Amazon Web Services has unveiled a preview version of Bottlerocket, a Linux-based open source operating system built to host containers.
Unlike most distributions, Bottlerocket includes only the packages necessary to host containers. It supports all container image formats that conform to the Open Container Initiative (OCI) specification.
For orchestration, this version of Bottlerocket works specifically with the Amazon EKS Managed Kubernetes Service, and the company welcomes others to tweak the code for other orchestration engines.
Bottlerocket does not use Linux’s traditional update mechanisms. Instead of individual packages being updated. Bottlerocket updates are collected and issued as part of a single new image. This approach makes it easier to update a large number of container images rapidly and easily, AWS contends. If a user finds that image is not suitable for some reason, it can be rolled back to the earlier, working version.
This approach mitigates the security and performance challenges many organizations face in keeping their Linux distributions updated. Such distros are built from hundreds of third-party libraries and tools. Over time, security vulnerabilities are found in these packages and must be updated individually by the users or the maintainers of these distributions.
Bottlerocket differs from other Linux distributions in a number of other ways. It uses a file system that is mostly read-only. On each boot, the integrity of the file system is cryptographically checked by dm-verity. In keeping with best practices for cloud security, Bottlerocket images can not be accessed by ssh, for security reasons (though AWS offers a separate admin container that can provide ssh access for troubleshooting).
Nearly, all first-party components are written in Rust, an emerging system language designed to minimize memory safety issues and remote secure design.
AWS saw the need for a simplified container host given what it is seeing with its own considerable customer base with Amazon ECS. Over 80% of all cloud-based containers run on AWS, claimed AWS Chief Evangelist Jeff Barr, in a blog post.
AWS is not alone in building a streamlined Linux distribution for managing containers. SUSE offers MicroOS. There is also the Kubernetes-based Talos, and Red Hat’s Enterprise Linux CoreOS, which combines Red Hat Enterprise Linux with CoreOS Container Linux, which Red Hat acquired in 2018 with its purchase of CoreOS.
The project is one of a number of open source initiatives that AWS has taken to help users more easily adapt to its cloud services. The company has also recently released cdk8s, a library of Kubernetes native apps and abstractions using object-oriented programming
The GitHub repo for Bottlerocket lists 14 contributor for the project, which they’ve been working on at least since March 2019. At least 61 issues have been logged for the distro, and the project team welcomes bug reports, and pull requests. It is licensed under both Apache and MIT licenses.
Potential users can consult the Bottlerocket’s Quickstart guide to set it up on an EKS Cluster.
Amazon Web Services and Red Hat are sponsors of The New Stack.
Feature image via Pixabay.