Kev tso tawm ntawm Linux faib Bottlerocket 1.2.0 yog muaj, tsim nrog kev koom tes ntawm Amazon rau kev ua haujlwm zoo thiab ruaj ntseg ntawm cov thawv cais. Cov cuab yeej faib khoom thiab cov khoom siv tswj hwm tau sau rau hauv Rust thiab faib raws li MIT thiab Apache 2.0 cov ntawv tso cai. Nws txhawb kev khiav Bottlerocket hauv Amazon ECS, VMware thiab AWS EKS Kubernetes pawg, nrog rau kev tsim cov kev cai tsim thiab cov ntawv uas tso cai rau siv ntau yam orchestration thiab runtime cov cuab yeej rau ntim.
Qhov kev faib tawm muab ib qho atomically thiab tau hloov kho qhov tsis pom qhov system duab uas suav nrog Linux ntsiav thiab ib puag ncig tsawg, suav nrog tsuas yog cov khoom tsim nyog los khiav ntim. Ib puag ncig suav nrog tus thawj tswj hwm systemd, lub tsev qiv ntawv Glibc, Buildroot tsim cov cuab yeej, GRUB khau raj loader, lub network tsis zoo configurator, lub sijhawm ua haujlwm rau cov thawv cais, Kubernetes thawv orchestration platform, aws-iam-authenticator, thiab Amazon ECS tus neeg sawv cev.
Container orchestration tools tuaj nyob rau hauv ib lub thawv tswj cais uas tau qhib los ntawm lub neej ntawd thiab tswj hwm los ntawm API thiab AWS SSM Agent. Cov duab hauv paus tsis muaj lub plhaub hais kom ua, SSH neeg rau zaub mov thiab cov lus txhais (piv txwv li, tsis muaj Python lossis Perl) - cov cuab yeej tswj hwm thiab cov cuab yeej debugging tau muab tso rau hauv ib qho kev pabcuam cais, uas yog neeg xiam oob qhab los ntawm lub neej ntawd.
Qhov sib txawv tseem ceeb los ntawm cov kev faib tawm zoo sib xws xws li Fedora CoreOS, CentOS / Red Hat Atomic Host yog lub hom phiaj tseem ceeb ntawm kev muab kev ruaj ntseg siab tshaj plaws hauv cov ntsiab lus ntawm kev ntxiv dag zog rau kev tiv thaiv los ntawm kev hem thawj, ua rau nws nyuaj rau kev siv qhov tsis zoo hauv OS Cheebtsam thiab nce ntim cais. . Cov thawv ntim tau tsim los siv cov txheej txheem Linux kernel mechanisms - cgroups, namespaces thiab seccomp. Rau kev sib cais ntxiv, kev faib khoom siv SELinux hauv "kev tswj hwm" hom.
Lub hauv paus muab faib yog mounted nyeem nkaus xwb, thiab /etc chaw muab faib yog mounted nyob rau hauv tmpfs thiab rov qab mus rau nws thawj lub xeev tom qab ib tug restart. Kev hloov pauv ncaj qha ntawm cov ntaub ntawv hauv /etc directory, xws li /etc/resolv.conf thiab /etc/containerd/config.toml, tsis txaus siab - txhawm rau txuag chaw mus tas li, koj yuav tsum siv API lossis txav cov haujlwm mus rau hauv cov thawv cais. Lub dm-verity module yog siv los cryptographicly txheeb xyuas qhov ncaj ncees ntawm cov hauv paus muab faib, thiab yog tias ib qho kev sim hloov cov ntaub ntawv ntawm qib thaiv cov cuab yeej raug kuaj pom, lub kaw lus rov pib dua.
Feem ntau cov khoom siv hauv lub cev tau sau rau hauv Rust, uas muab cov yam ntxwv muaj kev nyab xeeb kom tsis txhob muaj qhov tsis zoo tshwm sim los ntawm kev nkag mus tsis tau tom qab lub cim xeeb, tsis muaj qhov taw qhia tsis ncaj ncees, thiab tsis muaj kev cuam tshuam. Thaum lub tsev los ntawm lub neej ntawd, cov kev sib sau ua ke "-enable-default-pie" thiab "-enable-default-ssp" yog siv los pab kom randomization ntawm qhov chaw nyob qhov chaw nyob (PIE) thiab tiv thaiv pawg overflows los ntawm canary hloov. Rau cov pob ntawv sau hauv C / C ++, tus chij "-Wall", "-Werror = format-security", "-Wp,-D_FORTIFY_SOURCE=2", "-Wp,-D_GLIBCXX_ASSERTIONS" thiab "-fstack-clash" yog ntxiv. enabled -kev tiv thaiv".
Hauv qhov kev tso tawm tshiab:
- Ntxiv kev txhawb nqa rau lub thawv duab sau npe iav.
- Ntxiv lub peev xwm los siv daim ntawv pov thawj tus kheej kos npe.
- Ntxiv kev xaiv rau configure hostname.
- Lub neej ntawd version ntawm lub thawv tswj hwm tau hloov kho.
- Ntxiv topologyManagerPolicy thiab topologyManagerScope nqis rau kubelet.
- Ntxiv kev txhawb nqa rau kernel compression siv zstd algorithm.
- Muaj peev xwm thauj cov tshuab virtual rau hauv VMware hauv OVA (Open Virtualization Format) yog muab.
- The distribution version aws-k8s-1.21 has been updated with support for Kubernetes 1.21. Kev them nyiaj yug rau aws-k8s-1.16 tau raug txiav lawm.
- Hloov tshiab pob versions thiab dependencies rau cov lus Rust.
Tau qhov twg los: opennet.ru