adds FAQ item about firecracker

[stockholmux]

Issue number:

Closes # n/a

Description of changes:

• Adds a FAQ item to disambiguate Firecracker from Bottlerocket (a common confusion).
• Adds a style to support block quotes needed in this FAQ item.

Terms of contribution:

By submitting this pull request, I confirm that my contribution is made under
the terms of the licenses outlined in the LICENSE-SUMMARY file.

[stmcginnis]

Good to have something out there! It's amazing how often there is confusion here. :D

[bcressey]

nit: "uses"

There's an open issue for Firecracker support so it's not a foregone conclusion that this will always be true, especially as out-of-tree builds make the distro easier to customize and experiment with.

For me this is like saying "Bottlerocket does not use Docker" - it's true except when it's not.

[bcressey]

This sort of reads like dunking on the person who asked this question. It doesn't help that the sentence could be written as "Bottlerocket and Firecracker actually have a lot in common" without changing the bullet points at all.

[bcressey]

Alternatively: Firecracker really just runs micro VMs and talking about specifics of what's inside those micro VMs (containers, serverless functions) is actually what creates the confusion, since Bottlerocket is also built for running containers safely and efficiently, and nothing more.

The missing nuance here is that there are different ways to run containers:

1. using the Linux kernel primitives for isolation (cgroups, namespaces)
2. using userspace reimplementation of the Linux kernel API (gvisor)
3. using micro VMs with micro Linux kernels for each container (Firecracker)

Bottlerocket could support all of these ways with various trade-offs in terms of security and functionality, and today just supports the first one.