AWS Bottlerocket Now Generally Available |
Written by Kay Ewbank |
Monday, 07 September 2020 |
Amazon Bottlerocket, an open source Linux-based operating system that is purpose-built to run containers on both virtual machines and bare metal hosts, is now generally available. Bottlerocket is a minimal Linux distribution that is aimed at the same market as Google’s container-optimized operating system. Amazon says Bottlerocket was developed based on how Amazon's customers use Amazon Linux to run containers and from running services such as AWS Fargate. Fargate is a compute engine for Amazon ECS and EKS that allows you to run containers without having to manage servers or clusters. Samartha Chandrashekar, Product Manager at AWS, said: "At every step of the design process, we optimized Bottlerocket for security, speed, and ease of maintenance." Bottlerocket's security focus starts with the fact it includes only the software needed to run containers, so reduces the security attack surface. It uses Security-Enhanced Linux (SELinux) in enforcing mode to increase the isolation between containers and the host operating system, and also makes use of standard Linux kernel technologies to implement isolation between containerized workloads—such as control groups (cgroups), namespaces, and seccomp. Bottlerocket uses Device-mapper’s verity target (dm-verity), a Linux kernel feature that provides integrity checking to help prevent attackers from persisting threats on the OS, such as overwriting core system software. Bottlerocket has been and will continue to be developed as an open source project on GitHub with a public roadmap. Amazon says Bottlerocket comes with a single-step update mechanism. Most containers are run on general-purpose operating systems where updates are applied on a package-by-package basis, making it difficult to automate updating. Bottlerocket has been designed so updates can be applied and rolled back in a single step so they're easy to automate, and the update process is based on an open-source project hosted by the Cloud Native Computing Foundation. Because Bottlerocket is an open source project, users will be able to customize it with integration with the custom orchestrators, kernels, or container runtimes used to run their infrastructure. All the design documents, code, build tools, tests, and documentation for Bottlerocket will be hosted on GitHub. Bottlerocket includes standard open source components, such as the Linux kernel and container runtime. Bottlerocket is available as an Amazon Machine Image for EC2 as a preview, and is generally available with Amazon EKS.
More InformationRelated ArticlesKubernetes for Full-Stack Developers Google Promotes ChromeOS at Google I/O Docker Comes To Pi - It's Official
To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
Comments
or email your comment to: comments@i-programmer.info |
Last Updated ( Monday, 07 September 2020 ) |