Bottlerocket 1.1: Secure OS Enhancements

Introduction

Bottlerocket 1.1 — Secure OS Enhancements — was released on July 20, 2021.

Policy usually becomes urgent the first time you need to stop a risky manifest from shipping — or when you’re trying to make standards repeatable across teams.

In this release: Bottlerocket 1.1 enhances the container-optimized OS with improved security, better Kubernetes integration, and enhanced tooling for node management.

Security Enhancements

• Immutable root improvements provide stronger protection against unauthorized modifications.
• SELinux enhancements enable more granular security policy enforcement.
• Update security improvements ensure only signed and verified updates are applied.
• Audit logging expansion provides better tracking of system changes and access.

Kubernetes Integration

1. Kubelet improvements enhance integration with Kubernetes control plane.
2. Container runtime optimizations improve performance and reliability.
3. CNI support expansion enables more networking plugin options.
4. CSI support improvements enable better storage integration.

Operational Improvements

• Update process enhancements simplify and speed up OS updates.
• API improvements provide better programmatic control over node configuration.
• Monitoring expansion includes better metrics and health indicators.
• Documentation improvements provide clearer guides for operations teams.

Multi-Cloud Support

• Bare metal support enables Bottlerocket deployment beyond AWS.
• VM support expansion provides more deployment options.
• Cloud provider integrations improve support for GCP and Azure.
• Community contributions expand platform support.

Getting Started

aws eks create-nodegroup \
  --cluster-name demo \
  --nodegroup-name bottlerocket \
  --ami-type BOTTLEROCKET_ARM64 \
  --instance-types t3.medium

Summary

Bottlerocket 1.1 continues to evolve as a secure, efficient operating system for Kubernetes nodes, providing teams with confidence in their infrastructure security.