Bootstrap containers are a form of host container that you can use to run critical software before the node connects to an orchestrator. They give you substantial power to configure and modify the system in ways that would otherwise be difficult or impossible.
When you define a bootstrap container using user-data or the Bottlerocket API, the following sequence occurs on next boot:
systemdstarts all of the bootstrap containers concurrently,
systemdwill not move to the next target until all of the bootstrap containers start, run, and exit,
- any bootstrap container configured with
mode=oncewill change to
- any bootstrap container set to
essential=truethat exits with an non-zero exit code halts the boot process,
- unless stopped in the previous step, the boot process continues by loading the orchestrator agent (
*-k8s-*variants or the ECS agent on
This example shows four bootstrap containers (
The start order of these containers is not sequential and could be in any order.
B2 runs the longest and the next stage of the boot does not proceed until it completes.
This example is the same as the previous one except container
B2 is configured with
B2 exits with a non-zero exit code and consequently the boot halts.
This example is the same as the first except container
B4 is configured with
After all the bootstrap containers finish, Bottlerocket (via a
systemd unit) updates container
As a consequence of this lifecycle, you should keep a few things in mind when using bootstrap containers:
- Bootstrap containers should be short-running and cleanly exit when complete otherwise the node will hang.
systemdstarts all the bootstrap containers concurrently, you cannot rely on a deterministic starting order.
- Bootstrap containers do not have access to the container orchestrator nor the rest of the cluster.
- Bootstrap containers should not modify critical configuration files (e.g.
Capabilities and permissions
Bootstrap containers sit somewhat between default host containers and
superpowered host container permissions.
They have access to the underlying host filesystem at
/.bottlerocket/ which contains the root filesystem (
Additionally, bootstrap containers run with the CAP_SYS_ADMIN capability, allowing for the creation of files, directories, and mounts accessible to the host (however the root filesystem remains immutable).
You cannot elevate the permissions of bootstrap containers.
Bootstrap containers have a variety of uses.
- Configure large setting values.
On many platforms there are limits to the size of user-data but you can use a bootstrap container to pass large values into
- Conditionally halt boot. You can perform checks or evaluation of the system in a bootstrap container with `essential` set to `true`.
- Apply settings you do not want to store in plaintext.
In cases where you need to pass values that you would not want to store in plain-text on external systems (such as credentials), you can instead use a bootstrap container that sets the values via
- Configure ephemeral disks. Since bootstrap containers have access to
/.bottlerocket/rootfs/mntand all bootstrap or
superpoweredhost containers share this bind mount, you can configure ephemeral disks attached to your host in a bootstrap container and use it elsewhere.