Kutanga kwe lvhezheni itsva yekuparadzirwa kweLinux «Bottlerocket 1.3.0» mune izvo zvimwe shanduko uye kugadzirisa kwakaitwa kuhurongwa hwayo MCS yakawedzera zvirambidzo kuSELinux mutemo inosimbiswa, pamwe nemhinduro kumatambudziko akasiyana siyana eSELinux, IPv6 inotsigira kubelet uye pluto uye zvakare hybrid bhutsu rutsigiro rweX86_64.
Kune avo vasingazive bhodhoroketi, iwe unofanirwa kuziva kuti uku kugoverwa kweLinux kunoitwa pamwe nekutora chikamu kweAmazon kumhanyisa midziyo yakasarudzika zvakanaka uye zvakachengeteka. Iyi vhezheni nyowani inoratidzwa nekuve kune yakakura chikamu purogiramu yekuvandudza vhezheni, kunyangwe ichiuyawo nedzimwe shanduko nyowani.
Kugovera Iyo inoratidzirwa nekupa iyo isingaenzanisike system mufananidzo otomatiki uye maatomu akagadziridzwa anosanganisira iyo Linux kernel uye yakashomeka sisitimu nharaunda iyo inosanganisira chete zvinoriumba zvinodiwa kumhanyisa midziyo.
Nezve Bottlerocket
Nzvimbo inoshandisa iyo systemd system maneja, raibhurari yeGlibc, Buildroot, bootloader gupuro, yakaipa network network, iyo nguva yekumhanya mudziyo yekuparadzaniswa kwemidziyo, chikuva Kubernetes, AWS-iam-authenticator, uye mumiriri weAmazon ECS.
Midziyo orchestration maturusi anotumirwa mune yakasarudzika manejimendi mudziyo iyo inogoneswa nekutadza uye inotarisirwa kuburikidza neAWS SSM mumiriri uye API. Mufananidzo wepasi haina command shell, SSH server, uye mitauro inodudzirwa (Semuenzaniso, pasina Python kana Perl) - Maturusi maturusi uye zvishandiso zvekugadzirisa zvinoendeswa kune yakasarudzika sevhisi mudziyo, iyo yakaremara nekutadza.
Musiyano anokosha zvine chekuita nekuparadzirwa kwakafanana seFedora CoreOS, CentOS / Red Hat Atomic Host ndiyo inonyanya kukoshesa kupa zvakanyanya kuchengetedzeka mune mamiriro ekuomesa iyo system kurwisa zvingangoita kutyisidzira, izvo zvinoita kuti zvive zvakaoma kushandisa kusagadzikana muzvinhu zvinoshanda zvehurongwa uye kunowedzera kusarudzika kwemidziyo.
Main nyowani maficha eBottlerocket 1.3.0
Mune iyi vhezheni itsva yekuparadzira, iyo gadzirira kusagadzikana mune docker chishandiso uye mudziyo wenguva yekumhanyisa (CVE-2021-41089, CVE-2021-41091, CVE-2021-41092, CVE-2021-41103) inoenderana nezvisirizvo mvumo yemvumo, ichibvumira vashandisi vasina rombo kusiya dhairekitori repasi uye nekumhanyisa zvirongwa zvekunze.
Pane chikamu cheshanduko dzakaitwa tinogona kuwana izvo IPv6 rutsigiro rwakawedzerwa kubelet uye plutoUye zvakare, iko kugona kwekutanga zvakare mudziyo mushure mekushandura kumisikidza kwayo kwakapihwa, uye rutsigiro rweAmazon EC2 M6i zviitiko zvakawedzerwa kune eni-max-pods.
Uyezve kumira kunze Kurambidzwa kutsva kweMCS pane SELinux mutemo, pamwe nemhinduro yematambudziko akati wandei eSELinux, kuwedzera kune iyo yeiyo x86_64 chikuva, iyo hybrid boot mode inoitwa (ine EFI uye kuenderana kweBIOS) uye muOpen-vm-maturusi inowedzera kutsigira kwefaera yakavakirwa zvishandiso Mu iyo Cilium Toolkit.
Kune rimwe divi, kuenderana neshanduro yeiyo aws-k8s-1.17 kugovera kunoenderana Kubernetes 1.17 kwakabviswa, ndosaka zvichikurudzirwa kushandisa aws-k8s-1.21 musiyano unoenderana neKubernetes 1.21, kuwedzera kune iyo k8s akasiyana achishandisa iyo cgroup runtime.slice uye system.slice marongero.
Yeimwe shanduko inomira mushanduro iyi nyowani:
- Dunhu chiratidzo chinowedzerwa kune aws-iam -yechokwadi mirairo
- Dzorerazve yakagadziridzwa yemidziyo midziyo
- Dzokorora iyo yekumusoro yekudzivirira mudziyo kune v0.5.2
- Eni-max-pods yakagadziridzwa nemhando nyowani dzemhando
- Wakawedzera nyowani cilium mudziyo mafirita kuvhura-vm-maturusi
- Sanganisira / var / log / kdumpen logdog tarballs
- Gadziridza yechitatu-bato mapakeji
- Tsanangudzo yeWave yakawedzerwa yekunonoka kuita
- Wakawedzera 'infrasys' kugadzira TUF infra pane AWS
- Archive zvekare kutama
- Zvinyorwa zvinochinja
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.