f7ca36312b3 Launch Stack
eu-west-3 HVM (amd64) ami-0accf48d59191570b Launch Stack
HVM (arm64) ami-034f6f7b93e0db846 Launch Stack
me-south-1 HVM (amd64) ami-0084b95db06577671 Launch Stack
HVM (arm64) ami-0e0b9af8ca9c5f236 Launch Stack
sa-east-1 HVM (amd64) ami-0bf7b668ee92d4674 Launch Stack
HVM (arm64) ami-0b9bf9c472f3241d8 Launch Stack
us-east-1 HVM (amd64) ami-0f66e97cb7e04c4e0 Launch Stack
HVM (arm64) ami-0cfd37a9abd675ca7 Launch Stack
us-east-2 HVM (amd64) ami-0f5e079d5b04876cc Launch Stack
HVM (arm64) ami-0607714ce1b3fbb31 Launch Stack
us-west-1 HVM (amd64) ami-07b237219e5bed78b Launch Stack
HVM (arm64) ami-05f9780467484ea8a Launch Stack
us-west-2 HVM (amd64) ami-0a5fa4f2f22b57332 Launch Stack
HVM (arm64) ami-0c315d73cc9b906a0 Launch Stack

The Beta channel consists of promoted Alpha releases. The current version is Flatcar Container Linux 2411.1.1.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-094a17df2c04846f1 Launch Stack
ap-northeast-1 HVM (amd64) ami-0656b2d8d1d7fe5bf Launch Stack
ap-northeast-2 HVM (amd64) ami-05ccd3e3ea97d80ea Launch Stack
ap-south-1 HVM (amd64) ami-0649535d398275e32 Launch Stack
ap-southeast-1 HVM (amd64) ami-0db13a0432258b24d Launch Stack
ap-southeast-2 HVM (amd64) ami-08388076c657ccf5d Launch Stack
ca-central-1 HVM (amd64) ami-07336e1a8f2316c33 Launch Stack
eu-central-1 HVM (amd64) ami-0db7f308ad91d777a Launch Stack
eu-north-1 HVM (amd64) ami-035bbb464ea312bf8 Launch Stack
eu-west-1 HVM (amd64) ami-03be86c306a2d74c3 Launch Stack
eu-west-2 HVM (amd64) ami-0c8cb58747e9aad2e Launch Stack
eu-west-3 HVM (amd64) ami-0a44f285267dbc05f Launch Stack
me-south-1 HVM (amd64) ami-0158e04d922c5f7b5 Launch Stack
sa-east-1 HVM (amd64) ami-0cacff28830fd7cbd Launch Stack
us-east-1 HVM (amd64) ami-0ceae9e39f72395cb Launch Stack
us-east-2 HVM (amd64) ami-0d9b99f6bb13d5c11 Launch Stack
us-west-1 HVM (amd64) ami-0019f949a24751279 Launch Stack
us-west-2 HVM (amd64) ami-0e8be0f2fc72cb917 Launch Stack

The Edge channel includes bleeding-edge features with the newest versions of the Linux kernel, systemd and other core packages. Can be highly unstable. The current version is Flatcar Container Linux 2430.99.0.

EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-013a97215b260ff49 Launch Stack
HVM (arm64) ami-007c395a13c3bebd2 Launch Stack
ap-northeast-1 HVM (amd64) ami-020bf711a53526af6 Launch Stack
HVM (arm64) ami-073a8f21236b18876 Launch Stack
ap-northeast-2 HVM (amd64) ami-00f56ce8897df52ea Launch Stack
HVM (arm64) ami-0e75e400db1551949 Launch Stack
ap-south-1 HVM (amd64) ami-0c4ac47749e42bfb3 Launch Stack
HVM (arm64) ami-000aac8d84bf86dad Launch Stack
ap-southeast-1 HVM (amd64) ami-06cd560aa5daf6605 Launch Stack
HVM (arm64) ami-0bdb2d17b033c9e57 Launch Stack
ap-southeast-2 HVM (amd64) ami-0eeb8c93f6403ff05 Launch Stack
HVM (arm64) ami-07fe1477069803752 Launch Stack
ca-central-1 HVM (amd64) ami-0c7fe09b10e2b51d9 Launch Stack
HVM (arm64) ami-07984b6cd8e48cf26 Launch Stack
eu-central-1 HVM (amd64) ami-05f72d7c928cf38b5 Launch Stack
HVM (arm64) ami-0bf019bf01ce5e71f Launch Stack
eu-north-1 HVM (amd64) ami-04f9342bab755e3d0 Launch Stack
HVM (arm64) ami-01a8deee8dd7db069 Launch Stack
eu-west-1 HVM (amd64) ami-0fd134aa9fc54a842 Launch Stack
HVM (arm64) ami-05728a2a3ae00692e Launch Stack
eu-west-2 HVM (amd64) ami-07e1c9468996844ac Launch Stack
HVM (arm64) ami-0deedefa3f0171906 Launch Stack
eu-west-3 HVM (amd64) ami-05600c71824598d7d Launch Stack
HVM (arm64) ami-015a0b1330e4f397d Launch Stack
me-south-1 HVM (amd64) ami-01d87e9e6f7de7986 Launch Stack
HVM (arm64) ami-0c053a9fded6e2843 Launch Stack
sa-east-1 HVM (amd64) ami-08c25916ebfa8cc57 Launch Stack
HVM (arm64) ami-0f0151babdeed35ba Launch Stack
us-east-1 HVM (amd64) ami-091a7a49c5c6dd8b2 Launch Stack
HVM (arm64) ami-0b9df6c7e97631ad0 Launch Stack
us-east-2 HVM (amd64) ami-0ae797dd9cc55b2db Launch Stack
HVM (arm64) ami-016b724674866cc10 Launch Stack
us-west-1 HVM (amd64) ami-08e969c1c13e20f96 Launch Stack
HVM (arm64) ami-0e7fcd343cb576f49 Launch Stack
us-west-2 HVM (amd64) ami-02a6472eb307b9c36 Launch Stack
HVM (arm64) ami-033a518ae5bf097aa Launch Stack

The Stable channel should be used by production clusters. Versions of Flatcar Container Linux are battle-tested within the Beta and Alpha channels before being promoted. The current version is Flatcar Container Linux 2345.3.1.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0e28e38ecce552688 Launch Stack
ap-northeast-1 HVM (amd64) ami-074891de68922e1f4 Launch Stack
ap-northeast-2 HVM (amd64) ami-0a1a6a05c79bcdfe4 Launch Stack
ap-south-1 HVM (amd64) ami-0765ae35424be8ad8 Launch Stack
ap-southeast-1 HVM (amd64) ami-0f20e37280d5c8c5c Launch Stack
ap-southeast-2 HVM (amd64) ami-016e5e9a74cc6ef86 Launch Stack
ca-central-1 HVM (amd64) ami-09afcf2e90761d6e6 Launch Stack
eu-central-1 HVM (amd64) ami-0a9a5d2b65cce04eb Launch Stack
eu-north-1 HVM (amd64) ami-0bbfc19aa4c355fe2 Launch Stack
eu-west-1 HVM (amd64) ami-002db020452770c0f Launch Stack
eu-west-2 HVM (amd64) ami-024928e37dcc18a42 Launch Stack
eu-west-3 HVM (amd64) ami-083e4a190c9b050b1 Launch Stack
me-south-1 HVM (amd64) ami-078eb26f287443167 Launch Stack
sa-east-1 HVM (amd64) ami-01180d594d0315f65 Launch Stack
us-east-1 HVM (amd64) ami-011655f166912d5ba Launch Stack
us-east-2 HVM (amd64) ami-0e30f3d8cbc900ff4 Launch Stack
us-west-1 HVM (amd64) ami-0360d32ce24f1f05f Launch Stack
us-west-2 HVM (amd64) ami-0c1654a9988866a1f Launch Stack

CloudFormation will launch a cluster of Flatcar Container Linux machines with a security and autoscaling group.

Container Linux Configs

Flatcar Container Linux allows you to configure machine parameters, configure networking, launch systemd units on startup, and more via Container Linux Configs. These configs are then transpiled into Ignition configs and given to booting machines. Head over to the docs to learn about the supported features.

You can provide a raw Ignition config to Flatcar Container Linux via the Amazon web console or via the EC2 API.

As an example, this Container Linux Config will configure and start etcd:

etcd:
  # All options get passed as command line flags to etcd.
  # Any information inside curly braces comes from the machine at boot time.

  # multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
  advertise_client_urls:       "http://{PRIVATE_IPV4}:2379"
  initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
  # listen on both the official ports and the legacy ports
  # legacy ports can be omitted if your application doesn't depend on them
  listen_client_urls:          "http://0.0.0.0:2379"
  listen_peer_urls:            "http://{PRIVATE_IPV4}:2380"
  # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
  # specify the initial size of your cluster with ?size=X
  discovery:                   "https://discovery.etcd.io/<token>"

Instance storage

Ephemeral disks and additional EBS volumes attached to instances can be mounted with a .mount unit. Amazon's block storage devices are attached differently depending on the instance type. Here's the Container Linux Config to format and mount the first ephemeral disk, xvdb, on most instance types:

storage:
  filesystems:
    - mount:
        device: /dev/xvdb
        format: ext4
        wipe_filesystem: true

systemd:
  units:
    - name: media-ephemeral.mount
      enable: true
      contents: |
        [Mount]
        What=/dev/xvdb
        Where=/media/ephemeral
        Type=ext4

        [Install]
        RequiredBy=local-fs.target

For more information about mounting storage, Amazon's own documentation is the best source. You can also read about mounting storage on Flatcar Container Linux.

Adding more machines

To add more instances to the cluster, just launch more with the same Container Linux Config, the appropriate security group and the AMI for that region. New instances will join the cluster regardless of region if the security groups are configured correctly.

SSH to your instances

Flatcar Container Linux is set up to be a little more secure than other cloud images. By default, it uses the core user instead of root and doesn't use a password for authentication. You'll need to add an SSH key(s) via the AWS console or add keys/passwords via your Container Linux Config in order to log in.

To connect to an instance after it's created, run:

ssh core@<ip address>

Multiple clusters

If you would like to create multiple clusters you will need to change the "Stack Name". You can find the direct template file on S3.

Manual setup

TL;DR: launch three instances of ami-0f66e97cb7e04c4e0 (amd64) in us-east-1 with a security group that has open port 22, 2379, 2380, 4001, and 7001 and the same "User Data" of each host. SSH uses the core user and you have etcd and Docker to play with.

Creating the security group

You need open port 2379, 2380, 7001 and 4001 between servers in the etcd cluster. Step by step instructions below.

This step is only needed once

First we need to create a security group to allow Flatcar Container Linux instances to communicate with one another.

  1. Go to the security group page in the EC2 console.
  2. Click "Create Security Group"
    • Name: flatcar-testing
    • Description: Flatcar Container Linux instances
    • VPC: No VPC
    • Click: "Yes, Create"
  3. In the details of the security group, click the Inbound tab
  4. First, create a security group rule for SSH
    • Create a new rule: SSH
    • Source: 0.0.0.0/0
    • Click: "Add Rule"
  5. Add two security group rules for etcd communication
    • Create a new rule: Custom TCP rule
    • Port range: 2379
    • Source: type "flatcar-testing" until your security group auto-completes. Should be something like "sg-8d4feabc"
    • Click: "Add Rule"
    • Repeat this process for port range 2380, 4001 and 7001 as well
  6. Click "Apply Rule Changes"

Launching a test cluster

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-0f66e97cb7e04c4e0 (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:3
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-0ceae9e39f72395cb (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:4
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-011655f166912d5ba (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:5
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

Installation from a VMDK image

One of the possible ways of installation is to import the generated VMDK Flatcar image as a snapshot. The image file will be in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2. Make sure you download the signature (it's available in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2.sig) and check it before proceeding.

$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2
$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2.sig
$ gpg --verify flatcar_production_ami_vmdk_image.vmdk.bz2.sig
gpg: assuming signed data in 'flatcar_production_ami_vmdk_image.vmdk.bz2'
gpg: Signature made Thu 15 Mar 2018 10:27:57 AM CET
gpg:                using RSA key A621F1DA96C93C639506832D603443A1D0FC498C
gpg: Good signature from "Flatcar Buildbot (Official Builds) <buildbot@flatcar-linux.org>" [ultimate]

Then, follow the instructions in Importing a Disk as a Snapshot Using VM Import/Export. You'll need to upload the uncompressed vmdk file to S3.

After the snapshot is imported, you can go to "Snapshots" in the EC2 dashboard, and generate an AMI image from it. To make it work, use /dev/sda2 as the "Root device name" and you probably want to select "Hardware-assisted virtualization" as "Virtualization type".

Using Flatcar Container Linux

Now that you have a machine booted it is time to play around. Check out the Flatcar Container Linux Quickstart guide or dig into more specific topics.