Container Service for Kubernetes (ACK) supports Alibaba Cloud Linux 3 as the node operating system. Alibaba Cloud Linux 3 is built on Linux kernel 5.10 with deep optimizations for cloud-native workloads, ECS hardware, and ACK integration — delivering over 30% performance improvements in key scenarios and automated security patch management.
Overview
Alibaba Cloud Linux is a Linux distribution developed by Alibaba Cloud, backed by 10-year enterprise-class support. Alibaba Cloud Linux 3 inherits all capabilities of Alibaba Cloud Linux 2 and adds:
-
New system software, language libraries, and applications from the open source community
-
Continued optimizations for ACK and cloud computing use cases
-
Deep support for 8th generation computing platforms: Yitian, Sapphire Rapids, and Genoa
-
Proprietary OS features that improve performance and ease of use
-
Detailed release notes for every update
Benefits
Faster node startup and auto scaling
Alibaba Cloud Linux 3 works with ECS to accelerate instance startup and ships with the environment dependencies that ACK nodes need. When auto scaling triggers new node creation, reduced initialization time shortens the time before nodes are ready to schedule workloads.
Over 30% performance improvement in key workloads
Through in-depth integration with ECS and optimizations across the kernel, compilers, and runtime configurations, Alibaba Cloud Linux 3 delivers performance improvements of over 30% in big data computing, web server, database, and AI workloads.
Complete cgroup v2 support
cgroup v2 is the next-generation Linux control group API. Compared to cgroup v1, it provides:
-
A unified hierarchy for resource control
-
A more securely designed tree structure
-
Pressure Stall Information (PSI) for monitoring resource contention
-
Enhanced resource allocation and management
Comprehensive eBPF support
Alibaba Cloud Linux 3 includes improvements to the Extended Berkeley Packet Filter (eBPF) programming and debugging experience:
-
Fewer instruction limits, better performance, and source-level bytecode debugging
-
Higher throughput in Express Data Path (XDP) and kernel debugging
-
Support for user-space frameworks including BPF skeleton and libbpf-bootstrap
-
Better support for Cilium, including network bandwidth control, traffic encryption, session affinity, BPF-layer routing, and proxies
-
More efficient implementations for BCC and Bpftrace
Page cache limits at the cgroup level
The Linux Memory Control Group (memcg) mechanism sets memory limits per process group. When a memcg reaches its limit, the kernel triggers memory reclaim, which can affect running processes. In workloads like Spark computing, dirty pages can fill the page cache and cause slow reclaim, leading to unexpected out of memory (OOM) events.
Alibaba Cloud Linux 3 adds a page cache limit feature at the memcg level, including the root group. Set an upper limit for the page cache, and the OS asynchronously or synchronously reclaims cache that exceeds the limit. For more information, see Page Cache Limit feature.
One-click AI environment setup
Alibaba Cloud Linux 3 integrates the epao software repository from the OpenAnolis community, which lets you install NVIDIA GPU drivers and CUDA acceleration libraries with a few clicks — without selecting driver versions manually. The epao repository also supports TensorFlow and PyTorch, and automatically resolves and installs their dependencies so you can start AI development in Python immediately.
All AI components shipped through epao have passed compatibility tests. No manual changes to system dependencies are required after installation.
AI optimizations are also applied for Intel and AMD CPU platforms to make better use of the underlying hardware.
Additional system optimizations
Alibaba Cloud Linux 3 includes several other optimizations:
-
Transparent conversion from the TCP/IP protocol stack to Remote Direct Memory Access (RDMA)
-
Optimization solutions for memory bloat caused by Transparent Enormous Pages (THP)
-
Multiple accelerators for Intel 8th generation SPR instances
For the full list of changes, see Release notes for Alibaba Cloud Linux 3.
Software included
| Category | Software |
|---|---|
| Kernel | Linux kernel 5.10 |
| Compilers | GCC 10, LLVM 15, Rust 1.66; GCC Toolset 12 also supported |
| Language libraries | glibc 2.32, OpenJDK 1.8, Python 3.8, Golang 1.19, Node.js 14.21 |
| Web applications | Nginx 1.20, HTTPd 2.4.37 |
| Databases | Redis 6.2.7, MySQL 8.0.32, PostgreSQL 13.10, MariaDB 10.5.16 |
| AI frameworks | TensorFlow 2.5.0, PyTorch 1.10.1 |
| GPU/CUDA | CUDA 11.4.4, NVIDIA Driver 470.199.02 |
| Container tools | nvidia-container-toolkit 1.13.1, libnvidia-container 1.13.1 |
| AI ecosystem | epao repository (OpenAnolis community) |
Usage notes
iptables is incompatible with nftables in Alibaba Cloud Linux 3. If your workload uses iptables-based network rules, network performance may be degraded. Verify your network plugin configuration before deploying.
-
Alibaba Cloud Linux 3 may use a partial hostname as the Domain Name System (DNS) search domain, which can increase DNS resolution frequency.
-
Before using Alibaba Cloud Linux 3, confirm that your cluster and network plugins meet the following minimum version requirements:
Component Minimum version Cluster 1.20.4 ACK NodeLocal DNSCache 1.5.0 Flannel v0.13.0.1-466064b-aliyun Terway v1.0.10.390-g5f3c461-aliyun
Use Alibaba Cloud Linux 3 as the node OS
When creating an ACK cluster in the ACK console, set Operating System to Alibaba Cloud Linux 3.2104.
For detailed cluster creation steps, see Create an ACK managed cluster.