Available Linux-Distribution Issue Bottlerocket 1.1.0 , developed with the participation of Amazon for an effective and secure launch of isolated containers. The tools and control components of the distribution are written in the language RUST and distributed under licenses Mit and Apache 2.0. The launch of the Bottlerocket in the Amazon ECS and AWS EKS KUBERNETES clusters, as well as creation arbitrary assemblies and Editions allowing the use of various orchestration tools and runtime for containers.
Distribution provides atomically and automatically updated indivisible system image that includes the Linux kernel and the minimum system environment, including only the components needed to start the containers. Systemd System Manager, Glibc Library, Assembly Toolkit are involved.
Buildroot, GRUB bootloader, network configurator wicked , Runtime For isolated Containerd containers, KUBERNETES Container Platform, AWS-IAM-Authenticator Authenticator and Agent Amazon Ecs.
Container orchestration tools are supplied in a separate Container , which is switched on by default and controlled through API and AWS SSM Agent. In the basic image, there is no command shell, SSH server and interpretable languages (for example, no Python or Perl) – Administrator’s tools and debugging tools are made in Separate service container , which is disabled by default.
The key difference from similar distributions, such as Fedora CoreOS, CentOS / Red Hat Atomic Host is the primary orientation for the provision of Maximum Security In the context of enhancing the protection of the system from possible threats, complications of the use of vulnerabilities in OS components and increasing container isolation. Containers are created using standard Linux kernel mechanisms – CGroups, namespaces of name and seccomp. For additional insulation, SELinux is used in the distribution in the “Enforcing” mode.