Microsoft recently took an essential step in strengthening its cloud-native offerings with Azure Linux 3.0 Preview for Azure Kubernetes Service version 1.31. This exciting launch brings updated components, advanced security measures, and features designed for developers, further cementing Microsoft's commitment to an integrated cloud environment.
By transitioning away from CBL-Mariner and towards Azure Linux as its cloud OS offering of choice, Microsoft is solidifying its position among its rivals in this competitive industry. In this article, I'll explore the evolution of Azure Linux, notable updates and security measures introduced in this release, and its impact on Microsoft's cloud security architecture. I'll then explain how you can experience Azure Linux 3.0 Preview yourself!
From CBL-Mariner to Azure Linux: Tracing its Development
Microsoft's internal Linux distribution, CBL-Mariner, has been essential in supporting cloud and edge services since its debut in 2020. Intended to be lightweight yet efficient at containerized workload management, its shift to Azure Linux in 2017 represents Microsoft's strategy to integrate its cloud services ecosystem further. Under the management of its Linux Systems Group, Azure Linux optimizes performance with minimal packages while offering security features like a hardened kernel and an iptables-based firewall for enhanced protection.
Key Technical Updates in Azure Linux 3.0
Azure Linux 3.0 boasts significant technical advancements, starting with an update from Linux Kernel version 5.15 to version 6.6 LTS for improved system performance and security, expanding hardware compatibility, and introducing modern security protocols. Additionally, improvements were made to Containerd, upgraded to version 1.7.13 with plans of upgrading to 2.0, and promoted greater container management efficiency. SystemD has also been upgraded from version 250 to 255 to simplify system and service management processes. An OpenSSL upgrade from Version 1.1.1k to 3.3.0 provides enhanced encryption capabilities and more secure data transmission. These updates offer significant performance gains while showing a forward-thinking approach to integrating cutting-edge technologies to improve security and user experience.
Reinforced Security Measures
One of Azure Linux 3.0's hallmark features is its robust security enhancements. By default, Security-Enhanced Linux (SELinux) is activated in enforcing mode for containerized workloads to prevent unauthorized activities and significantly reduce vulnerability exposure. Furthermore, Azure Linux 3.0 offers FIPS-compliant images, demonstrating Microsoft's commitment to meeting stringent compliance requirements.
Impact on Microsoft's Cloud Infrastructure
Azure Linux is integral to Microsoft's cloud infrastructure, powering services like Azure Stack HCI and IoT Edge. Through integration with the Windows Subsystem for Linux, GUI applications from Linux can run natively within Windows to further cross-platform compatibility. Due to its lightweight nature and reliability, Azure Linux forms part of Microsoft's hybrid and multi-cloud solutions strategy.
Enhanced Developer Experience
Azure Linux 3.0 offers developers a streamlined experience with its expanded toolset and more efficient package management, making deploying more complex apps simpler. Furthermore, RPM package management enables custom package addition without impacting system efficiency. An iptables-based firewall ensures security is a top priority, creating a smooth development experience.
Current Limitations and Preview Constraints
While Azure Linux 3.0 presents many exciting possibilities, its current limitations and preview constraints limit users' usage to AKS version 1.31 only. Users must create new clusters or node pools as upgrades from Azure Linux 2.0 are unavailable. As part of the v20241025 rollout program, any feedback gathered during this phase will help refine the final version slated for public availability on AKS 1.32.
How to Enable Azure Linux 3.0 Preview on AKS v1.31
To experience Azure Linux 3.0 on AKS v1.31, users and developers should follow these steps:
Register the Feature Flag:
az feature register --namespace Microsoft.ContainerService --name AzureLinuxV3PreviewCheck the Registration Status:
az feature show --namespace Microsoft.ContainerService --name AzureLinuxV3PreviewDeploy Azure Linux 3.0:
After registration, new AKS clusters or node pools can be created using:
--os-sku=AzureLinuxDeployment can be facilitated using CLI, PowerShell, Terraform, or ARM templates, offering flexibility based on user preference.
Our Final Thoughts on This Forward-Thinking Release
Azure Linux 3.0 represents Microsoft's forward-thinking approach to cloud innovation. Boasting enhanced performance, tightened security measures, and an improved developer experience, this release represents an important step in Microsoft's cloud journey. With active community participation and a commitment to improving based on user feedback, Microsoft is poised to transform Azure Linux into one of its core cloud offerings.
Are you using Azure Linux 3.0? We'd love to hear your thoughts! Tweet us @lnxsec.
