Bottlerocket – Open Source OS for Container Hosting
It is safe to say that our industry has decided that containers are now the chosen way to package and scale applications. Our customers are making great use of Amazon Elastic Container Service (Amazon ECS) and Amazon EKS, with over 80% of all cloud-based containers running on AWS.
Container-based environments lend themselves to easy scale-out, and customers can run host environments that encompass hundreds or thousands of instances. At this scale, several challenges arise with the host operating system. For example:
Security – Installing extra packages simply to satisfy dependencies can increase the attack surface.
Updates – Traditional package-based update systems and mechanisms are complex and error prone, and can have issues with dependencies.
Overhead – Extra, unnecessary packages consume disk space and compute cycles, and also increase startup time.
Drift – Inconsistent packages and configurations can damage the integrity of a cluster over time.
Today I would like to tell you about Bottlerocket, a new Linux-based open source operating system that we designed and optimized specifically for use as a container host.
Bottlerocket reflects much of what we have learned over the years. It includes only the packages that are needed to make it a great container host, and integrates with existing container orchestrators. It supports Docker image and images that conform to the Open Container Initiative (OCI) image format.
Instead of a package update system, Bottlerocket uses a simple, image-based model that allows for a rapid & complete rollback if necessary. This removes opportunities for conflicts and breakage, and makes it easier for you to apply fleet-wide updates with confidence using orchestrators such as EKS.
In addition to the minimal package set, Bottlerocket uses a file system that is primarily read-only, and that is integrity-checked at boot time via
dm-verity. SSH access is discouraged, and is available only as part of a separate admin container that you can enable on an as-needed basis and then use for troubleshooting purposes.
Try it Out
We’re launching a public preview of Bottlerocket today. You can follow the steps in QUICKSTART to set up an EKS cluster, and you can take a look at the GitHub repo. Try it out, report bugs, send pull requests, and let us know what you think!