Concepts on Bottlerocket

API Driven

Mon, 01 Jan 0001 00:00:00 +0000

Bottlerocket is an API-driven operating system. This is a departure from general purpose Linux distributions where you install packages, configure services through individual configuration files, and use commands from the shell to perform administrative tasks.

With the concept of variants, all installed software for any given image is a known quantity and an included API enables you to configure everything from a single interface. Additionally, administrative tasks like checking for updates and rebooting as well as executing commands on the host are all accomplished with API calls.

Chain of Trust

Mon, 01 Jan 0001 00:00:00 +0000

Container hosts are particularly sensitive, with nearly unfettered access to your workloads, secrets, storage, and network. Consequently, ensuring that only your desired code runs on the host is paramount. Bottlerocket’s chain of trust provides cryptographic verification of all parts of the boot sequence through to your containers starting. Effectively, this means that every step verifies the next step in the sequence and any verification failure will immediately prevent any further progress.

Components

Mon, 01 Jan 0001 00:00:00 +0000

The components of Bottlerocket differ substantially from most Linux distributions. By providing ready-to-run images, some software typically considered as workloads of an operating system are integral to Bottlerocket.

This diagram represents the components of the aws-k8s-* variant. Subsequent sections will dissect and explain this variant.

Foundation

The Linux kernel provides the foundation of Bottlerocket. The kernel (major+minor) version may vary between variants, but does not change on update.

Restricted Filesystem

Mon, 01 Jan 0001 00:00:00 +0000

Bottlerocket is a container host operating system. Most containerized workloads need little, if any access to the underlying host filesystem. This, paired with image-based updates, means that much of the filesystem can be immutable. Still, there are some resources like logs, container images, and configuration files that do need to be mutable for a practically operable system. Bottlerocket splits the difference by having some storage that is immutable and some that is mutable, using different protection mechanisms for each filesystem. Additionally, some mutable storage in Bottlerocket only exists ephemerally and any changes will not survive a reboot.

Shell-less Host

Mon, 01 Jan 0001 00:00:00 +0000

Bottlerocket images do not have an SSH server nor even a shell. As it turns out, you don’t need one in the host operating system itself. Bottlerocket does, however, give you out-of-band access that allows you to launch a shell from a container to explore, debug, manually update, and change settings on the host.

Host container out-of-band access

Since the software doesn’t exist on the host to facilitate interactive shell sessions, it is provided through a container. These containers are granted access to resources on the underlying host, have the required software for remote connections, and are run in the host containerd instance.

Updates

Mon, 01 Jan 0001 00:00:00 +0000

Bottlerocket is designed to be updated in an image-based fashion. This means that updates are applied by downloading an image of the entire operating system to a different partition on disk, then switching to using that partition when the system is rebooted. This is done instead of a series of individual package updates on the current operating system partition. This is a departure from the traditional package-based Linux update model such as apt or yum, which are what you would find in Ubuntu or Amazon Linux.

Variants

Mon, 01 Jan 0001 00:00:00 +0000

General purpose distributions of Linux have “packages” that are delivered by a package manager. This allows the distribution to ship a limited set of drivers, tools, and applications with the kernel; the user then adds additional packages that suits the workload after the operating system is installed.

Bottlerocket is not a general purpose Linux distribution and intentionally doesn’t have a package manager. Instead Bottlerocket has variants. Variants are pre-defined sets of drivers, tools, and applications that are tailored to a specific architecture, platform, and orchestrator (as well as a “flavor,” more on that later). For example, there is a variant that consists of everything needed to run as a Kubernetes (orchestrator) node on an aarch64 (architecture) processor in AWS EC2 (platform). Bottlerocket delivers the variant as a complete, ready-to-run image.