After using Azure Linux internally for two years and running it in public preview since October 2022, Microsoft this week finally made its distribution generally available.
Azure Linux is an open-source container host OS for the Azure Kubernetes Service (AKS) that is optimized for Azure and aimed at making it easier for developers to use Microsoft's tools to deploy and manage container workloads. That's basically it: Azure Linux is designed to be deployed in the cloud and run multiple containers.
For a deeper dive into the history of this Azure Linux distro, our developer site DevClass has a tale on the topic.
The Azure Linux distro stems from the IT giant's CBL-Mariner project, CBL standing for Common Base Linux. Microsoft started CBL-Mariner because it needed an internal Linux distro and a consistent platform for the myriad workloads engineers were running on Azure, according to Jim Perrin, principal program manager for Microsoft Azure Linux.
The Microsoft-customized open-source distribution "allows us to have a very defined, very opinionated Azure focus and to tune the components of the distribution to be exactly what we need to support a container host and try to keep the dependencies, extraneously packages, things like that to a minimum," Perrin said during a Q&A session at Build 2023, where Redmond announced Azure Linux's general availability.
The "very opinionated" part of that means Azure Linux's primary role is as a container host for AKS. It's optimized for Microsoft's Windows Hyper-V hypervisor and runs in a virtual machine (VM), supporting both x86 and Arm, he said.
Optimized for Azure, but with some reach
That said, it's got some broad applicability.
"The Azure Linux container host provides reliability and consistency from cloud to edge across the AKS, AKS-HCI, and Arc products," Microsoft wrote in a support page. "You can deploy Azure Linux node pools in a new cluster, add Azure Linux node pools to your existing Ubuntu clusters, or migrate your Ubuntu nodes to Azure Linux nodes."
The lightweight nature of the distribution is a key point, Perrin said. The small footprint includes a 400MB core image and 300 packages, which Microsoft said works well for both performance and security.
Security was a focus, Perrin said in a blog post, noting that all updates to the OS are run through an Azure validation tests and the suite of tests is constantly updated.
"Additionally, since there are far fewer packages in the container host, the volume of required security patching is lower, and these issues are patched promptly as well," he wrote. "We closely monitor and fully curate the software supply chain, which enables a greater assurance of quality and resilience end to end."
Those were all good reasons for Microsoft to develop its own Linux distro rather than adapt one from Fedora, CentOS, or other commercially available choices. The company borrowed code from some of them but Redmond stopped short of forking the distributions.
"Azure Linux is its own separate distribution," he said.
About that little comment …
History also played a part in Microsoft's decision to go it relatively alone, Perrin said, hearkening back to a 2001 quote from then-CEO Steve Ballmer: "Linux is a cancer."
"Microsoft has kind of a history with Linux," Perrin said during the Q&A. "Those quotes and that animosity are old enough to drink now … but a lot of the sentiment still lingers today, so part of the reason that we did not choose to start with a distribution and fork it for our needs is we didn't want to be seen as doing the embrace-and-extend thing again. We didn't want to wake any of that up.
"We figured, build it from scratch. We can tailor it to our needs. We are making the changes as we need to and, frankly, it's kind of what the Linux ecosystem is about. We're scratching an itch we had and offering it back to the community."
- Microsoft rains more machine learning on Azure cloud
- Microsoft wants you to think inside the Dev Box from July
- Developers now able to 'customize' their Azure Virtual Desktop experience
- Microsoft opens Azure confidential containers to public preview
A number of tech players have signed on as Microsoft partners for Azure Linux, including Tenable, DataDog, HashiCorp, and Dynatrace.
Palo Alto Networks is supporting Azure Linux as an AKS container host through its Prisma Cloud, said Derek Rogerson, senior product marketing manager at the network security vendor, noting that the smaller image size means greater.
"The result for customers is a reduced attack surface and helpful elimination of time-consuming patching and maintenance that's no longer needed due to the removal of unnecessary packages," Rogerson wrote in a blog post.
Kubernetes Apps for sale at the Marketplace
Also at Build, Microsoft announced that Kubernetes Apps, a collection of third-party open-source offerings for the AKS platform, is generally available in the Azure Marketplace.
Kubernetes Apps, which went into public preview in October 2022, enable one-click deployments, CI/CD automation, automated lifecycle managemant, and support. There also are flexible consumption options.
The apps available are vetted and certified by Microsoft and scanned for vulnerabilities, a necessary step at a time when the number of supply-chain attacks continue to rise.
All of this came about a week after Azure Container Storage, a fully managed service for creating and managing block storage volumes for containers, was put into public preview. The software-designed storage service will better enable enterprises to run production workloads on AKS, according to Microsoft. ®