Sakin na sabon sigar rarraba Linux "Kwalba ta 1.1.0" wanene ci gaba tare da haɗin Amazon don gudanar da kwantena da aka keɓe yadda yakamata kuma cikin aminci.
Rubuce-rubucen rarrabawa da sarrafawa an rubuta su cikin harshen Tsatsa kuma ana rarraba su a ƙarƙashin lasisin MIT da Apache 2.0. Yana goyan bayan gudana Bottlerocket akan Amazon ECS da AWS EKS Kubernetes gungu, da sigar al'ada da patching wanda ke ba da damar ƙirƙirar kayan kwalliya daban-daban da kayan aikin gudu.
Rarrabawa yana ba da hoton tsarin da ba zai iya raba kansa ta atomatik ba wanda ya hada da kernel na Linux da kuma tsarin yanayin ƙarancin tsari wanda ya haɗa kawai da abubuwanda ake buƙata don gudanar da kwantena.
Yanayin yana amfani da manajan tsarin tsarin, ɗakin karatu na Glibc, Buildroot, GRUB bootloader, lokacin gudu don containerd, Kubernetes dandamali na kwantena, AWS-iam-authenticator, da Amazon ECS wakili.
Ana jigilar kayan aikin kayan kwantena a cikin wani akwatin sarrafawa daban wanda aka kunna ta asali kuma ana sarrafa shi ta hanyar AWS SSM Agent da API. Hoton tushe bashi da kwandon umarni, uwar garken SSH, da yarukan fassara (Misali, ba tare da Python ko Perl ba) - Kayan aikin mai gudanarwa da kayan aikin cire kuskure ana matsar dasu zuwa wani kwantena na sabis daban, wanda aka dakatar dashi ta asali.
Babban banbanci daga irin wannan rarrabawar kamar su Fedora CoreOS, CentOS / Red Hat Atomic Host shine tushen farko akan samar da iyakar tsaro a cikin yanayin daɗaɗa tsarin game da barazanar, wanda ke ba shi da wahala a yi amfani da rauni a cikin sassan tsarin aiki kuma yana ƙaruwa da keɓewar kwantena. Ana ƙirƙirar kwantena ta amfani da daidaitattun hanyoyin kwayar Linux: cgroups, takaddun suna, da seccomp.
An kafa tushen bangare kawai-kawai kuma an saka bangaren / etc a sanya su cikin tmpfs kuma an maidasu yadda yake bayan an sake yi. Gyara fayiloli kai tsaye a cikin adireshin / sauransu, kamar su /etc/resolv.conf da /etc/containerd/config.toml, don adana saituna har abada, yi amfani da API, ko motsa ayyuka don rarrabe kwantena, ba a tallafawa.
Babban sabon fasali na Bottlerocket 1.1.0
A cikin wannan sabon sigar na rarrabawa an haɗa shi a cikin kernel na Linux 5.10 don iya amfani da shi a cikin sabon bambance-bambancen karatu tare da nSabbin nau'ikan rarraba aws-k8s-1.20 da vmware-k8s-1.20 suna dacewa da Kubernetes 1.20.
A cikin waɗannan bambance-bambancen karatu, da kuma cikin sabuntawar aws-ecs-1, yanayin kulle ya ƙunsa wanda aka saita zuwa "mutunci" ta tsohuwa (toshe damar yin canje-canje ga kwaya mai gudana daga sararin mai amfani). Cire tallafi don aws-k8s-1.15 dangane da Kubernetes 1.15.
Har ila yau, Amazon ECS yanzu yana tallafawa yanayin hanyar awsvpc, wanda ke ba ku damar sanya adiresoshin IP masu zaman kansu da hanyoyin sadarwar kowane ɗawainiya.
Configara jeri don gudanar da daidaitawar Kubernetes TLS bootstrap, gami da QPS, iyakance rukuni, da Kubernetes girgijeMa'aikatar girgije don ba da damar amfani da shi a wajen AWS.
A cikin akwati na boot aka samarda shi tare da SELinux don ƙuntata damar yin amfani da bayanan mai amfani, da kuma rarrabuwar kai ga dokokin manufofin SELinux don batutuwan da aka amince da su.
Daga sauran canje-canjen da suka fice daga sabon sigar:
- Kubernetes cluster-dns-ip yanzu ana iya yin zaɓi don tallafawa amfani da shi a wajen AWS
- Sigogi sun canza don tallafawa lafiyar CIS mai kyau
- An ƙara girman mai amfani
- ID ɗin da aka kafa na Injin VMware da baƙon ARM KVM
- Yanayin kullewar kwaya na "mutunci" don bambancin samfoti na aws-ecs-1
- Cire tsoffin lokacin farawa sabis
- Hana kwantena taya daga sake farawa
- Sabbin dokokin udev don hawa CD-ROM ne kawai lokacin da kafofin watsa labarai suke
- Yankin AWS na tallafawa ap-arewa maso gabas-3: Osaka
- Dakatar da akwatin URI tare da daidaitattun masu samfuri
- Ikon samun DNS IP daga gungu idan akwai
Aƙarshe, idan kuna sha'awar iya koyo game da wannan sabon sigar da aka fitar ko kuna sha'awar rarrabawa, zaku iya tuntuɓar cikakkun bayanai a cikin mahaɗin mai zuwa.