All Products
Search

This Product

    Container Service for Kubernetes:Use Alibaba Cloud Linux 2 (EOL)

    Document Center

    Container Service for Kubernetes:Use Alibaba Cloud Linux 2 (EOL)

    Last Updated:Mar 26, 2026
    Important

    Alibaba Cloud Linux 2 was discontinued at 00:00:00 on March 31, 2024. When creating a cluster or node pool, select or ContainerOS as the Operating System. For end-of-life (EOL) details, see \[Product Changes\] Alibaba Cloud Linux 2 and CentOS 7 are discontinued.

    Container Service for Kubernetes (ACK) supports Alibaba Cloud Linux 2 as a node operating system. Built on Linux kernel 4.19 and optimized for the Alibaba Cloud Infrastructure as a Service (IaaS) platform, Alibaba Cloud Linux 2 delivers faster boot times, better multi-task performance, and container-specific kernel optimizations across networking, storage, security, and resource management.

    Benefits

    Alibaba Cloud Linux 2 is a proprietary Linux distribution developed by Alibaba Cloud. Images are free to use and covered by long-term technical support (LTS).

    Performance

    • Boots 29% faster than CentOS 7, with an average reduction of 60% in ECS instance boot time when used with AutoScaler.

    • Improves performance on large-sized instances by 16% through multi-task optimizations.

    • Improves system scheduling efficiency by 11%.

    • Improves network performance by 7.8% compared to CentOS 7 through Linux networking stack optimizations.

    Security

    • Minimizes the kernel attack surface with a streamlined build, reducing node exposure to potential threats.

    • Provides Common Vulnerabilities and Exposures (CVE) fixes as soon as they are available.

    • Supports live patching of the kernel so vulnerabilities can be fixed without restarting nodes or interrupting services.

    • Supports the Bottleneck Bandwidth and Round-trip Propagation Time (BBR) congestion control algorithm, compiled into all images by default, to improve bandwidth stability for workloads that frequently access the Internet.

    Operational convenience

    • Pre-installs Alibaba Cloud CLI and cloud-init, reducing setup overhead for cloud resource management.

    • Supports the Budget Fair Queueing (BFQ) I/O scheduler to reduce disk latency.

    • Optimizes encryption based on the TLS protocol.

    • ACK automatically checks for and installs Alibaba Cloud Linux 2 security patches when you create, expand, or scale a cluster.

    ACK optimizations for containerized workloads

    ACK extends the Alibaba Cloud Linux 2 kernel with targeted fixes and optimizations for container-specific scenarios. The following sections describe each optimization, the problem it addresses, and the effect on your workloads.

    IP Virtual Server (IPVS)

    Scenario 1: High-vCPU instances with large numbers of virtual IPs

    On instances with more than 64 vCPUs running in IPVS mode, the IPVS estimation timer periodically computes the transmission rate of each connection. Under a large number of concurrent connections, this computation monopolizes the CPU for extended periods, delaying packet reception and producing ping times of 200 ms.

    ACK schedules the estimation timer to a dedicated node and adds a sysctl entry to disable it, eliminating the latency caused by the timer.

    Scenario 2: Rolling updates

    During a rolling update, if the 5-tuple of a new TCP SYN packet matches an existing IPVS conntrack record, IPVS drops the packet instead of forwarding it to the new destination. This causes SYN retransmission and a 1-second latency spike.

    ACK resolves this by releasing TIME_WAIT connections from the conntrack table when new conntrack entries exist, replacing them with new connections. Network traffic switches to new real servers with near-zero latency.

    CoreDNS

    Scenario: High DNS query volume filling the conntrack table

    When applications send DNS queries to static addresses or ports, conntrack entries enter stream mode. Because DNS uses UDP—a stateless protocol—these entries accumulate quickly. If they are not removed in time, the conntrack table fills up and degrades NAT performance.

    ACK applies two fixes:

    • UDP conntrack entries enter stream mode only after a connection persists for more than 2 seconds, preventing rapid accumulation from short-lived queries.

    • The validity duration of UDP conntrack entries is reduced from 180 seconds to 120 seconds.

    In the testing environment, these changes reduce the number of UDP conntrack entries by 50%.

    Container networking

    The Terway network plugin supports the IPVLAN driver, which improves network performance in short-packet communications by 40% compared to the traditional bridge interface and policy-based routing (PBR).

    For workloads that require frequent Internet access, configure the BBR congestion control algorithm on containers to improve bandwidth stability and accelerate image pulls from the Internet.

    Container security

    Alibaba Cloud has established partnerships with the Kata Containers and Clear Linux communities. ACK optimizes runV container boot time so that Kata Containers works as expected on ECS bare metal instances. ACK also provides clusters that run sandboxed containers, offering an experience similar to standard clusters. Deploy applications in lightweight sandboxed environments to isolate workloads across tenants or to run untrusted applications with minimal performance impact.

    AutoScaler

    When the cluster is overloaded, AutoScaler scales out ECS instances to handle the load. Alibaba Cloud Linux 2 reduces ECS instance boot time by an average of 60% compared to CentOS 7, which means new nodes become available faster and computing capacity scales out before traffic spikes cause service degradation.

    Resource monitoring and control

    The Alibaba Cloud Linux 2 kernel provides fine-grained resource visibility and control for containers, including Pressure Stall Information (PSI) metrics, per-cgroup kswapd, and memory priority. In ACK clusters, use CGroup Controllers to configure these capabilities and make on-the-fly adjustments using tools such as BufferIO Control, TCP, CPUSet, Mem, and NUMA. This improves resource utilization and reduces interference between co-located applications.

    AI and data acceleration

    Alibaba Cloud Linux 2 optimizes streaming reads and writes for large model files, which accelerates AI training and high-performance computing workloads on large-sized instances. Benchmark results from the staging environment:

    Test CentOS Alibaba Cloud Linux 2 Improvement
    Load 1,152 OSS objects (144 GB total) over 64 threads using Alluxio 3 min 25 s 2 min 19.037 s 1.6x faster
    Train ResNet50 (batch size 128, data cached in Alluxio) on NVIDIA V100 GPU 5,212.00 images/s 8,746.59 images/s 1.7x faster

    Resource visibility

    When multiple containers share a host, resource contention becomes difficult to observe. Alibaba Cloud Linux 2 enhances the kernel's cgroup implementation to expose per-container resource usage. Commands such as top, cpuinfo, and meminfo reflect the actual resources available to each container rather than the host totals, making resource planning more accurate.

    Kernel and storage optimizations

    • Reduces OverlayFS performance overhead, minimizing storage-layer overhead from containerization.

    • In Linux kernel 4.19, most sysctls are namespaced. Set different TCP timeout and retransmit timeout values per pod to match the requirements of each application—something not possible with CentOS 7.

    Set Alibaba Cloud Linux 2 as the node operating system

    When creating an ACK cluster in the ACK console, set Operating System to Alibaba Cloud Linux 2.1903. For detailed steps, see Create an ACK managed cluster.

    Note

    After you select Alibaba Cloud Linux 2, ACK automatically checks for and installs security patches when you create, expand, or scale the cluster.