Kuburitswa kwe iyo itsva vhezheni yekuparadzirwa kweLinux "Bottlerocket 1.1.0" zvinova yakagadzirirwa nekutora chikamu kweAmazon kumhanyisa midziyo yakasarudzika zvakanaka uye zvakachengeteka.
Izvo zvikamu zvekuparadzira nekutonga zvakanyorwa mumutauro weRust uye inoparadzirwa pasi peMIT uye Apache 2.0 marezinesi. Iyo inotsigira kumhanya Bottlerocket paAmazon ECS uye AWS EKS Kubernetes masumbu, pamwe neyakajairika vhezheni uye chigamba icho chinogonesa akasiyana mudziyo orchestration uye nguva yekushandisa maturusi.
Kugovera inopa otomatiki uye maatomu akagadziridzwa asingaonekwe system mufananidzo iyo inosanganisira iyo Linux kernel uye yakashomeka sisitimu nharaunda iyo inosanganisira chete izvo zvinhu zvinodiwa kumhanya midziyo.
Nzvimbo inoshandisa systemd system maneja, Glibc raibhurari, Buildroot, GRUB bootloader, nguva yekumhanyisa ye containerd, Kubernetes chikuva midziyo, AWS-iam-authenticator, uye mumiriri weAmazon ECS.
Midziyo orchestration maturusi anotumirwa mune yakasarudzika manejimendi mudziyo iyo inogoneswa nekutadza uye inochengetwa kuburikidza neAWS SSM Mumiriri uye API. Mufananidzo wepasi unoshaya rairo shell, SSH server, uye mitauro inodudzirwa (Semuenzaniso, pasina Python kana Perl) - Maturusi maturusi uye zvishandiso zvekugadzirisa zvinoendeswa kune yakasarudzika sevhisi mudziyo, iyo yakaremara nekutadza.
Musiyano wakakosha kubva kune zvakagoverwa zvakafanana seFedora CoreOS, CentOS / Red Hat Atomic Host ndiyo inonyanya kukoshesa kupa zvakanyanya kuchengetedzeka mune mamiriro ekuomesa iyo system kurwisa zvingangoita kutyisidzira, izvo zvinoita kuti zvive zvakaoma kushandisa kusagadzikana muzvinhu zvinoshanda zvehurongwa uye kunowedzera kusarudzika kwemidziyo. Midziyo inogadzirwa uchishandisa yakajairwa Linux kernel michina: mapoka, nzvimbo dzemazita, uye seccomp.
Iyo midzi yekuparadzanisa yakaiswa kuverenga-chete uye iyo / nezvimwe zvigadziriso zvakaiswa mu tmpfs uye zvadzoreredzwa kune yayo yekutanga mamiriro mushure mekutanga zvekare. Kutungamira kuchinjika kwemafaira mu / etc dhairekitori, senge /etc/resolv.conf uye /etc/containerd/config.toml, kuchengetedza zvachose zvigadziriso, shandisa iyo API, kana kufambisa mashandiro kupatsanura midziyo, haina kutsigirwa.
Main nyowani maficha eBottlerocket 1.1.0
Mune iyi vhezheni itsva yekuparadzira inosanganisirwa muLinux kernel 5.10 kuitira kuti ukwanise kuishandisa mune zvitsva zvakasiyana pamwe chete nemaviri nShanduro nyowani dzeaws-k8s-1.20 uye vmware-k8s-1.20 kugoverwa kunoenderana neKubernetes 1.20.
Mune aya akasiyana, pamwe neshanduro yakagadziridzwa yeaws-ecs-1, mode yekukiya inosanganisirwa iyo yakagadzirirwa "kutendeka" nekusarudzika (inovhara kugona kuita shanduko kune inomhanya kernel kubva kune mushandisi nzvimbo). Tsigiro yeaws-k8s-1.15 yakavakirwa Kubernetes 1.15 yabviswa.
Uyewo, Amazon ECS ikozvino inotsigira awsvpc network modhi, iyo inobvumidza iwe kuti ugozvimiririra yemukati IP kero uye network mapindiro pabasa rega rega.
Wakawedzera masisitimu ekugadzirisa akasiyana Kubernetes masisitimu TLS bootstrap, inosanganisira QPS, miganhu yeboka, uye Kubernetes cloudProvider marongero ekutendera kushandiswa kunze kweAWS.
Mudziyo webhutsu unopihwa neSELinux kudzora kupinda kune mushandisi dhata, pamwe nekukamurwa kweSELinux mutemo mitemo yezvinhu zvakavimbika.
Yeimwe shanduko dzinomira kubva mushanduro nyowani:
- Kubernetes cluster-dns-ip ikozvino inogona kuitwa sarudzo kuti ishandise kushandiswa kunze kweAWS
- Parameter yakachinja kutsigira yakagwinya CIS scan
- Iyo resize2fs yekushandisa yakawedzerwa.
- Yakagadzika muchina ID yakagadzirirwa VMware uye ARM KVM vashanyi
- Yakagoneswa kernel kukiya nzira ye "kuvimbika" yekutarisa musiyano weaws-ecs-1
- Bvisa default sevhisi yekutanga nguva yekuwedzera
- Dzivirira midziyo yebhutsu kubva pakutangazve
- Mutsva udev mitemo yekumisikidza CD-ROM chete kana midhiya iripo
- AWS dunhu rutsigiro ap-kuchamhembe kwakadziva kumabvazuva-3: Osaka
- Imbomira mudziyo URI uine yakajairwa template akasiyana
- Kugona kutora DNS IP kubva pasumbu kana iripo
Chekupedzisira, kana iwe uchifarira kugona kudzidza zvakawanda nezve iyi nyowani yakaburitswa vhezheni kana uchifarira kugovera, unogona kubvunza iyo ruzivo mune inotevera chinongedzo.