Microsoft has released the preview version of Azure Linux 3.0 for Azure Kubernetes Service (AKS) running version 1.31, marking a major update to its container host OS. This release focuses on improving performance, tightening security, and enhancing developer resources, signaling a continued commitment to cloud-native technology.
From CBL-Mariner to Azure Linux
Azure Linux was formerly known as CBL-Mariner (Common Base Linux), Microsoft’s lightweight Linux distribution developed for cloud and edge services. Launched in 2020, CBL-Mariner served as the backbone for Azure containerized workloads and supported Windows Subsystem for Linux 2 (WSL 2).
Managed by Microsoft’s Linux Systems Group, it was designed with minimal packages to run containers efficiently, incorporating RPM for package management. The OS also featured a hardened kernel, a firewall based on iptables, and support for signed updates. The shift to Azure Linux with version 2.0.20240301 reflected its deeper integration into Microsoft’s cloud services.
Core Technical Updates
The 3.0 version introduces an upgraded Long-Term Support (LTS) Linux Kernel, advancing from 5.15 to 6.6. This change enhances system performance while integrating newer security protocols. Containerd, a vital container runtime, has moved to version 1.7.13, with plans for a 2.0 release once stable. SystemD has been updated from version 250 to 255, improving system management processes, while OpenSSL has been upgraded from version 1.1.1k to 3.3.0, providing stronger encryption capabilities [source].
Some of the major components upgraded from Azure Linux 2.0 to 3.0 include:
Component |
Azure Linux 3.0 |
Azure Linux 2.0 |
Release Notes |
Linux Kernel |
v6.6 (Latest LTS) |
V5.15 (Previous LTS) |
|
Containerd |
v1.7.13, but will also offer v2.0 once it becomes stable |
1.6.26 |
|
SystemD |
v255 |
V250 |
|
OpenSSL |
v3.3.0 |
V1.1.1k |
Reinforced Security Measures
A notable feature in Azure Linux 3.0 is the default activation of SELinux (Security-Enhanced Linux) in enforcing mode, which provides granular access control policies that safeguard the system from unauthorized operations. This addition ensures that containerized workloads operate in a more secure environment, reducing exposure to potential vulnerabilities. The preview also includes a FIPS-compliant image, aligning with data protection standards required by federal agencies.
Broader Role in Microsoft’s Infrastructure
Azure Linux plays a pivotal role across Microsoft’s cloud ecosystem, powering Azure Stack HCI’s container services and supporting Linux workloads on Azure IoT Edge. It is also utilized in WSLg, facilitating the use of Linux GUI applications within Windows. By building on the foundation of CBL-Mariner, Azure Linux emphasizes reliability and lightweight performance, making it integral to Microsoft’s strategy for hybrid and multi-cloud solutions.
Enhanced Developer Experience
Developers using Azure Linux 3.0 will find an expanded array of tools and more efficient package availability. The OS is constructed to include only the fundamental packages necessary for containers, but users can add custom packages using RPM, offering flexibility without sacrificing system efficiency. This streamlined experience supports complex deployments while maintaining a focus on security with features like an iptables-based firewall and support for signed updates. [source].
How to Get Started with Azure Linux 3.0
To enable the Azure Linux 3.0 preview on AKS version 1.31, users must register the feature flag with their Azure subscription:
az feature register —namespace Microsoft.ContainerService –name AzureLinuxV3Preview
You can check the registration status with:
az feature show –namespace Microsoft.ContainerService –name AzureLinuxV3Preview
After registration, creating new AKS clusters or node pools with --os-sku=AzureLinux
will automatically implement version 3.0. This deployment can be conducted using various tools such as CLI, PowerShell, Terraform, or ARM templates, ensuring flexibility for administrators [source].
Current Limitations and Preview Scope
While the Azure Linux 3.0 preview offers new capabilities, it comes with specific constraints. Only AKS version 1.31 supports this preview, and clusters using Azure Linux 2.0 cannot be upgraded to 3.0. Users must create new clusters or node pools to test the preview version. This release is part of the v20241025 rollout, and availability details can be found in the AKS Release Tracker. Microsoft plans to gather user feedback during this stage to refine the final version set for general availability on AKS 1.32.
Feedback and Community Involvement
Feedback is essential for Microsoft’s iterative development process, and Azure Linux users are encouraged to submit their insights via GitHub Issues. Public community calls, held bi-monthly, provide opportunities for direct interaction with the Azure Linux team. The upcoming call is on November 21 at 8:00 AM PST for those interested in more detailed discussions.