Ukwethulwa kwe- inguqulo entsha ye Ibhodlela le-1.2.0, okuwukusatshalaliswa kweLinux okwakhiwa ngokubamba iqhaza kweAmazon ukusebenzisa iziqukathi ezizimele kahle nangokuphepha. Le nguqulo entsha ibonakaliswa ngokuba sezingeni elikhulu uUhlobo lokuvuselelwa lwamaphakeji, yize luza nezinguquko ezithile ezintsha.
Ukusatshalaliswa ibonakala ngokuhlinzeka ngesithombe sohlelo esingahlukaniseki kuvuselelwa ngokuzenzakalela nange-athomu okubandakanya i-Linux kernel nemvelo yesistimu encane efaka kuphela izinto ezidingekayo zokusebenzisa iziqukathi.
Mayelana neBottlerocket
Imvelo isebenzisa imenenja yohlelo oluhleliwe, umtapo wezincwadi waseGlibc, uBuildroot, ukulanda I-GRUB, isihleli senethiwekhi esibi, isikhathi sokusebenza okuhlanganisiwe ngokuhlukaniswa kwesitsha, ipulatifomu Kubernetes, I-AWS-iam-authenticator, kanye nomenzeli we-Amazon ECS.
Amathuluzi we-Container orchestration athunyelwa esitsheni sokuphatha esihlukile esinikwe amandla ngokuzenzakalela futhi siphathwe nge-ejenti ye-AWS SSM ne-API. Isithombe sesisekelo ayinayo igobolondo lomyalo, iseva ye-SSH, nezilimi ezihumushiwe (ngokwesibonelo, ngaphandle kwePython noma iPerl): Amathuluzi okuphatha namathuluzi wokulungisa amaphutha ahanjiswa esitsheni sesevisi esihlukile, esikhubazeke ngokuzenzakalela.
Umehluko ukhiye maqondana nokwabiwa okufanayo njengeFedora CoreOS, CentOS / Red Hat Atomic Host ukugxila okuyinhloko ekunikezeni ukuphepha okuphezulu esimeni sokwenza lukhuni uhlelo lubhekane nezinsongo ezingaba khona, okwenza kube nzima ukusebenzisa ubungozi ezingxenyeni zohlelo olusebenzayo futhi kwandise ukuhlukaniswa kweziqukathi.
Iziqukathi zenziwa kusetshenziswa izindlela ezijwayelekile ze-Linux kernel: amaqoqo, izindawo zamagama, kanye ne-seccomp. Ngokuhlukaniswa okungeziwe, ukusabalalisa kusebenzisa i-SELinux kumodi "yohlelo".
Ukuhlukanisa impande ifakwa kuphela ukufundwa nokwahlukaniswa kokumiswa / njll ibekwe kuma-tmpfs futhi yabuyiselwa esimweni sayo sokuqala ngemuva kokuqalisa kabusha. Ukuguqulwa okuqondile kwamafayela kumkhombandlela we / njll, onjenge /etc/resolv.conf kanye /etc/containerd/config.toml, ukusindisa unomphela ukumiswa, ukusebenzisa i-API, noma ukuhambisa ukusebenza ukuhlukanisa iziqukathi akusekelwa. Ukuqinisekiswa kwe-cryptographic kobuqotho besigaba sezimpande, imodyuli ye-dm-verity iyasetshenziswa futhi uma kutholakala umzamo wokuguqula idatha ezingeni ledivayisi yokuvimba, uhlelo luqala kabusha.
Iningi lezinto zohlelo zibhalwe ngolimi lweRust, enikeza izindlela zokusebenza ngokuphepha ngememori, ikuvumela ukuthi uvikele ubungozi obutholakala ngokungena endaweni yememori ngemuva kokuthi ikhululiwe, isusa izikhombisi ezingekho emthethweni, futhi yeqa imikhawulo yebhafa.
Izici ezintsha eziyinhloko zeBottlerocket 1.2.0
Kule nguqulo entsha yeBottlerocket 1.2.0 kuthunyelwe izibuyekezo eziningi yamaphakeji lapho ukuvuselelwa kwefayela le- Izinhlobo zokugqwala kanye nokuncika, i-host-ctr, inguqulo ebuyekeziwe yesitsha sokuphatha esizenzakalelayo namaphakeji ahlukahlukene avela eceleni.
Ohlangothini lwezinto ezintsha, kugqama kusuka ku-Bottlerocket 1.2.0 yilokho ungeze ukusekelwa kwezibuko zokufaka izithombe zesitsha, kanye nekhono lokusebenzisa izitifiketi ezizisayinele (CA) kanye nepharamitha ukuze bakwazi ukumisa igama lomsingathi.
Amasethingi we-topologyManagerPolicy ne-topologyManagerScope we-kubelet nawo afakiwe, kanye nokuxhaswa kokucindezelwa kwe-kernel kusetshenziswa i-zstd algorithm.
Ngakolunye uhlangothi inikeze amandla okuqalisa uhlelo lube yimishini ebonakalayo I-VMware ngefomethi ye-OVA (Open Virtualization Format).
Kwezinye izinguquko okuvelele kule nguqulo entsha:
- Uhlobo olusha lwe-aws-k8s-1.21 ukusatshalaliswa ngokusekelwa kweKubernetes 1.21.
- Kususwe ukwesekwa kwe-aws-k8s-1.16.
- Ukusetshenziswa kwamakhadi wasendle ukufaka i-rp_filter ezindaweni zokuxhumana kuyagwenywa
- Ukufuduka kususwe ku-v1.1.5 kuya ku-v1.2.0
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho yale nguqulo entsha, ungabheka imininingwane kulokhu okulandelayo isixhumanisi. Ngaphezu kwalokho ungabuye uthintane nolwazi lwe- ukusetha nokuphatha lapha.