Kutanga kwe iyo nyowani vhezheni ye Bottlerocket 1.2.0, iri kugoverwa kweLinux iyo inogadzirwa nekutora chikamu kweAmazon kumhanyisa midziyo yakasarudzika zvakanaka uye zvakachengeteka. Iyi vhezheni nyowani inoratidzirwa nekuve kune hukuru hukuru uIyo yekuvandudza vhezheni yemapakeji, kunyangwe ichiuyawo nedzimwe shanduko nyowani.
Kugovera Iyo inoratidzirwa nekupa iyo isingaenzanisike system mufananidzo otomatiki uye maatomu akagadziridzwa anosanganisira iyo Linux kernel uye yakashomeka sisitimu nharaunda iyo inosanganisira chete zvinoriumba zvinodiwa kumhanyisa midziyo.
Nezve Bottlerocket
Nzvimbo inoshandisa iyo systemd system maneja, raibhurari yeGlibc, Buildroot, bootloader gupuro, yakaipa network network, iyo nguva yekumhanya mudziyo yekuparadzaniswa kwemidziyo, chikuva Kubernetes, AWS-iam-authenticator, uye mumiriri weAmazon ECS.
Midziyo orchestration maturusi anotumirwa mune yakasarudzika manejimendi mudziyo iyo inogoneswa nekutadza uye inotarisirwa kuburikidza neAWS SSM mumiriri uye API. Mufananidzo wepasi haina command shell, SSH server, uye mitauro inodudzirwa (Semuenzaniso, pasina Python kana Perl) - Maturusi maturusi uye zvishandiso zvekugadzirisa zvinoendeswa kune yakasarudzika sevhisi mudziyo, iyo yakaremara nekutadza.
Musiyano anokosha zvine chekuita nekuparadzirwa kwakafanana seFedora CoreOS, CentOS / Red Hat Atomic Host ndiyo inonyanya kukoshesa kupa zvakanyanya kuchengetedzeka mune mamiriro ekuomesa iyo system kurwisa zvingangoita kutyisidzira, izvo zvinoita kuti zvive zvakaoma kushandisa kusagadzikana muzvinhu zvinoshanda zvehurongwa uye kunowedzera kusarudzika kwemidziyo.
Midziyo inogadzirwa uchishandisa yakajairwa Linux kernel michina: mapoka, nzvimbo dzemazita, uye seccomp. Kuti uwedzere kuzviparadzanisa, kugovera kunoshandisa SELinux mu "application" mode.
Chikamu mudzi wakaiswa kuverenga-chete uye iyo yekumisikidza chikamu / etc yakaiswa pane tmpfs uye yakadzoreredzwa kune yayo yekutanga mamiriro mushure mekutanga zvekare. Kutungamira kuchinjika kwemafaira mu / etc dhairekitori, senge /etc/resolv.conf uye /etc/containerd/config.toml, kuchengetedza zvachose zvigadziriso, shandisa iyo API, kana kufambisa mashandiro kupatsanura midziyo, haina kutsigirwa. Zvekuvandudzwa kwekrisptographic yekuvimbika kwechikamu chemidzi, iyo dm-chokwadi module inoshandiswa uye kana kuyedza kushandura iyo data kukaonekwa padanho rekuvharira mudziyo, sisitimu inovhurwazve.
Mazhinji ezvikamu zvehurongwa zvakanyorwa mumutauro weRust, iyo inopa nzira yekushanda zvakachengetedzeka neyekuyeuka, ichikubvumidza iwe kuti udzivise hushoma hunokonzerwa nekuwana nzvimbo yekurangarira mushure mekusunungurwa, kuregedza kunongedzera null, uye kupfuura miganho ye buffer.
Main nyowani maficha eBottlerocket 1.2.0
Mune iyi vhezheni itsva yeBottlerocket 1.2.0 yakawanda yekuvandudza yakaunzwa yemapakeji ayo ekugadziriswa kweiyo Ngura shanduro uye kutsamira, inomirira-ctr, iyo yakagadziridzwa vhezheni yeiyo default manejimendi mudziyo uye akasiyana echitatu-bato mapakeji.
Padivi rezvinhu zvitsva, zvinomira kubva kuBottlerocket 1.2.0 ndeizvozvo yakawedzera rutsigiro rwechigadziro chemufananidzo wekutema magirazi, pamwe nekugona kwekushandisa zvitupa-zvakasainwa (CA) uye paramende yekugona kumisikidza zita revaenzi.
Iyo topologyManagerPolicy uye topologyManagerScope marongero ekubelet akawedzerwawo, pamwe nerutsigiro rwekumanikidza kwekernel uchishandisa zstd algorithm.
Pane rimwe divi yakapa kugona kubhootisa iyo system mumishini chaiyo VMware mune iyo OVA (Vhura Virtualization Fomati) fomati.
Yeimwe shanduko izvo zvinoratidzika kubva pane iyi nyowani vhezheni:
- Yakagadziridzwa vhezheni yeaws-k8s-1.21 kugoverwa nerutsigiro rweKubernetes 1.21.
- Yakabviswa rutsigiro rweaws-k8s-1.16.
- Kushandiswa kwemakadhi emusango kuisa rp_filter kune maficha kunodzivirirwa
- Kutama kwakatamiswa kubva pa v1.1.5 kuenda ku v1.2.0
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo yeiyi vhezheni itsva, unogona kutarisa ruzivo mune zvinotevera batanidzo. Pamusoro peizvozvo iwe unogona zvakare kubvunza iyo ruzivo kune yako setup uye kubata pano.