Kaddamar da sabon salo na Kwallan Kwalba 1.2.0, wanda shine rarraba Linux wanda aka haɓaka tare da haɗin gwiwar Amazon don gudanar da kwantena masu keɓewa cikin inganci da aminci. Wannan sabon sigar an sifanta ta da kasancewa zuwa mafi girman uSabunta fakitin fakitoci, kodayake shi ma ya zo da wasu sabbin canje -canje.
Rarrabawa An sifanta shi ta hanyar samar da hoton tsarin da ba ya rabuwa sabuntawa ta atomatik da atomic wanda ya haɗa da kernel Linux da ƙaramin yanayin tsarin wanda ya haɗa da abubuwan da ake buƙata don gudanar da kwantena.
Game da Bottlerocket
Yanayin yana amfani da mai sarrafa tsarin tsarin, ɗakin karatu na Glibc, Buildroot, bootloader GASKIYA, muguwar cibiyar sadarwa, lokacin gudu kwandon shara don warewar akwati, dandamali Kubernetes, AWS-iam-ingantaccen, kuma wakilin Amazon ECS.
Ana jigilar kayan aikin kayan kwantena cikin kwantena daban na sarrafawa wanda aka kunna ta tsoho kuma ana sarrafawa ta hanyar wakilin AWS SSM da API. Hoton tushe ba shi da harsashin umarni, sabar SSH, da yarukan da aka fassara (Misali, ba tare da Python ko Perl ba) - Kayan aikin mai gudanarwa da kayan aikin cire kuskure ana matsar dasu zuwa wani kwantena na sabis daban, wanda aka dakatar dashi ta asali.
Bambanci key dangane da irin rabon kamar su Fedora CoreOS, CentOS / Red Hat Atomic Host shine tushen farko akan samar da iyakar tsaro a cikin mahallin ƙarfafa tsarin daga barazanar da ke iya haifar da hakan, wanda ke sa ya zama da wahala a yi amfani da raunin rauni a cikin sassan tsarin aiki da haɓaka keɓewar akwati.
An ƙirƙiri kwantena ta amfani da daidaitattun hanyoyin kernel na Linux: ƙungiyoyi, wuraren suna, da seccomp. Don ƙarin warewa, rarraba yana amfani da SELinux a cikin yanayin “aikace -aikace”.
Raba tushen an ɗora karatu-kawai da sashin daidaitawa / da sauransu an saka shi a kan tmpfs kuma an mayar da shi zuwa asalin sa bayan sake yi. Canjin fayiloli kai tsaye a cikin littafin /sauransu, kamar /etc/resolv.conf da /etc/containerd/config.toml, don adana saiti na dindindin, amfani da API, ko matsar da ayyuka zuwa rarrabe kwantena, ba a tallafawa. Don tabbatar da bayanan sirri na amincin sashin tushe, ana amfani da dm-verity module kuma idan an gano yunƙurin canza bayanan a matakin na'urar toshe, an sake saita tsarin.
Mafi yawan abubuwan tsarin an rubuta su ne a cikin harshen Tsatsa, wanda ke ba da hanyar yin aiki lafiya tare da ƙwaƙwalwar ajiya, yana ba ku damar guje wa raunin da ya faru ta hanyar isa ga yankin ƙwaƙwalwar ajiya bayan an 'yantar da shi, rarrabe alamomin banza, da wuce iyaka.
Babban sabon fasali na Bottlerocket 1.2.0
A cikin wannan sabon sigar Bottlerocket 1.2.0 an gabatar da abubuwa da yawa na fakiti wanda sabuntawa na Sassan tsatsa da dogaro, host-ctr, sabuwar sigar akwati mai sarrafa tsoho da fakiti daban-daban na ɓangare na uku.
A ɓangaren sabbin abubuwan, ya bambanta daga Bottlerocket 1.2.0 shine ƙara tallafi don madubin rajistar hoton akwati, kazalika da ikon amfani takaddun takaddun hannu (CA) da siginar don samun damar saita sunan mai masaukin.
Hakanan an ƙara saitin topologyManagerPolicy da topologyManagerScope don kubelet, da tallafi don matsi na kernel ta amfani da zstd algorithm.
A gefe guda ya ba da ikon ɗora tsarin a cikin injinan kama -da -wane VMware a cikin tsarin OVA (Buɗe Tsarin Kirki).
Na sauran canje-canje wanda ya fice daga wannan sabon sigar:
- Sabunta sigar rarraba aws-k8s-1.21 tare da tallafi don Kubernetes 1.21.
- Cire tallafi don aws-k8s-1.16.
- An guji amfani da katunan daji don amfani da rp_filter ga musaya
- Hijira ta koma daga v1.1.5 zuwa v1.2.0
Finalmente idan kuna sha'awar ƙarin sani game da shi na wannan sabon sigar, zaku iya bincika cikakkun bayanai a cikin mai zuwa mahada. Har ila yau, zaku iya tuntuɓar bayanan ku saitin da sarrafawa anan.