Kaddamar da lsabon sigar rarraba Linux «Bottlerocket 1.3.0» wanda aka yi wasu canje -canje da ingantawa ga tsarin wanda MCS ya ƙara ƙuntatawa ga manufofin SELinux, kazalika da mafita ga matsaloli daban -daban na manufofin SELinux, tallafin IPv6 a cikin kubelet da pluto da Har ila yau, tallafin takalmin talla don x86_64.
Ga wadanda basu sani ba Kwalban kwalba, yakamata ku sani cewa wannan rarraba Linux ne wanda aka haɓaka tare da sa hannun Amazon don gudanar da kwantena masu inganci cikin aminci da aminci. Wannan sabon sigar ana sifanta shi da kasancewa mafi girma sigar sabunta fakiti, kodayake ita ma tana zuwa da wasu sabbin canje -canje.
Rarrabawa An sifanta shi ta hanyar samar da hoton tsarin da ba ya rabuwa sabuntawa ta atomatik da atomic wanda ya haɗa da kernel Linux da ƙaramin yanayin tsarin wanda ya haɗa da abubuwan da ake buƙata don gudanar da kwantena.
Game da Bottlerocket
Yanayin yana amfani da mai sarrafa tsarin tsarin, ɗakin karatu na Glibc, Buildroot, bootloader GASKIYA, muguwar cibiyar sadarwa, lokacin gudu kwandon shara don warewar akwati, dandamali Kubernetes, AWS-iam-ingantaccen, kuma wakilin Amazon ECS.
Ana jigilar kayan aikin kayan kwantena cikin kwantena daban na sarrafawa wanda aka kunna ta tsoho kuma ana sarrafawa ta hanyar wakilin AWS SSM da API. Hoton tushe ba shi da harsashin umarni, sabar SSH, da yarukan da aka fassara (Misali, ba tare da Python ko Perl ba) - Kayan aikin mai gudanarwa da kayan aikin cire kuskure ana matsar dasu zuwa wani kwantena na sabis daban, wanda aka dakatar dashi ta asali.
Bambanci key dangane da irin rabon kamar su Fedora CoreOS, CentOS / Red Hat Atomic Host shine tushen farko akan samar da iyakar tsaro a cikin mahallin ƙarfafa tsarin daga barazanar da ke iya haifar da hakan, wanda ke sa ya zama da wahala a yi amfani da raunin rauni a cikin sassan tsarin aiki da haɓaka keɓewar akwati.
Babban sabon fasali na Bottlerocket 1.3.0
A cikin wannan sabon sigar rarraba, da yana gyara don raunin rauni a cikin kayan aikin docker da akwati na lokacin aiki (CVE-2021-41089, CVE-2021-41091, CVE-2021-41092, CVE-2021-41103) masu alaƙa da saitunan izinin da ba daidai ba, suna ba masu amfani da dama dama damar barin littafin tushe da gudanar da shirye-shirye na waje.
A ɓangaren canje -canjen da aka aiwatar za mu iya samun hakan An ƙara tallafin IPv6 zuwa kubelet da plutoBugu da ƙari, an ba da ikon sake kunna kwantena bayan canza saitin sa, kuma an ƙara tallafi ga lokutan Amazon EC2 M6i zuwa eni-max-pods.
Har ila yau tsaya sabon ƙuntatawa na MCS akan manufofin SELinux, kazalika da maganin matsalolin manufofin SELinux da yawa, ban da wannan don dandalin x86_64, ana aiwatar da yanayin taya matasan (tare da dacewa da EFI da BIOS) kuma a cikin Open-vm-kayan aikin yana ƙara tallafi don na'urorin tushen tushen A cikin Cilium Kayan aiki.
A gefe guda, an kawar da jituwa tare da sigar rarraba aws-k8s-1.17 dangane da Kubernetes 1.17, wanda shine dalilin da yasa aka bada shawarar amfani da bambancin aws-k8s-1.21 tare da dacewa da Kubernetes 1.21, ban da bambance -bambancen k8s ta amfani da runtime.slice da system.slice saituna.
Daga sauran canje-canjen da suka yi fice a cikin wannan sabon sigar:
- An ƙara alamar yankin zuwa umurnin aws-iam-authenticator
- Sake kunna kwantena mai masaukin baki
- An sabunta akwati mai sarrafa tsoho zuwa v0.5.2
- An sabunta Eni-max-pods tare da sabbin nau'ikan misalai
- Ƙara sabon matattara kayan aikin cilium zuwa kayan aikin buɗe-vm
- Haɗa / var / log / kdumpen logdog tarballs
- Sabunta fakiti na ɓangare na uku
- An ƙara ma'anar igiyar ruwa don jinkirin aiwatarwa
- An ƙara 'infrasys' don ƙirƙirar TUF infra akan AWS
- Ajiye tsofaffin ƙaura
- Canje -canje na takardu
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.