Community Blog LifseaOS: Born for Cloud-Native

LifseaOS: Born for Cloud-Native

This short article explains a new Linux Base OS - LifseaOS.

By Shaoyu Huang and Yuanhong Peng

LifseaOS is an operating system specially optimized for container scenarios. It is lightweight, fast, and secure with image-based atomic update and rollback management.



At the Apsara Conference 2021, a new Linux Base OS was released. It was LifseaOS (Lightweight, Fast, Secure, Atomic Operating System).

LifseaOS is an operating system (OS) specially optimized for container scenarios, which is also called ContainerOS. It has the following outstanding features:

Lightweight: LifseaOS integrates with containerd and Kubernetes by default. It only contains system services and packages required by running Kubenetes pods.

Compared with the traditional operating system (Alibaba Cloud Linux 2/3 and CentOS), the number of the installed packages reduces by 60%, and the image size reduces by 70%.

Fast: LifseaOS removes a lot of softwares and hardware drivers which are not needed by cloud-native senarios. All necessary kernel drivers are built-in which helps to remove initramfs.

Udev rules are simplified, and the boot up time is incredibly short. The first boot up time is reduced to 2 seconds, compared with the traditional OS, which may need almost 1 minute.

Secure: The LifseaOS image has a read-only root filesystem. The only supported writable locations are /etc and /var. We removed sshd conponents, no python support. The core concept here is to reduce attack surface. We expect that all modifications of the system is through audited API. However, LifseaOS still provides a dedicated O&M container to login the system to meet urgent O&M requirements. The O&M container needs to be pulled up by API on-demand and is not enabled by default.

Atomic: Unlike traditional operating systems, LifseaOS can only be updated based on the whole image. With OSTree technology, the OS image versions can be managed just like a git repository. The image-based atomic upgrade helps to ensure consistency within the whole Kubernetes cluster.


All of the above features point to the core idea of immutable infrastructure. Management of the OS is designed to be cloud-native. Furthermore, with deep integration and optimization with ACK (Alibaba Cloud Container Service), users can obtain rapid node scale-out speed which is improved by 100%, compared with the traditional OS.

OpenAnolis has established a ContainerOS's special interest group. LifseaOS are now fully open-source in OpenAnolis. Please see this link for more information.

Use LifseaOS in the ACK Node Pool

Alibaba Cloud Container Service (ACK) provides enterprise-level container application lifecycle management services for Kubernetes. Alibaba Cloud Container Service ACK node pool provides users with the management capability of a group of homogeneous nodes (nodes in the same node pool have the same configuration). It has the characteristics of configuration consistency and O&M consistency, which can reduce node batch operations and management costs.


ContainerOS (based on LifseaOS) can be used in ACK node pools now. Compared with traditional Linux OS, ContainerOS is deeply optimized for container scenarios and has the advantages of greater security, lightness, fast startup, and immutable image. ContainerOS combines ACK managed node pools with automatic management capabilities, including quick node CVE repair, node self-healing, and automatic image upgrade. This can help reduce the management burden on users in OS O&M and allow users to pay more attention to upper-layer applications.

ContainerOS is available in the cluster managed node pool of ACK Pro 1.20.4 and more advanced versions. You can use the ACK product consoles to create a managed node pool based on the ContainerOS by referring to the following figure:


Now start your journey with ContainerOS!

Related Links

About Author

Shaoyu Huang from Alibaba Cloud, core member of Container Optimized Operating System SIG in the OpenAnolis community.
Yuanhong Peng from Alibaba Cloud, core member of Container Optimized Operating System SIG in the OpenAnolis community.

0 0 0
Share on


57 posts | 3 followers

You may also like



57 posts | 3 followers

Related Products

  • Bastionhost

    A unified, efficient, and secure platform that provides cloud-based O&M, access control, and operation audit.

    Learn More
  • ACK One

    Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources

    Learn More
  • Container Service for Kubernetes

    Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.

    Learn More
  • Function Compute

    Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.

    Learn More