Built on Alibaba Cloud Linux standard images and tuned for container workloads, Alibaba Cloud Linux 3 Container-optimized Edition incorporates ACK production best practices for higher deployment density, faster node startup, and stronger security isolation.
Benefits
-
Agile startup — Pre-integrated container runtime and toolchains cut node initialization time by up to 50%, accelerating cluster scaling during demand spikes.
-
Security and reliability — Bundled runtime components are tested and performance-tuned by Alibaba Cloud, ensuring stability, security, and reliability without third-party validation.
-
Ready to use — System-level kernel parameters are pre-optimized for network throughput, storage I/O, and memory management based on ACK enterprise deployments. Provides validated best-practice configurations without manual tuning.
cgroup v2 support
Alibaba Cloud Linux 3 Container-optimized Edition uses cgroup v2 (Control Group 2) to allocate system resources between processes. Over cgroup v1, cgroup v2 provides a unified API hierarchy, safer container subtree delegation, and improved resource allocation and isolation across multiple resource types.
In Kubernetes, kubelet and the container runtime use cgroup to enforce CPU and memory limits per Pod. Kubernetes adds cgroup v2 support in 1.25, moves cgroup v1 to maintenance mode in 1.31, and will remove cgroup v1 in a future release. Community features such as MemoryQoS and PSI (Pressure Stall Information) also require cgroup v2. See About cgroup v2.
Billing
Alibaba Cloud Linux 3 Container-optimized Edition is free. When you create an ECS instance using this image, standard charges apply for vCPU, memory, storage, public bandwidth, and snapshots. See Billing overview.
Use cases
Use this image as the node OS for Kubernetes workloads on ACK or self-built clusters running on ECS.
Get started
ACK managed clusters and node pools
Select Alibaba Cloud Linux 3 Container-optimized Edition as the node image when creating a cluster or node pool:
Self-built Kubernetes clusters on Alibaba Cloud
Select Alibaba Cloud Linux 3 Container-optimized Edition as the node OS when creating ECS instances. See Create a subscription instance on the Quick Launch tab.
Compatibility with cgroup v2
cgroup v2 differs from cgroup v1 in both general and subsystem interfaces exposed by the Linux kernel. Applications that access the cgroup filesystem directly — such as Java applications — must meet minimum version requirements.
| Affected software | Required version |
|---|---|
| cAdvisor (standalone DaemonSet) | v0.43.0 or later |
| Java — Dragonwell | 11.0.16.12, 8.15.16-GA, or later |
| Java — OpenJDK/HotSpot | jdk8u372, 11.0.16, 15, or later |
| Java — IBM Semeru Runtimes | 8.0.382.0, 11.0.20.0, 17.0.8.0, or later |
| Java — IBM Java | 8.0.8.6 or later |
| Go applications | Upgrade uber-go/automaxprocs to v1.5.1 or later |