By Shaoyu Huang and Yuanhong Peng
LifseaOS is an operating system specially optimized for container scenarios. It is lightweight, fast, and secure with image-based atomic update and rollback management.
At the Apsara Conference 2021, a new Linux Base OS was released. It was LifseaOS (Lightweight, Fast, Secure, Atomic Operating System).
LifseaOS is an operating system (OS) specially optimized for container scenarios, which is also called ContainerOS. It has the following outstanding features:
Lightweight: LifseaOS integrates with containerd and Kubernetes by default. It only contains system services and packages required by running Kubenetes pods.
Compared with the traditional operating system (Alibaba Cloud Linux 2/3 and CentOS), the number of the installed packages reduces by 60%, and the image size reduces by 70%.
Fast: LifseaOS removes a lot of softwares and hardware drivers which are not needed by cloud-native senarios. All necessary kernel drivers are built-in which helps to remove initramfs.
Udev rules are simplified, and the boot up time is incredibly short. The first boot up time is reduced to 2 seconds, compared with the traditional OS, which may need almost 1 minute.
Secure: The LifseaOS image has a read-only root filesystem. The only supported writable locations are /etc and /var. We removed sshd conponents, no python support. The core concept here is to reduce attack surface. We expect that all modifications of the system is through audited API. However, LifseaOS still provides a dedicated O&M container to login the system to meet urgent O&M requirements. The O&M container needs to be pulled up by API on-demand and is not enabled by default.
Atomic: Unlike traditional operating systems, LifseaOS can only be updated based on the whole image. With OSTree technology, the OS image versions can be managed just like a git repository. The image-based atomic upgrade helps to ensure consistency within the whole Kubernetes cluster.
All of the above features point to the core idea of immutable infrastructure. Management of the OS is designed to be cloud-native. Furthermore, with deep integration and optimization with ACK (Alibaba Cloud Container Service), users can obtain rapid node scale-out speed which is improved by 100%, compared with the traditional OS.
OpenAnolis has established a ContainerOS's special interest group. LifseaOS are now fully open-source in OpenAnolis. Please see this link for more information.
Alibaba Cloud Container Service (ACK) provides enterprise-level container application lifecycle management services for Kubernetes. Alibaba Cloud Container Service ACK node pool provides users with the management capability of a group of homogeneous nodes (nodes in the same node pool have the same configuration). It has the characteristics of configuration consistency and O&M consistency, which can reduce node batch operations and management costs.
ContainerOS (based on LifseaOS) can be used in ACK node pools now. Compared with traditional Linux OS, ContainerOS is deeply optimized for container scenarios and has the advantages of greater security, lightness, fast startup, and immutable image. ContainerOS combines ACK managed node pools with automatic management capabilities, including quick node CVE repair, node self-healing, and automatic image upgrade. This can help reduce the management burden on users in OS O&M and allow users to pay more attention to upper-layer applications.
ContainerOS is available in the cluster managed node pool of ACK Pro 1.20.4 and more advanced versions. You can use the ACK product consoles to create a managed node pool based on the ContainerOS by referring to the following figure:
Now start your journey with ContainerOS!
Shaoyu Huang from Alibaba Cloud, core member of Container Optimized Operating System SIG in the OpenAnolis community.
Yuanhong Peng from Alibaba Cloud, core member of Container Optimized Operating System SIG in the OpenAnolis community.
OpenAnolis - July 14, 2022
Alibaba Cloud Community - April 29, 2022
OpenAnolis - December 7, 2022
Alibaba Cloud Community - February 9, 2022
Alibaba Clouder - January 5, 2021
Alibaba Developer - February 26, 2020
A unified, efficient, and secure platform that provides cloud-based O&M, access control, and operation audit.Learn More
Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resourcesLearn More
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.Learn More
Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.Learn More
More Posts by OpenAnolis