Azure Linux for Azure Kubernetes Service

Ubuntu has been the Linux operating system for your Azure Kubernetes Service (AKS) nodes for years, but is this still the case? Azure Linux, previously known as CBL-Mariner, provides significant benefits.

Let’s review Azure Linux and its benefits and deploy an AKS cluster with Azure Linux nodes step-by-step using Terraform.

Azure Linux

Azure Linux is an open-source Linux distribution created and maintained by Microsoft. The Azure Linux operating system image available for AKS is called Azure Linux Container Host and is optimized for running container workloads.

The Azure Linux Container Host is a lightweight image that contains the minimum needed for running container workloads. It’s hardened, validated, and battle-tested by Microsoft.

Using Azure Linux for your nodes provides the following benefits:

• Minimal: Only the packages needed to run container workloads are included, making the image small and lightweight. As a result, the image has a minimal disk footprint, resource consumption, and time required to perform cluster operations, such as scaling out the node pool by adding new nodes.
• Stable: Major changes are limited, preventing disruptions. Stability is one of the main areas of focus for the Azure Linux operating system.
• Secure: Security is applied at various levels. Microsoft builds, signs, and validates the packages from the source. Each release is thoroughly tested and has a minimal attack surface. The kernel is hardened and aligned with the Center for Internet Security (CIS) level 1 benchmark. Security patches are released monthly with critical updates within a few days.
• Consistent: Azure Linux is available for the cloud to the edge through AKS, AKS for Azure Stack HCI, and Azure Arc, providing consistency.

Azure Linux is the best Linux operating system for your AKS nodes.

You can provision Azure Linux node pools when creating a new cluster or adding node pools to existing clusters. You can also migrate by upgrading your Ubuntu nodes in place, which is in preview.

Azure Linux Container Host for AKS tutorial - Migrating to Azure Linux

In this Azure Linux Container Host for AKS tutorial, you learn how to migrate your nodes to Azure Linux nodes.

Microsoft Learnhtaubenfeld

Deployment

Let's deploy an AKS cluster with two Azure Linux node pools—a system and user node pool—and a user-assigned managed identity. The cluster depends on a virtual network, including a subnet and network security group. All resources are declared using infrastructure-as-code and in this repository.

First, you have to take care of the following prerequisites:

• Azure CLI: Needed to log in to Azure.
• Terraform: Needed to provision resources using infrastructure-as-code.
• Git: Needed to clone the repository.

Now that the prerequisites have been fulfilled, let’s clone the repository.

git clone https://github.com/smorenburg/azure-linux-for-azure-kubernetes-service.git

Start the terminal and log in to Azure using the Azure CLI.

az login

List the available subscriptions and locate your subscription ID.

az account list --output table

Set the subscription you’re using to deploy the resources. Replace the subscription_id with the subscription ID from the previous step.

az account set --subscription subscription_id

Set the location variable used by Terraform based on your region. All input variables are defined in the variables.tf file in the terraform directory. The location variable doesn't have a default value and, therefore, is required.

export TF_VAR_location=northeurope

Change into the terraform directory with the infrastructure-as-code files.

cd terraform

The infrastructure is declared in the following files:

• Network resources in the network.tf file.
• Kubernetes resources in the kubernetes.tf file.
• Providers and supporting resources in the main.tf file.

Initialize Terraform, which downloads the providers.

terraform init

Create the execution plan and review the changes to your infrastructure.

terraform plan

Apply the infrastructure changes. The terraform apply command will provision the resources.

terraform apply -auto-approve

After successfully running the terraform apply command the resources are deployed.

Removal

Eventually, destroy the resources using Terraform. The terraform destroy command will remove all resources that Terraform manages.

terraform destroy -auto-approve

Finally, log out of Azure using the Azure CLI.

az logout

Summary

We reviewed Azure Linux and its benefits and deployed an AKS cluster with two Azure Linux node pools and its dependencies.

Ubuntu isn't the best Linux operating system for your AKS nodes anymore. Azure Linux provides significant benefits and is the best option: minimal, stable, secure, and consistent.