Amazon Web Services (AWS) sponsored this post.
Way back in 2014 Redmonk analyst Stephen O’Grady hinted that maybe, just maybe, the container would displace the virtual machine — which had displaced the operating system, or OS, as the “atomic unit of computing.” Fast forward to 2020 and O’Grady’s prophecy has been realized. Or will be, once containers go truly mainstream.
Given how much we talk about containers, it would be convenient to assume that containers adoption is widespread. It’s not. For example, a 2019 Gartner report states that “by 2023, more than 70% of global organizations will be running more than two containerized applications in production, up from less than 20% in 2019.” That’s fast adoption (something The New Stack has covered before), but it leaves most applications currently not containerized.
To help enterprises reap the benefits containers bring, including increased portability and greater efficiency, we need to make it easier for enterprises to adopt and use containers at scale. Fortunately, we’re a bit spoiled for choice right now, what with Kubernetes and other open source innovations that aim to do just that. One new option is Bottlerocket, an open source, Linux-based OS designed for running containers on virtual machines or bare-metal hosts. But if containers are the new atomic unit of computing, why are we still talking about the OS, even one purpose-built for running containers?
Thinking Different About the OS
Just as serverless hasn’t obviated the underlying need for servers, containers still require an OS. Unfortunately, most containers run on a general-purpose OS. Because containers make it easy to scale out, container-based host environments may grow to hundreds or thousands of instances. Such scale introduces problems with OS security, updates, overhead, and more.
Bottlerocket, open sourced by AWS in 2020, isn’t the first container-centric OS, nor is it the only option. Red Hat has CoreOS. Google, too, has its own container-optimized OS built on Chromium. SUSE, for its part, offers MicroOS. In open source, having options is a great thing. It means that customers have choice, but it also means that different projects can learn from each other and improve accordingly.
Of course, multiplying choice isn’t always the best thing for users and their communities. At times it’s best to contribute to an existing project, but not always. Consider Kubernetes. Google could have embraced Docker or (then) Mesosphere, but it had interesting technology honed over years of internal use, and it was a better plan to open source it. This is also the case with Bottlerocket. Yes, there are alternatives, but none incorporates AWS’ experience running containers at an unparalleled scale. It was better for us to start fresh.
So, what’s different about Bottlerocket, and should you consider contributing?
Bottlerock improves uptime by making it possible for you to automatically update thousands of instances hosting your containers with minimal disruptions to your applications. Unlike package-by-package updates in general-purpose operating systems, Bottlerocket applies updates in a single step and can be rolled back if failures occur. Bottlerocket also improves manageability by enabling you to service the OS using orchestrators, such as Kubernetes, and run your applications in containers without introducing the complexity of package managers. Additionally, Bottlerocket improves resource usage, boot times and the overall security profile, by excluding unneeded components to run containers.
Security remains one of the top reasons enterprises cite for being wary about containers. Among other things, Bottlerocket uses a file system that is primarily read-only, and is integrity-checked at boot time via dm-verity. Additionally, if Bottlerocket detects corruption on the underlying block device, the kernel is configured to restart — allowing the system to fail closed. Under the hood, virtually all first-party Bottlerocket components are written in Rust, a safety-first programming language that eliminates some classes of memory safety issues, while also encouraging design patterns that help security.
Bottlerocket is the culmination of what AWS has learned from running containers at scale, giving everyone the ability to do this securely and efficiently with automation. AWS customers have benefited from how we run containers, and we’d like to make sure that others, including those who may never be AWS customers, have access to the same technology. This technology is unique and we felt would really help to advance the state of the art for containers.
A World Awash in Container Innovation
Of course, one of the best things about open source, as mentioned, is that everyone can contribute according to their strengths. Weaveworks, for example, released Footloose in 2019. Footloose creates containers that look and behave just like virtual machines. This solves a completely different problem than Bottlerocket does, making this new world of containers feel more comfortable to those who grew up on VMs. And there’s containerd, a container runtime-created at Docker that allows platform developers to build with containers and not need to worry about OS-specific functionality. Or there’s Argo CD, a continuous delivery tool open sourced by Intuit in 2018 to make it straightforward to automate, audit and understand container-based application deployment and lifecycle management.
These are just a few parts of the booming, open source container ecosystem into which Bottlerocket was born. Each of these projects improves the container experience in different ways. Although we hope you’ll help collaborate on Bottlerocket, perhaps one of these other projects is a better fit for your needs. Regardless, we all benefit when we contribute.
With Bottlerocket, AWS is contributing unique expertise — and code — to help remove enterprise obstacles to running containers at scale. Because Bottlerocket is 100% open source, we hope that others will join us to further improve Bottlerocket (you can get started on GitHub) or to learn from Bottlerocket’s innovations and apply that knowledge to other projects. It’s how open source works.
If you’re not yet ready to contribute, but would like to learn more, please visit the announcement page.
Feature image via Pixabay.
At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: [email protected].
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.