It is essential that your hosts continuously install the latest security patches provided by your Operating System vendor, but creating a strategy to safely and reliably coordinate OS updates across a fleet can be challenging. The Bottlerocket operating system offers a few unique features to provide a secure update experience, with safety rails built-in to protect against common updating pitfalls like reliable rollbacks and velocity control. To facilitate a similarly safe and reliable update mechanism across a fleet of Bottlerocket nodes in a Kubernetes cluster, Amazon Web Services has built the Bottlerocket Update Operator. This lecture will start with some background information on Bottlerocket and Bottlerocket’s API, then go into details on how the Bottlerocket Update Operator is designed and implemented.

Bottlerocket is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers. Bottlerocket focuses on security and maintainability, providing a reliable, consistent, and safe platform for container-based workloads. The base operating system has just what you need to run containers reliably, and is built with standard open-source components. Bottlerocket-specific additions focus on reliable updates and on the API. Instead of making configuration changes manually, you can change settings with an API call. The Bottlerocket Update Operator makes use of this API to update the hosts in the cluster on the backend.

The Bottlerocket Update Operator is a Kubernetes software extension that works harmoniously with Bottlerocket’s update system to coordinate updates on Bottlerocket hosts in a cluster. The operator uses Kubernetes features to minimize the risk of service disruptions during updates, and integrates with familiar tools to provide insight into the state of updates in a cluster. The operator also uses a unique approach to minimally scope the permissions and capabilities of the Update Operator agent running on each node.