LifseaOS is coming quietly, an OS born for cloud native

About lightweight, fast, safe, and mirror atomic management is coming!

Author: Huang Shaoyu, Chu Yang

review & proofreading: Xiyang, Haizhu

Editing & Typesetting: Wen Yan

LifseaOS

At the just past Yunqi Conference, a new Linux Base operating system was quietly released, which is LifseaOS (Lightweight, Fast, Secure, Atomic Operating System).

LifseaOS is an OS specially optimized for container scenarios, namely ContainerOS collectively referred to in the industry. It has the following outstanding features:

Lightweight: LifseaOS integrates Containerd and Kubernetes components by default, and only retains the system services and software packages required for the operation of Kubernetes Pods. Compared with traditional operating systems (Alibaba Cloud Linux 2/3, CentOS), the number of software packages is reduced by 60 %, the image size is reduced by 70%.

Fast (Fast): LifseaOS cuts out a large number of hardware drivers that are not needed in cloud scenes. The necessary kernel driver modules are modified to built-in mode, initramfs is removed, udev rules are also greatly simplified, and the boot time is greatly improved. The first start-up has dropped from more than 1min for traditional OS to about 2s.

security (Secure): LifseaOS root file system is read-only, only the /etc and /var directories can meet the basic system configuration requirements. Removed the sshd service and python support, reducing the threat posed by sshd CVE vulnerabilities. At the same time, the normal operation and maintenance of the OS is APIized to reduce the stability and security risks caused by users directly logging in to the system to perform some black screen operations that may not be traceable. However, LifseaOS still provides a dedicated operation and maintenance container to log in to the system to meet urgent operation and maintenance needs. The operation and maintenance container needs to be pulled up on demand through the API and is not turned on by default.

Mirror Atomic Management (Atomic): LifseaOS does not support the installation, upgrade, and uninstallation of a single rpm package. Through the ostree technology, the OS image version is managed, and when the software package on the operating system is updated, or the solidified configuration, the entire Mirroring is updated (or rolled back) at a granular level to ensure the consistency of the software package version of each node in the cluster and the system configuration as much as possible.

Through the above targeted optimization, LifseaOS can ensure the version consistency of the host in a large-scale cluster in a cloud-native cluster based on Kubernetes. When operating and maintaining the OS, it rolls the OS of the entire cluster with an immutable infrastructure thinking. Upgrade, rolling back, "cloud native" OS operation and maintenance. At the same time, through the deep integration with ACK, users can realize out-of-the-box, rapid and flexible expansion in the cluster, and the expansion efficiency is 100% higher than that of traditional OS.

The OpenAnolis dragon lizard community has established a special interest group for ContainerOS. LifseaOS related code will also be contributed to the dragon lizard community. Please look forward to it. For more information, please go to the link below to view: https://openanolis.cn/sig/container -os

Use LifseaOS in the container service ACK node pool

Alibaba Cloud Container Service ACK provides users with enterprise-level Kubernetes containerized application lifecycle management services. The container service ACK node pool provides users with the management capabilities of a group of homogeneous nodes (nodes in the same node pool have the same configuration). It has the characteristics of configuration consistency and operation and maintenance consistency, which can greatly reduce the batch operation and maintenance of nodes And management costs.

ContainerOS (based on LifseaOS) can be used in the ACK node pool. Compared with traditional Linux OS, ContainerOS is deeply optimized for container scenarios and has the advantages of more security, light weight, fast startup, and immutable mirroring. ContainerOS combines the automated management capabilities of the ACK managed node pool, including fast node CVE repair, node self-healing, automatic image upgrade, etc., which can further reduce the user's management burden on OS operation and maintenance, and allow users to pay more attention to upper-level applications.

At present, ContainerOS has been opened in the managed node pool of ACK Pro 1.20.4 and above clusters, you can go to [ACK Product Console] to create a managed node pool based on ContainerOS, refer to the following figure:

Now start playing with ContainerOS.

related links:

1) ACK product console creation link:

https://cs.console.aliyun.com/#/authorize

2) ContainerOS SIG group link:

https://openanolis.cn/sig/container-os

Click here to view the details of Alibaba Cloud Container Service ACK products!

Copyright Statement: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users, and the copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.