ContainerOS is an operating system that Alibaba Cloud provides for containerized development. ContainerOS is fully compatible with Kubernetes. ContainerOS is based on Alibaba Cloud Linux 3 and provides enhanced security, faster startup, and simplified system services and software packages. ContainerOS is preinstalled with components to provide out-of-the-box features in cloud-native scenarios. This topic introduces the background information about ContainerOS, and describes the features and benefits of ContainerOS.

Applicable scope

ContainerOS supports only containerd and can be used only in managed node pools in Container Service for Kubernetes (ACK) clusters. For more information about managed node pools, see Overview.

Background information

With the rapid development of cloud-native technologies, containerization is widely used to deploy applications. The emergence of cloud-native components, such as container runtimes and Kubernetes components, allows you to focus on application development and eliminates the need to manage and maintain the underlying infrastructure. Traditional OS distributions are preinstalled with userspace tools, software packages, and system services. This significantly increases the size of the OS, slows down the startup, and leads to challenges for the O&M of the OS. These challenges include the management of software packages and software versions. To improve the compatibility of traditional operating systems in cloud-native scenarios and improve the user experience of ACK, ACK provides ContainerOS, an operating system specialized for containerized development.

You can use ContainerOS free of charge in managed node pools in ACK clusters. ACK provides long-term free technical support for ContainerOS.


  • Simplified OS images

    The image of ContainerOS contains only the software packages and system services that are required to run pods. This significantly reduces the startup time and makes the operating system less vulnerable. ContainerOS does not support Python and does not allow you to directly log on by using SSH. ContainerOS provides out-of-the-box features that you can use without additional configurations. You can focus on application development without the need to maintain the operating system.

  • Security enhancement

    The root file system of ContainerOS is read-only. You have read and write permissions only on the /etc and /var directories. This allows you to configure some basic system configurations. This way, ContainerOS complies with the principle of immutable infrastructure and prevents container escapes and unauthorized operations on the host file system. ContainerOS does not allow you to directly log on to the system and perform untraceable operations. However, ContainerOS provides a container that you can use to meet your O&M requirements. For more information, see Work with the administrative container of ContainerOS.

  • Atomic upgrade

    ContainerOS complies with the principle of immutable infrastructure, and does not support the installation of Red Hat Package Manager (RPM) packages or the use of package management tools such as Yellowdog Updater Modified (YUM). ContainerOS supports only the upgrades and rollbacks among OS image versions. This ensures the consistency of software versions and system configurations among nodes. Each ContainerOS image must pass strict tests before it is released. Compared with traditional upgrades that are based on RPM packages, upgrades based on OS images ensure higher system stability after upgrades are completed.


  • ContainerOS is specialized for containerized development and provides benefits such as fast startup, security enhancement, and immutable root file systems. These benefits provide improved performance, facilitate cluster O&M and management, and ensure consistency among nodes.
  • ContainerOS provides high O&M capability based on OS image versions. ContainerOS is integrated with the control plane of ACK clusters. This allows you to upgrade Kubernetes components, upgrade the system software, and fix Common Vulnerabilities and Exposures (CVE) vulnerabilities by upgrading ContainerOS images.
  • ContainerOS is optimized for ACK. Service interruptions caused by node O&M are significantly minimized.
  • The kernel versions and most software versions of ContainerOS are the same as those of Alibaba Cloud Linux 3. ContainerOS uses Linux Kernel 5.10 LTS, the latest Linux kernel version. This provides the latest Linux features for applications. For information about Alibaba Cloud Linux 3, see Overview.


ContainerOS is free of charge. You are charged for resources that you use together with ContainerOS, such as vCPUs, memory resources, storage services, public bandwidths, and snapshots. For more information, see Billing overview

Release notes

For more information about the release notes of the ContainerOS image, see Release notes for OS images.