Azure Linux with Azure Kubernetes Service (AKS) | Azure Friday

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Hey, friends. Most people are surprised to learn that Microsoft has its own distribution of Linux, which we call Azure Linux. Many teams at Microsoft love the small image size of Azure Linux to host their workloads and Azure Kubernetes Service for better performance and security. Olivia and Sudhana are here to show me how you can take advantage of its benefits today on Azure Friday. Hey, friends, I'm Scott Hanselman and it's Azure Friday. Today I'm going to learn all about Azure Linux. Azure Linux? Olivia, why do we need a Linux? Why can't we just use one of the other Linux as we can just pick one off the shelf? Yeah. So Azure Linux really gave us the opportunity to optimize for Azure and optimize for access. So we start off with like a small amount of packages. We optimize the kernel for Azure use and then from there we really get a product that is used by Microsoft services internally. We have about 300 services using them today. When we public previewed at Ignite last year, we ended up getting about 100 enterprise customers and then we decided to build this week. Rocci. Congratulations. That's amazing. Now, Suhayda, this is formally codenamed Mariner. Like people who are in the know might know that name, but Mariner is Azure Linux, is that right? Correct. So Azure Linux was the newly rebranded Mariner at Build this year. That project that's on GitHub is still CBL Mariner and we plan to keep it that way. So if folks browse on GitHub, you go to see Beyond Mariner and you'll still see all of our packages being built there. But the product in Africa is actually Linux. That's cool. And I've seen CBL Mariner because I'm a big fan of WSL, the Windows Subsystem for Linux and that's also using CBL, Mariner and pieces of that. So there's the Azure Linux kernel is everywhere. Yeah, absolutely. It's used in we internally at Microsoft, as you mentioned, across bare metal containers, VMs and as you rightfully called out, the kernel is used in WSL. And fun fact in WSL GUI version, there's an Azure Linux sidecar there as well. And so that's amazing. It's everywhere and nowhere at once we see it and we don't see it, but it's powering all of these great things. That's very cool. So do you have some demos to show me how we're going to see this in in the real world? Yes, we are. We're going to see a three-part demo. I'll start very basic. So if you're looking to get started with Azure Linux, you can use three options CLI, Terraform, and ARM. And today I'll show you the CLI command to get started. It really is as easy as az aks create that folks are familiar with on AKS and you just add an os-sku at the end called AzureLinux. Okay. So in this case here you're making an AKS cluster using the OS SKU Azure Linux. I could of course use any number of them. Could I just on my local Docker machine, just like spin up one of these, Can I make a VM with this? How many places can I use Azure Linux while we're watching for this? Great question. So today you can use Linux only in Azure on AKS. So if you're looking for local development, there are this particular OS can be spun up inside Docker, except we do have a partnership with the Java team at Microsoft where there is an Open JDK container based on Mariner. Cool, interesting. The other teams can build on top of it and have their own distros using a base image of Azure Linux. Correct. And specifically the Open JDK version is the only base image we released and support today. Okay. And while this does something up, sorry. While this does spin up, I do have a cluster that's ready to go with Azure Linux that we can put too, but that's really the question. All right, go ahead and zoom in there. Hit Control+scroll and give us a nice big font. All right. So that's spinning up right there. And I did notice that Olivia, his prompt there said that he's using an AKS Preview extension for his stuff. Is that required or is this something people can use today without a preview? Is this released? Totally released you can use Azure CLI and ARM template and then Terraform support is coming in a few weeks. Very cool. All right. So you just did the thing where you put a cake into the oven to convert and you pull out a cake that's already done. Yes. So all the cluster deploys, I'm just going to use an existing cluster identified as you can see that there are three nodes in this cluster and I love to walk through the output here that shows two things that are interest. one under OS image. You'll see that it's based on Azure Linux. We're still changing the name from CBL-Mariner to AzureLinux slowly, because there are some folks that take dependency on this and the other interesting note is the kernel version is 5.15. Next, we can get into the notes and debug things. So if I run the queue debug command, the folks are familiar with, I just need to place the note here with a node in my actual cluster. What this command does is it deploys the familiar dot net runtime dumps container onto the node as route and I get a show input and from here I can either in now you're looking at a node within the pool and you are looking at probably a base shell just sh of Azure Linux. Absolutely. And I want to show some of the the differences and the subtleties with Azure Linux that folks might be curious about. First, you'll notice that it's based on RPM, so the package manager is not apt or some of the other familiar package tools that people are familiar with. Olivia touched on that minimal number of packages that are in Azure Linux. So if I just do an rpm -qa, count the number of lines, to most that there's only 520 packages in this distribution. Yeah, just to touch out on that, some of the benefits you get from this is reduced attack surface, less maintenance because you don't have as many packages to patch. So you can focus more on developing your code. And then also because it's lighter weight, you have better boot performance. An interesting random old person comment DNF is actually short for Dandefied Yum as introduced in 2013 in Fedora. It's always funny how they're recursive acronyms where you have to unpack an acronym into another acronym. again Exactly. It's like Inception today. I learned nice. So. So this was a cluster that was purely Azure Linux based. But if you have an existing cluster that's based Ubuntu you can actually add an Azure Linux node pool So you don't need to have a homogenous cluster that's just based on Azure Linux. And this next demo is going to show you how you can add an existing node pool or add a new Azure Linux node pool to an existing cluster. So to do that, I will switch over to a cluster that I've deployed and it's just one, two ways. So if you look at this cluster, you'll see that it's Ubuntu 22.04 nodes only and there's no Azure Linux nodes on this. I'll then copy command and I'll just go over this command very briefly. It is easy. It is az aks nodepool add I'm adding Azure Linux node full name. It is Linux full to an existing cluster. And is that group the one that you're in right now or did you switch to an Azure Friday group? I switched to a group that has just an open to cluster saw. So this one's Azure Friday 2013 2023 rather. Pardon me. Correct. Yes. All right. Excellent. So I'll kick this off and this will add the actual Linux note snowfall. And again, I have a cluster already that is deployed and has moved to an Azure Linux. Of course, I'll switch over to two that once the previous command completes and we do that all get nodes, right? Oh well output looks like this. You have one excess cluster with now six nodes in total and two no pulls. So three nodes in each you have Azure Linux nodes and Ubuntu nodes. However, it's interesting to note that you have the OS image, the base OS image, and then you have the kernel itself. The ubuntu kernel is still a modified azure fork of the kernel, is it not? Correct. And that's actually a good point. So the kernel team within Microsoft publishes a Linux kernel for use in all Linux distros, not just Azure Linux. So the Ubuntu distribution also benefits from the patching and the security of that team. That's really cool. So even though some people might use Azure Linux, if someone's using Ubuntu, there's still pieces of Azure optimized code in there to make sure that folks have a great experience no matter what they're doing on Azure. Correct? It's very cool. That's interesting. This cluster also has Dapr installed on it and the reason I show this is existing extensions, open source and first party just works seamlessly on your clusters, whether they're running Azure Linux or Ubuntu. And in this case, this is a heterogeneous cluster with both nodes and Dapr will work seamlessly on this. No code changes to your Dapr apps or needing to change of containers. So if I have, Olivia, an application like my like the Azure Friday website, that is a pretty straightforward websites running .NET or maybe I'm using Alpine, maybe I'm using Ubuntu I can just change my, change my base images and use Yep. Azure Linux and I assume all the SSH calls are going to line up and my app's just going to work great. Yeah, exactly. You can use any container you want. That's Linux based on top of the Azure Linux container host. So, all the compatibility is there for what I need from a just call perspective. Yep. Very cool. Does the package manager change? You know, if I'm used to using APT or I'm used to using relevant ?? I'm going to switch to a different package manager. Might I change? Might I have to change my Docker scripts to make sure that it's aware what the underlying package manager system is that Azure Linux is using? So for the package management, your existing Docker files would need to change for your containers. So because you can continue using your alpine based images or your RedHat images, your Docker files can continue saying the same with the same scripts, and then the final image just gets deployed on that link so as to continue to run, fine. That's fantastic. I love it. One of the things that I touched upon was that all existing templates work on Azure Linux as they would with Ubuntu. Something that's interesting that we get to do is we get to run prerelease testing on Azure Linux. So we take a guess test before we release image, run it through that and then release it to AKS and this way we can catch issues faster and mitigate them sooner. So on this cluster that I had, I will quickly deploy the Dapr State store application. This application is Node.js This is talking to a Redis that is running in Azure and we will be using adapters, simple sets, capability. So I will be applying this node YAML. This is completely unchanged to the existing containers as is on my cluster. I will also be applying the python deployment yaml and this python application. So set this off. I will show folks briefly what it does. It talks to the local Dapr endpoint that's on the cluster and it just creates in the order that the front end node then shows off. Okay. So we can just see the orders coming in and we may know changes to the application. The existing deeper container images and extensions just work on this cluster that has a mixed node pool. So do I. Do I want to expect no changes in nothing? Do I want to expect a measurable percentage of improvement? Do I want to just count on better security? You know, I wonder if it's anticlimactic. Like you're basically telling me I'm going to move over there and it's just going to be working in Awesome. What do I do with that? A lot of the feedback we've had from the end users was that there was no disruption and if anything they just notice like faster node startup times. But then again, like you're were saying, the security aspects, the higher boot performance, the fact that we're creating all the packages from source and signing them in Microsoft trusted pipelines, that's another advantage that you're getting. That's a really, really important thing. Supply chain security, right? Like if if something relies on some library that some random person that we've never met, there's no provenance of the the the source, especially if you're taking binary. So what you're saying is that this entire thing is built from source all the way down to the kernel and and signed and checked and ensured that that is the right and correct open source software that we're going to be running on Azure. Yep, exactly. And we also own the complete CBL infrastructure as well. Fantastic. So I can just get involved right now. Like is there a particular website I should start out because I should start moving my containers over immediately. Yeah, but what's that you can go to to get started. Is it Kate Adams slash Azure, Lennox Knox This has is the home for all things Azure Linux on it. Cas how to get started with that an overview of it and you can come here to learn how to deployment CGI on templates and as Olivia mentioned, Terraform. Absolutely fantastic. Well, thank you both for spending time with us today. Yeah, thank you. This was fun. I am learning all about Azure Linux and AKS, today on Azure Friday. Hey, thanks for watching this episode of Azure Friday. Now I need you to like it. Comment on it, tell your friends retweet it. Watch more Azure Friday.
Info
Channel: Microsoft Azure
Views: 4,013
Rating: undefined out of 5
Keywords: Scott Hanselman, Olivia Al Joundi, Sudhanva Huruli, Azure Linux, CBL-Mariner, Mariner, Microsoft Linux, distribution, AKS, Azure Kubernetes Service, K8s, nodepool, OS SKU, cluster, WSL, Linux, Windows Subsystem for Linux, supply chain security, CBL, Dapr, Docker, CVE, container host, host packages, az aks create, Terraform, CLI, ARM, template, kubectl, cordon, cordonining, nodes, kube, telemetry, monitoring, security, performance, quality, package upgrades, reboot daemon, kernel versioning, trust, kernel
Id: AKjgrveI9ww
Channel Id: undefined
Length: 14min 54sec (894 seconds)
Published: Fri Jul 28 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.