The best OS for containerized Java applications
There are currently more than 300 actively maintained Linux distributions. “BellSoft created yet another Linux distro,” you might say, “so what?”
Alpaquita Linux is not JUST another Linux distribution — it is the only Linux OS tailormade for Java! Based on Alpine Linux, Alpaquita:
- Enhances the advantages of this lightweight OS
- Solves the disadvantages related to security and support
- Contains new features for better performance
- Enables the effective containerization of Java applications developed with Liberica JDK
- Lets developers take advantage of native image technology through Liberica Native Image Kit support
So, let’s get to know Alpaquita better!
- Why we made Alpaquita
- What is the secret behind Alpaquita Linux?
- Alpaquita lives in the smallest containers
The motivation behind creating Alpaquita Linux didn’t come out of nowhere. The existing distributions are either too heavy (therefore unsuitable for enterprise containers) or lack full security suite and LTS releases. In addition, there is no Linux optimized especially for Java applications.
Our engineers have already developed the smallest container on the market with Alpine Linux and Liberica JDK, which is, for example, only 74 MB with Liberica JDK 17. We also provide a stable, TCK-verified runtime with the widest range of supported platforms and long-term support. But we decided to go even further. So we took Alpine Linux, enhanced its features, tailored it for Java applications, and thus created Alpaquita Linux — the best OS for containerized Java applications!
The size of the base image of Alpaquita Linux is only 3.22 MB — almost the same size as Alpine’s base image. And it comes with support from the leading OpenJDK contributor, meaning you get the end-to-end solution for Java containers including the lightweight OS and the performant JDK with perfect platform compatibility and High-Powered Support for both!
Alpaquita Linux is a GNU/Linux distribution based on Alpine Linux. Despite being lightweight and optimally performant, Alpine has its shortcomings:
- Lack of modern security features
- Limited cloud and Java support
- No LTS releases
- musl library affects runtime performance
- Difficult migration process
Our goal was to take the best features of Alpine, enhance them, and eliminate the disadvantages. As a result, we created a Linux distro with
- Optimal RAM consumption for Java deployment
- Java and GraalVM support to run in any infrastructure and on any cloud
- Top-notch security enhanced with modern features and CVE-tracking
- Support for Linux and Java Runtime with SLA
- Minimal static footprint for containerized applications
The OS’s performance is just as important as that of a runtime. Alpaquita’s performance is characterized by the following features:
- Kernel module compression support: compressed kernel modules reduce the size of kernel packages with a lot of modules, enabling faster installation and lesser memory consumption.
- Musl perf — Improved musl with support for indirect functions and changes integrated into the most loaded functions with assembler optimizations for CPU-specific commands (AVX512, EVEX, AVX2, SSE4, etc.) Developers can also use the standard musl version if necessary.
- Support for both musl and glibc libraries, solving problems with the migration. glibc support was added to satisfy possible demands from customers for glibc environment and to provide another option to leverage glibc performance vs musl. Note that glibc is not a lightweight solution, so the Docker images for the base Linux are different in this case, glibc-based version being 7.6MB in size.
- Optimized mallocs implementation with mimalloc, jemalloc, and rpmalloc included into Alpaquita Linux distribution. They can be used with different loads.
Security is a top priority for BellSoft, and Alpaquita Linux is no exception. This is how we overcame security gaps of Linux distributions:
- We work with the community and provide timely security patches to avoid zero-day vulnerabilities. Our proactive actions are aimed at preventing the exploitation of possible flaws.
- Kernel lockdown prevents both direct and indirect access to a running kernel image.
- Kernel module signing is based on SHA-512, disallowing the loading of unsigned modules or modules signed with an invalid key.
- Lack of extra components makes the distribution harder to attack.
- Userspace compilation options (-Wformat-security, -Wtrampolines, etc.) are aimed at additional security hardening.
- We provide fixes in alignment with the upstream Linux distribution and build the BellSoft Security Advisory, which includes listings of addressed CVEs, OpenJDK/Liberica JDK security advisory, tooling, and scanning.
LTS releases are recommended to enterprises, as they mean many years of support without the need for frequent updates, which is complicated in the case of large applications. Alpaquita Linux is currently aligned with Linux Kernel LTS — 5.10 Kernel LTS for Alpaquita Stream 22.
BellSoft provides support for Alpaquita Linux for four years, which is two years longer than the maximum support period for Alpine Linux. Thanks to two years of overlap with the next LTS-release, you don’t have to hurry with the update and can continue using improvements, security patches, and bug fixes reported or demanded by customers.
End of commercial support
Alpaquita LTS 22
Next Alpaquita LTS release
As far as support plans are concerned, three available options fit the demands of any enterprise or individual developer. You can use the Stream version of Alpaquita OS for free and receive security updates. But if you want to
- Work with a partner who is there for you 24/7 with response times as fast as 24 hours based on SLA
- Receive emergency patches
- Utilize the full power of Alpaquita for Java deployment in conjunction with other BellSoft solutions
We offer you two commercial support packages, which we will cover in more detail in one of the next articles.
You will make the best out of containerization, as Alpaquita Linux is part of an end-to-end solution for containerized applications. It is packed in tiny containers with Liberica JDK, Liberica NIK, and your application. Find out more in the article on Alpaquita Cloud Native Platform!
In this article, we covered the highlights of Alpaquita Linux distribution. We encourage you to join in and discover the advantages of a fast, secure, and efficient distro fine-tuned for Java applications in containers. So download Alpaquita Linux, try out tiny containers with this new OS and Liberica JDK, or request a personal demonstration by clicking the button below.