Alibaba Cloud Linux 3 Container-optimized images are built on the default standard images for Alibaba Cloud Linux, a cloud-native operating system, and are tuned specifically for container workloads. Developed in-house at Alibaba Cloud, they incorporate best practices from large-scale production deployments on Container Service for Kubernetes (ACK) and are the recommended choice for workloads that require higher deployment density, faster node startup, and stronger security isolation.
Benefits
-
Agile startup — Pre-integrated container runtime software and toolchains reduce node initialization time by up to 50%, so cluster scaling operations complete faster when demand spikes.
-
Security and reliability — The bundled runtime components are thoroughly tested and performance-tuned by Alibaba Cloud. This removes the guesswork from validating third-party runtime combinations and gives you a stable, secure baseline for container workloads.
-
Ready to use — System-level kernel parameters are pre-optimized for key container performance metrics — network throughput, storage I/O, and memory management — based on validated configurations from global enterprise deployments. No manual kernel tuning is required.
cgroup v2 support
Alibaba Cloud Linux 3 Container-optimized Edition uses cgroup v2 (Control Group 2), the Linux kernel technology that allocates system resources between processes. Compared to cgroup v1, cgroup v2 introduces a single unified hierarchy for APIs, safer container subtree delegation, enhanced resource allocation management, and isolation capabilities across multiple resource types.
In Kubernetes, kubelet and the container runtime rely on cgroup to enforce CPU and memory limits per Pod. Kubernetes adds cgroup v2 support in version 1.25, moves cgroup v1 to maintenance mode in version 1.31, and will remove cgroup v1 support in a future release. Community features such as MemoryQoS and PSI (Pressure Stall Information) also require cgroup v2. See About cgroup v2 for details.
Billing
Alibaba Cloud Linux 3 Container-optimized Edition is free. When you create an ECS instance using this image, standard charges apply for vCPU, memory, storage, public bandwidth, and snapshots. See Billing overview for details.
Use cases
Use Alibaba Cloud Linux 3 Container-optimized Edition as the node operating system when your workloads require containerized deployment through Kubernetes — whether on ACK or on a self-built Kubernetes cluster running on ECS instances.
Get started
ACK managed clusters and node pools
Select Alibaba Cloud Linux 3 Container-optimized Edition as the cluster node system image when configuring a new cluster or node pool:
Self-built Kubernetes clusters on Alibaba Cloud
Select Alibaba Cloud Linux 3 Container-optimized Edition as the node OS when creating ECS instances. See Create a subscription instance on the Quick Launch tab.
Compatibility with cgroup v2
cgroup v2 changes both the general interfaces and the subsystem interfaces exposed by the Linux kernel. Applications that access the cgroup filesystem directly — such as Java applications — must meet minimum version requirements. The following table lists the affected software in container scenarios and the required versions.
| Affected software | Required version |
|---|---|
| cAdvisor (standalone DaemonSet) | v0.43.0 or later |
| Java — Dragonwell | 11.0.16.12, 8.15.16-GA, or later |
| Java — OpenJDK/HotSpot | jdk8u372, 11.0.16, 15, or later |
| Java — IBM Semeru Runtimes | 8.0.382.0, 11.0.20.0, 17.0.8.0, or later |
| Java — IBM Java | 8.0.8.6 or later |
| Go applications | Upgrade uber-go/automaxprocs to v1.5.1 or later |
For migration guidance, see Migrating to cgroup v2.