Amazon teases Bottlerocket, its take on Linux specifically for running containers
Rust and dual-partition sets for security, efficiency, and automated updates
Amazon Web Services has begun previewing Bottlerocket, a new open-source Linux distribution designed for running containers.
There are two main ideas behind Bottlerocket. The first is to make it easier to automate OS updates by applying them in a single step, rather than package by package. According to AWS, this will also improve uptime "by minimizing update failures and enabling easy update rollbacks."
The second part of the rationale is to strip down the OS so it only contains what is needed to run containers.
The new OS is on GitHub along with more information and build tools. The GitHub repositories include an update operator for Kubernetes (K8s), and AWS primarily has K8s in mind for Bottlerocket usage. The Bottlerocket charter spells out the four tenets behind development – secure, open, small and simple.
Bottlerocket has two identical sets of partitions. When you update Bottlerocket, it is the inactive partition that gets the update. Then the partition table is changed to swap the active and inactive partition sets. If the boot fails, then it automatically rolls back, as controlled by the Signpost utility. The update is image-based, hence the "single step." There is also provision for update waves, where groups of Bottlerocket hosts are scheduled to update at different times. A description of the update process is here. It uses a CNCF (Cloud Native Computing Foundation) project called The Update Framework.
There is no SSH server, normally used to enable secure login, nor is there even a shell in the base Bottlerocket image. This is to improve security. To get a shell, you use a special control container, which is enabled by default, to start an admin container, which is disabled by default. In the admin container you can run a root shell using the command sheltie, though even then the system "will prevent most changes from persisting over a restart".
AWS makes extensive use of Rust for Bottlerocket. "Almost all first-party components are written in Rust. Rust eliminates some classes of memory safety issues, and encourages design patterns that help security," says the description. Third-party components include the Linux kernel, GRUB patched to support the partition swapping, containerd for running containers, K8s, and the AWS IAM authenticator. The system for building Bottlerocket itself uses Rust and Docker.
According to the charter, Bottlerocket is open and "not a Kubernetes distro, nor an Amazon distro". That said, the project is focused on AWS and EKS (Elastic Kubernetes Service), though we are assured that "there is nothing that limits Bottlerocket to EKS or AWS". The suggested path for trying it out is to set up an EKS cluster.
Google also has an container-optimised OS based on the Chromium OS project, used for Chrome OS. There is a reference to "ChromeOS-style GTP priority bits" in the documentation for Signpost so it looks as if there are some similarities. On Microsoft's Azure Kubernetes Service "the VM image for the nodes in your cluster is currently based on Ubuntu Linux or Windows Server 2019", according to the docs, though you can also select your own. It is a less impressive pitch than that of Google and now AWS.
Paying close attention to the OS used for K8s node images makes perfect sense for security, reliability and efficiency. ®