Running Edera (no Kubernetes required)

This guide explains how to run Edera without using Kubernetes. You’ll learn how to start the Edera daemon, launch zones, deploy container workloads, and clean up resources using the protect CLI.

Prerequisites

  • An AWS account
  • Access to the Edera AMI
  • Familiarity with Linux command-line tools
ℹ️
This can be ran without AWS.
To gain access to Edera, reach out to the customer engineering team at support@edera.dev to discuss your requirements.

Launch an instance

Create a new EC2 instance using the Edera AMI. You can use the AWS Console or Terraform. Important: Edera AMIs are only available in us-west-2.

# Example Terraform configuration
resource "aws_instance" "edera" {
  ami           = "ami-xxxxxxxxxxxxxxx"
  instance_type = "t3.medium"
  tags = {
    Name = "edera-protect"
  }
}

Start the Edera daemon

After launching your instance, SSH in and start the Edera daemon.

sudo systemctl start protect-daemon

Verify the services are running:

ps auxww | grep protect

You should see:

/usr/sbin/protect-orchestrator
/usr/sbin/protect-daemon
/usr/sbin/protect-storage
/usr/sbin/protect-network
/usr/sbin/protect-cri

Launch a zone

Use the protect zone launch command to start a new zone.

protect zone launch --name zone-test

To verify the zone status:

protect zone list

The output should show that the zone is in a ready state.

Optional: Enable kernel verbose logging

To see detailed logs from the zone’s kernel:

protect zone launch --name zone-test --kernel-verbose
protect zone logs zone-test

You’ll see boot output like:

[    0.000000] Linux version 6.15.1 ...
[    0.000000] Hypervisor detected: Xen PV
...

To launch with a specific kernel version:

protect zone launch \
  --name zone-test \
  --kernel-verbose \
  --kernel ghcr.io/edera-dev/zone-kernel:latest

Launch a workload

Once your zone is up, you can launch workloads using standard container images:

protect workload launch \
  --zone zone-test \
  --name nginx-test \
  docker.io/library/nginx:alpine

Protect will:

  • Pull the image from Docker Hub
  • Cache it locally
  • Launch it inside the zone

Check which images are cached:

protect image list

Verify the workload is running:

protect workload list

Optional: Run an interactive shell

For testing or debugging, launch a container with an interactive shell.

protect workload launch \
  --zone zone-test \
  --name nginx-test \
  -t -a \
  docker.io/library/nginx:alpine sh

Inside the container, you can inspect system info:

ip a
cat /proc/1/cgroup
hostname

To detach from a running workload without stopping the workload, press ctrl + ].

Optional: Mount a volume in the workload

To access data inside the workload, mount a volume from your local machine into the workload.

protect workload launch \
  --zone zone-test \
  --name nginx-test \
  -m local/path/to/volume:remote/path/to/volume \
  -at \
  docker.io/library/nginx:alpine sh

Inside the container, you can now access the volume:

cat remote/path/to/volume/file.sh

Clean up resources

To remove a workload:

protect workload destroy nginx-test
protect workload list

To delete the zone:

protect zone destroy zone-test
protect zone list

Additional resources

Last updated on
Customize kernel parameters during installBuilding your own Edera zone kernel