TerraformPilot

DevOps

Terraform for Flatcar Container Linux on AWS and Azure

Provision Flatcar Container Linux nodes with Terraform: Ignition config, immutable updates, and Kubernetes worker pools on AWS, Azure, and bare metal.

LLuca Berton1 min read

Flatcar Container Linux is the maintained successor to CoreOS Container Linux: minimal, immutable, atomically updated, configured via Ignition. Strong fit for self-managed Kubernetes and edge workloads. Terraform provisions instances and renders the Ignition config from CT (Container Linux Config Transpiler) templates.

Quick Pattern (TL;DR) — AWS

# 
data "aws_ami" "flatcar" {
  most_recent = true
  owners      = ["075585003325"] # Kinvolk
  filter {
    name   = "name"
    values = ["Flatcar-stable-*-hvm"]
  }
}
 
resource "aws_instance" "flatcar" {
  ami           = data.aws_ami.flatcar.id
  instance_type = "t3.medium"
  user_data     = data.ct_config.worker.rendered
 
  tags = { Name = "flatcar-worker" }
}

Ignition Config

# 
data "ct_config" "worker" {
  content      = file("${path.module}/worker.yaml")
  strict       = true
}

worker.yaml:

variant: flatcar
version: 1.1.0
storage:
  files:
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: flatcar-worker-1
systemd:
  units:
    - name: docker.service
      enabled: true

Update Strategy

# 
storage:
  files:
    - path: /etc/flatcar/update.conf
      mode: 0644
      contents:
        inline: |
          GROUP=stable
          REBOOT_STRATEGY=etcd-lock

etcd-lock coordinates rolling reboots across the cluster.

Best Practices

#
  • Use ct_config provider (poseidon/ct) to generate Ignition — never hand-write JSON.
  • Pin the channel (stable, beta, alpha) per environment.
  • Coordinate reboots with etcd-lock or Kured — Flatcar reboots automatically by default.
  • No package manager — bake config as systemd units, not apt/dnf.
#
#Terraform#Flatcar#Container Linux#Ignition#Kubernetes

Share this article

Related articles