AWS Bottlerocket vs. Google Container-Optimized OS: Which Should You Use and When | Hacker Noon

Author profile picture

@galaxyweblinksGalaxy Welinks

Custom Software Development for Web and Mobile

What’s the difference between popular Container-Centric OS choices, Google’s Container-Optimized OS, and AWS’s Bottlerocket? The concepts underlying containers have been around for many years. Container technologies like Docker, Kubernetes, and an entire ecosystem of products, as well as best practices, have emerged in the last few years. This has enabled different kinds of applications to be containerized. 

Web service providers like Amazon AWS and Google are giving a further boost to container innovation, for enterprises to adopt and use containers at scale. This will help them to reap the benefits containers bring, including increased portability and greater efficiency.  

Linux-based OS, AWS Bottlerocket is a new option, designed for running containers on virtual machines (VMs) or bare-metal hosts. In this article, you will learn the core uses and differences between the two open-source OS.

AWS Bottlerocket 

It is an open-source, stripped-down Linux distribution that’s similar to projects like Google’s Container-Optimized OS. This single-step update process helps reduce management overhead.

It makes OS updates easy to automate using container orchestration services such as Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). 

Google Container-Optimized OS 

It’s an OS image for Google Compute Engine VMs that’s optimized for running Docker containers. It allows you to bring up your Docker containers on Google Cloud Platform securely, and quickly. It is based on the open-source Chromium OS project and is maintained by Google.

But before diving into the core differences, let us give you a basic overview of containers, VMs, and container-optimized OS, and its underlying challenges to better understand the differences. 

If you are already aware of all the underlying processes of containers, then you can skip to the main differences for AWS Bottlerocket vs Google Container-Optimized OS. 

Containers, VMs and Docker Explained

From Search to YouTube to Gmail, everything at Google runs in containers. As a developer, containers give you a lot of freedom by letting you upload an app with all of its dependencies into an easy-to-move package.

Containers are often compared with virtual machines (VMs). You might already be familiar with VMs: a guest operating system such as Linux or Windows that runs on top of a host operating system with virtualized access to the underlying hardware. 

On the other hand, Docker containers allow you to provide isolated environments for running your software services, and package your application together with libraries and other dependencies. 

Thus containers offer a far more lightweight unit for IT Ops teams and developers to work with, carrying a myriad of benefits.

In fact, containers allow your application as a whole to be packaged, abstracting away the code, the machine, and even OS itself. The same way, software libraries package code bits together allowing developers to abstract away logic like user session management and authentication.

This helps with easy development, testing, deployment, and overall management of your applications.

Challenges With a Host OS

Containers still require an OS just as serverless hasn’t removed the underlying need for servers. Most containers run on a general-purpose OS and because container-based host environments allow hundreds or thousands of instances, containers make it easy to scale out. Such a scale introduces problems with OS overhead, updates, security, and more.

This is where Bottlerocket OS and Google Container-Optimized OS comes to the rescue. Google Container-Optimized OS gives dev. teams improved speed and efficiency to run higher throughput workloads with better uptime and security.

Practically, one of the ways of deploying containers on Google Cloud is Google Compute Engine (GCE). You can leverage your familiar virtual machine environment to run your containers. This means using existing workflow and tools, without requiring your team to ramp up on all things cloud-native. 

When creating a GCE VM, the container section will let you specify the image you’d like to use as well as a few more important options. When you get to the boot disk section, the suggested VM OS is Container-Optimized OS. This is optimized for running the Docker containers. This OS image comes with a Docker runtime pre-installed, enabling you to bring up your Docker container at the same time you create your VM.

On the other hand, Bottlerocket is purpose-built for hosting containers in Amazon infrastructure. It runs natively in Amazon EKS, AWS Fargate, and Amazon ECS.

AWS Bottlerocket vs Google Container-Optimized OS 

Security

Reducing your attack surface is one of the most important rules of security.

Bottlerocket allows minimizing the attack surface to protect against outside attackers. It also diminishes the impact that a vulnerability would have on the system and provides inter-container isolation. Bottlerocket uses kernel namespaces and container control groups (cgroups) for isolation between containers running on the system. 

Google Container-Optimized OS does this by moving all services out of the OS system/user space into containers. 

In addition, the auto-upgrading feature, enabled by default, keeps nodes in the cluster up-to-date with the cluster master version. This both improves security and reduces maintenance overhead. 

Open-Source Requirements

Amazon made it easy for developers to become involved by leveraging GitHub for their development platform. By design, end users are encouraged to create variants (i.e. update operator or your control container) of the OS.

There’s nothing else to build except for support for Docker and Kubernetes as the Bottlerocket build system is based on Rust.

Customers of Google Container-Optimized OS don’t need to build and deploy customized images on a cluster, unlike Bottlerocket.

Building Container-Optimized OS requires the Chromium scripts and toolchain, which are unique to Google. These development images are designed for Google engineers to build, debug and test the system, and they do allow user Shell access. The images can be run using KVM (Kernel-based Virtual Machine) or imported into a compute engine instance.

Wrapping Up

The OS is part of the background infrastructure that means developers can focus on their applications instead of how they’ll be run. Both Bottlerocket and Container-Optimized OS do this well. 

AWS’s Bottlerocket incorporates many of the best ideas from the predecessors and adds support for container orchestrators and multiple cloud environments, as well as the ability to create variants if your use cases require it. 

However, if you’re looking at a multi-cloud strategy, then Container-Optimized OS might act as a roadblock, not an advantage. Most people avoid vendor lock-in and are looking at multi-cloud at the same time. If deploying to multiple clouds is what you envision, then Bottlerocket would be a better choice.

Google’s Container-Optimized OS is similar to Firecracker technology (microVM for serverless computing) under AWS Fargate. Like many Google technologies, Container-Optimized OS focuses more on how things should be done, and this is often a good thing. 

About Galaxy Weblinks: we specialize in delivering end-to-end software development & testing services. We also offer effective solutions for Cloud support & maintenance to help our global clients with cloud storage, public, private & hybrid application development. Contact us to speak with our cloud experts.

Tags

read original article here