Ukwethulwa kwe-linguqulo entsha yokusatshalaliswa kweLinux «Bottlerocket 1.3.0» lapho ezinye izinguquko kanye nentuthuko zenziwe ohlelweni lwazo I-MCS ingeze imikhawulo kunqubomgomo ye-SELinux iyagqanyiswa, kanye nesisombululo sezinkinga eziningana zenqubomgomo ye-SELinux, ukusekelwa kwe-IPv6 ku-kubelet naku-pluto naku futhi ukwesekwa kwe-hybrid boot kwe-x86_64.
Kulabo abangazi I-Bottlerocket, kufanele wazi ukuthi lokhu kungukusatshalaliswa kweLinux okwakhiwa ngokubamba iqhaza kweAmazon ukusebenzisa iziqukathi ezizimele kahle nangokuphepha. Le nguqulo entsha ibonakaliswa ngokuba sezingeni elikhulu inguqulo yokuvuselelwa kwephakeji, noma kunjalo iza nezinguquko ezithile ezintsha.
Ukusatshalaliswa ibonakala ngokuhlinzeka ngesithombe sohlelo esingahlukaniseki kuvuselelwa ngokuzenzakalela nange-athomu okubandakanya i-Linux kernel nemvelo yesistimu encane efaka kuphela izinto ezidingekayo zokusebenzisa iziqukathi.
Mayelana neBottlerocket
Imvelo isebenzisa imenenja yohlelo oluhleliwe, umtapo wezincwadi waseGlibc, uBuildroot, ukulanda I-GRUB, isihleli senethiwekhi esibi, isikhathi sokusebenza okuhlanganisiwe ngokuhlukaniswa kwesitsha, ipulatifomu Kubernetes, I-AWS-iam-authenticator, kanye nomenzeli we-Amazon ECS.
Amathuluzi we-Container orchestration athunyelwa esitsheni sokuphatha esihlukile esinikwe amandla ngokuzenzakalela futhi siphathwe nge-ejenti ye-AWS SSM ne-API. Isithombe sesisekelo ayinayo igobolondo lomyalo, iseva ye-SSH, nezilimi ezihumushiwe (ngokwesibonelo, ngaphandle kwePython noma iPerl): Amathuluzi okuphatha namathuluzi wokulungisa amaphutha ahanjiswa esitsheni sesevisi esihlukile, esikhubazeke ngokuzenzakalela.
Umehluko ukhiye maqondana nokwabiwa okufanayo njengeFedora CoreOS, CentOS / Red Hat Atomic Host ukugxila okuyinhloko ekunikezeni ukuphepha okuphezulu esimeni sokwenza lukhuni uhlelo lubhekane nezinsongo ezingaba khona, okwenza kube nzima ukusebenzisa ubungozi ezingxenyeni zohlelo olusebenzayo futhi kwandise ukuhlukaniswa kweziqukathi.
Izici ezintsha eziyinhloko zeBottlerocket 1.3.0
Kule nguqulo entsha yokusabalalisa, i- lungiselela ukuba sengozini ku-docker toolkit nesiqukathi sesikhathi sokusebenza (i-CVE-2021-41089, i-CVE-2021-41091, i-CVE-2021-41092, i-CVE-2021-41103) esihlobene nezilungiselelo zemvume ezingalungile, okuvumela abasebenzisi abangenawo amalungelo okushiya isiqondisi esisezingeni bese benza izinhlelo zangaphandle.
Engxenyeni yezinguquko ezisetshenzisiwe singakuthola lokho Ukuxhaswa kwe-IPv6 kungezwe kubelet naku-plutoNgaphezu kwalokho, amandla wokuqalisa kabusha isitsha ngemuva kokushintsha ukumiswa kwawo anikezwa, futhi ukuxhaswa kwezimo ze-Amazon EC2 M6i kungezwe kuma-eni-max-pods.
Futhi ivelele Imikhawulo emisha ye-MCS kunqubomgomo ye-SELinux, kanye nesixazululo sezinkinga eziningana zenqubomgomo ye-SELinux, ngaphezu kwalokhu kwepulatifomu ye-x86_64, imodi ye-hybrid boot iyasetshenziswa (ngokuhambisana kwe-EFI ne-BIOS) nakuma-Open-vm-tools iyanezela ukusekelwa kwamadivayisi asuselwa kusihlungi Ku-Cilium Ikhithi yamathuluzi.
Ngakolunye uhlangothi, ukuhambisana nenguqulo yokusatshalaliswa kwe-aws-k8s-1.17 ngokususelwa kuKubernetes 1.17 kwasuswa, yingakho kunconywa ukusebenzisa okuhlukile kwe-aws-k8s-1.21 ngokuhambisana neKubernetes 1.21, ngaphezu kwe k8s kusetshenziswa izilungiselelo ze-cgroup runtime.slice kanye ne-system.slice.
Kwezinye izinguquko ezigqamile kule nguqulo entsha:
- Inkomba yesifunda ingezwe kumyalo we-aws-iam-authenticator
- Qalisa kabusha iziqukathi zokubamba eziguquliwe
- Ngivuselele isitsha sokulawula esizenzakalelayo saba yi-v0.5.2
- Ama-Eni-max-pods abuyekezwa ngezinhlobo ezintsha zesibonelo
- Kungezwe izihlungi zedivayisi entsha ye-cilium kuma-open-vm-tools
- Faka i- / var / log / kdumpen logdog tarballs
- Buyekeza amaphakheji wesithathu
- Incazelo ye-Wave ingezwe ekusetshenzisweni okuhamba kancane
- Kungezwe 'ama-infrasys' ukudala i-TUF infra ku-AWS
- Faka kungobo yomlando ukufuduka okudala
- Izinguquko zemibhalo
Okokugcina uma unesifiso sokwazi okwengeziwe ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.