ContainerOS is an operating system that Alibaba Cloud provides for containerized development. ContainerOS is fully compatible with Kubernetes. ContainerOS is based on Alibaba Cloud Linux 3 and provides enhanced security, faster startup, and simplified system services and software packages. ContainerOS is pre-installed with components to provide out-of-the-box features in cloud-native scenarios. This topic introduces the background information about ContainerOS, and describes the features and benefits of ContainerOS.
Table of contents
Applicable scope
ContainerOS supports only containerd and can be used only in managed node pools. For more information about managed node pools, see Managed node pool overview.
ContainerOS supports only Kubernetes 1.24.6 or later. To use ContainerOS, you can create an ACK cluster that runs Kubernetes 1.24.6 or later, or update the Kubernetes version of an existing cluster to 1.24.6 or later. For more information, see Create an ACK managed cluster and Update the Kubernetes version of an ACK cluster.
Introduction to ContainerOS
Due to the rapid development of cloud-native technologies, containerization is widely adopted to deploy applications. The emergence of cloud-native components, such as container runtimes and Kubernetes components, allows you to focus on application development and eliminates the need to manage and maintain the underlying infrastructure. Traditional OS distributions are pre-installed with userspace tools, software packages, and system services. This significantly increases the size of the OS, slows down the startup, and leads to challenges for the O&M of the OS. These challenges include the management of software packages and software versions. To improve the compatibility of traditional operating systems in cloud-native scenarios and improve the user experience of ACK, ACK provides ContainerOS, an operating system specialized for containerized development.
ContainerOS is a lightweight node OS that uses a modular architecture. With ContainerOS, you can launch containers faster and run containers with higher efficiency. In addition, ContainerOS provides enhanced security and requires less computing resources, which makes ContainerOS ideal for cloud computing and large-scale deployments. These benefits provide better user experience.
Features
Feature | Description |
Simplified OS images | The image of ContainerOS contains only the software packages and system services that are required for running pods. This significantly reduces the startup duration and makes the operating system less vulnerable. ContainerOS does not support Python and does not allow you to directly log on by using SSH. ContainerOS provides out-of-the-box features that you can use without additional configurations. You can focus on application development without the need to maintain the operating system. |
Fast startup | ContainerOS provides end-to-end integration and optimization, which greatly accelerates the startup and reduces the time required for adding nodes to ACK clusters. The startup of ContainerOS is simplified. Key cluster control components are pre-installed in the image of ContainerOS to save the need to pull images of these components during node initialization. These features, along with an optimized ACK control link, greatly reduce the time required for adding nodes to ACK clusters. The following figure shows the startup duration of different operating systems. When you use ContainerOS to deploy 1,000 nodes, it requires 53 seconds for 90% of the nodes to reach the Ready state. The startup duration is significantly shorter than the startup duration of nodes when CentOS or Alibaba Cloud Linux 2 Custom Image is used to deploy nodes. For more information, see Use ContainerOS to quickly scale out nodes.
Important The values provided in the preceding figure are only theoretical values. The actual values may vary based on the service optimization and your environment. |
Security enhancement | The root file system of ContainerOS is read-only. You have read and write permissions only on the /etc and /var directories. This allows you to configure some basic system configurations. This way, ContainerOS complies with the principle of immutable infrastructure and prevents container escapes and unauthorized operations on the host file system. ContainerOS does not allow you to directly log on to the system and perform untraceable operations. However, ContainerOS provides a container that you can use to meet your O&M requirements. For more information, see Work with the administrative container of ContainerOS. |
Atomic upgrade | ContainerOS complies with the principle of immutable infrastructure, and does not support the installation of Red Hat Package Manager (RPM) packages or the use of package management tools such as Yellowdog Updater Modified (YUM). ContainerOS supports only the upgrades and rollbacks among OS image versions. This ensures the consistency of software versions and system configurations among nodes. Each ContainerOS image must pass strict tests before it is released. Compared with traditional upgrades that are based on RPM packages, upgrades based on OS images ensure higher system stability after upgrades are completed. |
Benefits
Benefit | Description |
Specialization in containerized development | ContainerOS is specialized for containerized development and provides benefits such as fast startup, security enhancement, and immutable root file systems. These benefits provide improved performance, facilitate cluster O&M and management, and ensure consistency among nodes. |
Fast scale-out | With an optimized ACK control link and optimized OS image, ContainerOS greatly reduces the time required for scaling out ACK clusters. The time required for adding nodes to a cluster accounts for more than 90% of the E2E time required for scaling out the cluster. If you use ContainerOS as the node OS, the E2E time required for scaling out ACK clusters will be greatly reduced. |
High O&M capability | ContainerOS is integrated with the ACK control plane to allow you to update Kubernetes versions and system software versions and fix Common Vulnerabilities and Exposures (CVE) vulnerabilities by updating OS image versions. Compared with Alibaba Cloud Linux 2 Custom Image, which uses images pre-installed with components to accelerate node initialization, ContainerOS provides automated O&M and CVE patching. This frees you from image maintenance and node O&M, and greatly simplifies your work in using ACK clusters. ContainerOS is optimized for ACK. Service interruptions caused by node O&M are significantly reduced. |
Compatibility with Alibaba Cloud Linux 3 | The kernel versions and most software versions of ContainerOS are the same as those of Alibaba Cloud Linux 3. ContainerOS uses Linux Kernel 5.10 LTS, the latest Linux kernel version. This provides the latest Linux features for applications. For more information about Alibaba Cloud Linux 3, see What is Alibaba Cloud Linux. |
Billing
ContainerOS is free of charge. You can use ContainerOS free of charge in managed node pools in ACK clusters. ACK provides long-term free technical support for ContainerOS.
You are charged for resources that you use together with ContainerOS, such as vCPUs, memory, storage resources, public bandwidths, and snapshots. For more information, see Billing overview
Release notes
For more information about the release notes of the ContainerOS image, see Release notes for OS images.
What to do next
For more information about common operations that you can perform on the administrative container of ContainerOS, such as entering the host environment and stopping, restarting, and destroying the container, see Work with the administrative container of ContainerOS.