AWS Bottlerocket

2020

Release of the public version of OS

On August 31, 2020 announced Amazon universal availability of Bottlerocket — the Linux distribution kit open source intended for start of the containerized applications.

The popular Linux distribution kits are intended for start not only containers which allow to start applications in different computing environments, but also a number of other workloads. As they maintain a large number of options of use, a large number of components which are difficult for managing is their part.

When developing Bottlerocket the company refused many conventional components of Linux and saved only those which are necessary for start of workloads on the basis of containers, having created the operating system which, according to her, is simpler in management and safer. Additional security is connected with the fact that the smaller code base of Bottlerocket leaves less than potential weak points for use by hackers.

Submitted to Amazon open OS for start of the containerized applications

Besides, a number of the additional measures helping to be protected from threats was implemented. Developers wrote a considerable part of Bottlerocket in the Rust language which is less subject to buffer overflow exploits, than language C in which the kernel of Linux is mainly written.

Creating Bottlerocket, the company also strengthened its protection against long threats and also against the malware which, getting to a system, hide the presence. Function of a core under the name DM-verity which detects unauthorized change of components is for this purpose used.

For Bottlerocket service system administrators do not need to get access to OS through the account therefore malefactors have less chances to get into a system regularly. Besides, the developer equipped a distribution kit with function of rollback to the previous version if updating will lead to failure.

Загрузить Bottlerocket можно на GitHub. Bottlerocket на GitHub Announcing the General Availability of Bottlerocket, an open source Linux distribution built to run containers^[1][2]

Start of OS

In March, 2020 released Amazon open source operating system for container applications. The new solution under the name Bottlerocket started on cloud infrastructure of Amazon Web Services (AWS) allows to start program containers on "naked iron" (bare metal server) or virtual machines.

By March 11, 2020 the preliminary version of AWS Bottlerocket is released, but it is available for all comers. It represents the cut-down platform consisting only of components without which the organization and start of containers are impossible. OS supports both the images of Docker, and others corresponding to the Open Container Initiative (OCI) format.

Released Amazon open OS for container applications

Program containers are popular among developers because they can be used for placement of applications which can work in different computing environments without making changes in their master code.

But program containers need the operating system for placement, their vast majority them works at OS of general purpose (general-purpose OS) which never intended for this purpose. Such platforms in overwhelming number are updated on packets that complicates process automation, the evangelist of AWS Jeff Barr writes in the blog.

According to him, updates for OS not only slowly are established, but also create security concerns, increasing opportunities for cyber attacks. Besides, updates can be problematic and subject to errors, and discrepancies with packets can gradually break integrity of clusters of containers.

For these reasons of Amazon developed Bottlerocket which it is possible to update in a single step, but not a packet behind a packet. The idea consists in simplifying to users automation of updates of OS using services of the orchestration of containers, such as Amazon of EKS.^[3]

Notes