Published Linux-distribution-distribution Bottlerocket 1.7.0 Developed with the participation of Amazon for the effective and secure launch of isolated containers. The toolkit and control components of the distribution are written in the language RUST and /bottlerocket”> distributed under MIT and Apache 2.0 licenses. Bottlerocket launch is supported in Amazon Ecs, VMware and AWS EKS KUBERNETES clusters, as well as Creation arbitrary Assembly and editors allowing the use of various orchestration tools and runtime for containers.
Distribution provides an atomically and automatically updated indivisible system image that includes the Linux kernel and the minimum system environment, including only the components needed to start containers. Systems System Manager, Glibc Library, Assembly Toolkit are involved.
Buildroot, GRUB loader, network configurator wicked , Runtime For isolated Containerd containers, KUBERNETES container platform, AWS-IAM-Authenticator authenticator and agent Amazon Ecs.
Container orchestration tools are supplied in a separate Container , which is switched on by default and controlled through API and AWS SSM Agent. In the basic image, there is no command shell, SSH server and interpretable languages (for example, no Python or Perl) – administrator and debugging tools are made in Separate service container , which is disabled by default.
The key difference from similar distributions, such as Fedora CoreOS, CentOS / Red Hat Atomic Host is the primary orientation for the provision of Maximum Security In the context of enhancing the protection of the system from possible threats, complications of the use of vulnerabilities in OS components and increasing container isolation. Containers are created using regular Linux kernel mechanisms – Cgroups, namespaces of names and Seccomp. For additional isolation in the distribution, SELinux is used in “Enforcing” mode.