Bottlerocket OS is a new operating system from Amazon tailored to host containers in the cloud. It is a stripped-down Linux implementation, to be more precise, that includes the Linux Kernel with support for an atomic update mechanism and is capable of providing automatic updates. This free, open-source, Linux-based operating system is largely written in Rust and is primarily focused on running within Amazon’s cloud infrastructure. It provides a reliable, consistent, and secure platform that can be leveraged in container-based environments.
This article presents a discussion on container-based environments, the benefits of using the Bottlerocket OS, and how one can get started using this new operating system.
Features of Bottlerocket OS
The Bottlerocket OS has been developed as an open-source project on Github. The main features of this container-optimized operating system include the following:
- Reliable updates
- Support for API access
- Improved performance
- Improved security
- Reduced maintenance overhead
- Lower operational costs
Bottlerocket solves many challenges faced by a host OS running container-based environments today.
What Are Containers?
A container is a unit of software that encapsulates code and dependencies that are necessary to run an application inside the container’s environment. Note that multiple containers share the same host operating system but are isolated from one another. Unlike virtual machines, containers are fast and can boot up quickly since they leverage the host operating system.
Kubernetes is an extremely popular orchestration engine with a huge community and can run different container technologies. ECS and Fargate from AWS are popular among AWS users, and Amazon Elastic Container Service (ECS) is yet another container orchestration service. You can learn more about all of these here.
Docker is an open-source toolkit, a popular containerization platform that can be used to build and run containers. You can take advantage of Docker containers to build, deploy, and manage containers seamlessly, while Docker images are read-only templates used to build Docker containers.
Challenges with Containers
There are several challenges with a host operating system running container-based environments, including the following:
- Security is an issue since you often need to install extra packages to ensure dependencies are functioning properly, thus increasing the attack surface.
- Updates might be difficult and can have issues with dependencies.
- Performance is yet another problem, as additional packages, which might often be unnecessary, will consume more compute cycles and disk space.
For additional information, read up on how to run containers and Kubernetes in AWS via this link.
Why Should You Use Bottlerocket OS?
Bottlerocket comes to the rescue when facing the above issues. The Bottlerocket OS tends to mitigate the challenges faced by container-based environments such as security, updates, compute cycles, start-up time, and the integrity of a cluster over time. Most of the components in Bottlerocket are written in Rust, so some of the memory safety issues are eliminated. The following are additional benefits of Bottlerocket:
- Improved uptime: You can apply updates to the Bottlerocket OS all at once, and they can also be rolled back as needed, improving uptime.
- Lower management overhead: You can utilize container orchestration services to automate updates to the Bottlerocket OS, reducing management overhead and operational costs.
- Better security and resource utilization: Contrary to other operating systems, you only have the essential components in Bottlerocket OS to run, creating a smaller attack surface and improving security.
- Optimized performance: Bottlerocket is optimized to run on Amazon EC2 and incorporates built-in support for integrations with AWS services.
- Read-only file system: Bottlerocket uses a read-only file system whose integrity is validated at the time of booting.
- Automated updates: You can automate updates via orchestration services like Amazon EKS. Unlike traditional Linux-based systems that use package-by-package updates, Bottlerocket utilizes image-based updates.
- Open development model: You can create code and design changes to the Bottlerocket OS via code available in Github. It should be noted that the Bottlerocket OS supports images formatted for Docker and OCI (Open Container Initiative).
Getting Started Using Bottlerocket
The first release of Bottlerocket focuses on Kubernetes, so you need to first set up an elastic Kubernetes cluster. Incidentally, Kubernetes is the most popular orchestration tool available.
Next, you’ll want to launch Amazon EC2 instances using the Bottlerocket AMI. You can also take advantage of Amazon EKS, a service capable of managing a Kubernetes control plane.
Next, launch a Bottlerocket instance in EC2. Make sure to use the EKS command line tool called eksctl to ensure that your cluster setup is seamless.
And, that’s it. You can now manage updates to the Bottlerocket OS using Amazon EKS.
You should also install kubectl to augment eksctl. Note that most of the setup process of EKS is automated if you’re leveraging a recent version of eksctl. You can learn more about the Bottlerocket AMI here:
You don’t need to pay anything extra to use Bottlerocket; you just have to pay for the standard Amazon EC2 and AWS.
The Bottlerocket OS as a Container Host
There are two main objectives of the Bottlerocket OS. One of them is to be able to perform automated OS updates seamlessly. The second is to have an OS that is stripped down to the packages needed to run containers. Bottlerocket provides support for both Docker images and OCI-formatted images. This is the reason why it’s capable of running any Linux-based containers.
Note that the Bottlerocket OS comprises two identical partitions: a primary partition and a secondary partition. Incidentally, both of these partitions are identical, but when you update Bottlerocket OS on your computer, only the inactive partition is updated. Once the update is complete, the partition table (a table that contains metadata about partitions on a disk) is updated to swap the active and inactive partition sets.
The single-stipe update mechanism supported by Bottlerocket can minimize update failures and facilitate seamless update rollbacks. In lieu of a package update system, the Bottlerocket OS uses an image-based model with support for rapid updates and rollbacks if needed.
This approach eliminates the possibility of conflicts and breakage while at the same time enabling you to apply fleet-wide updates. You can also implement update waves, enabling you to update groups of Bottlerocket hosts at predefined schedules.
Bottlerocket relies on a disk-based model in lieu of the traditional package installer. Updates can be automated as well–you just need to use an orchestration service such as Amazon EKS.
Other Container-Optimized Operating Systems
A container-optimized OS is nothing new, and Amazon is not the first company to build a container-specific one in Linux. The first was CoreOS (acquired by Red Hat). The basic idea behind all container OS variants is to create a small, stripped-down version of a Linux operating system that can host containers.
There are several container-OS variants around. Red Hat created Project Atomic and inherited Container Linux. Similarly, Rancher Labs has created RancherOS, and Google Cloud Platform has a Container-Optimized OS based on the Chromium OS project, used for the Chrome OS.
It should be noted that Bottlerocket is designed and architected in such a way that it can support different cloud environments and container orchestrators if need be. One build of Bottlerocket that provides support for different features is known as a variant, which you can read up on here!
Bottlerocket from AWS is a minimal OS built for hosting containers. It is an open-source development model that leads to increased uptime, better security, improved resource utilization, better performance, and support for automated updates. The architecture of Bottlerocket is flexible enough to be able to support different cloud environments and container orchestrators in the future as well.