Alibaba Cloud Linux 3 Container-optimized images are built on standard Alibaba Cloud Linux images with optimizations for container workloads, including higher deployment density, faster node startup, and stronger security isolation. These images bundle pre-tuned container runtimes and kernel configurations based on best practices from Container Service for Kubernetes (ACK).
Benefits
These images provide the following benefits:
-
Agile startup: Pre-integrated container runtimes and toolchains simplify Kubernetes node initialization, reducing startup time by up to 50% and improving cluster scaling efficiency.
-
Security and reliability: Pre-integrated container runtimes and toolchains are tested and performance-tuned by Alibaba Cloud for stable, secure, and reliable container workloads.
-
Ready-to-use: Built on ACK best practices from global enterprise customers, these images include optimized kernel parameters for network throughput, storage I/O, and memory management, with rigorously verified configurations.
These images use control group (cgroup) v2, which provides a unified hierarchy, safer subtree delegation to containers, and improved resource allocation and isolation.
In Kubernetes, the kubelet and container runtime use cgroups to manage per-container CPU and memory limits. Kubernetes supports cgroup v2 since version 1.25, moved cgroup v1 to maintenance mode in version 1.31, and will remove cgroup v1 support in future versions. Community features such as MemoryQoS and Pressure Stall Information (PSI) are fully supported in cgroup v2. About cgroup v2.
Billing
These images are free. When you create an ECS instance with a Container-optimized image, you may be charged for other instance resources such as vCPU, memory, storage, public bandwidth, and snapshots. For information about the billing of ECS resources, see Billing overview.
Scenarios
For Kubernetes-based containerized deployments, use Container-optimized images to create ECS instances as cluster nodes running Alibaba Cloud Linux 3 Container-optimized Edition.
Instructions
When you create an ACK cluster, we recommend using Container-optimized images as the node operating system. For more information, see Create an ACK managed cluster and Create and manage node pools.
To create a Kubernetes cluster on Alibaba Cloud, use Container-optimized images as the node operating system. Create a subscription instance on the Quick Launch tab.
Compatibility with cgroup v2
These images use cgroup v2. If your applications directly access the cgroup filesystem, such as Java applications, verify that your tool versions meet the compatibility requirements of cgroup v1 and cgroup v2. The following table lists affected software and solutions.
|
Affected software |
Solution |
|
cAdvisor |
If you run cAdvisor as a standalone DaemonSet, update to v0.43.0 or later. |
|
Java applications |
Dragonwell: 11.0.16.12, 8.15.16-GA, and later. OpenJDK/HotSpot: jdk8u372, 11.0.16, 15, and later. IBM Semeru Runtimes: 8.0.382.0, 11.0.20.0, 17.0.8.0, and later. IBM Java: 8.0.8.6 and later. |
|
Go applications |
Upgrade uber-go/automaxprocs to v1.5.1 or later. |
To migrate from cgroup v1 to v2, follow the steps in Migrating to cgroup v2.