Three years after the launch of Azure Kubernetes, Windows applications are now generally available
Microsoft Windows Server containers are now generally available on its Azure Kubernetes service, three years after the launch of AKS.
AKS was introduced in 2017, replacing the Azure container service for Kubernetes which itself was only launched the year before. These services were reserved for Linux containers, even though Windows Server containers have existed since the release of Windows Server 2016.
There are other ways to run Windows containers on Azure, including Azure container and Web App container instances, or for large-scale Service Fabric applications. Service Fabric is the microservices platform developed by Microsoft and is deeply integrated into Azure, running core services like Azure Active Directory.
Kubernetes is the industry standard, originally developed by Google and designed for Linux. It is derived from Google’s Borg cluster manager, intended to solve similar problems for Google like Service Fabric solved for Microsoft. A 2015 article [PDF] describing Borg’s origins explains why he uses containers:
Did you think Microsoft’s licensing plans were Kafkaesque? How about a Kafka extension for Azure Functions?
“The vast majority of Borg workload does not run inside virtual machines (VMs) because we don’t want to pay the cost of virtualization. In addition, the system was designed at a time when we had a considerable investment in processors without virtualization support in the hardware. “
As a Windows company, Microsoft approached the advent of containers and then Kubernetes in two ways. On the Windows side, he worked to introduce Windows containers then to contribute to the Kubernetes project to support the addition of Windows nodes to Kubernetes running on Linux. The documentation notes that “there are no plans to have a Windows-only Kubernetes cluster”.
Second, Microsoft has become less of a Windows company and more of a cloud company, supporting Linux on Azure, bringing its .NET and SQL Server technology to Linux, and supporting Linux containers, then Linux Kubernetes on Azure.
Microsoft’s efforts to run Linux have been successful. At the end of 2018, the company recognized that there were more Linux virtual machines on Azure than Windows and today the proportion must be considerably higher.
The new announcement, however, covers the other aspect of Microsoft’s adoption of containers, namely making the technology work on Windows. “By running Windows and Linux applications side-by-side in a single AKS cluster, you can modernize your operating processes for a wider set of applications while increasing the density (and therefore reducing costs) of your environment. ‘application,’ said Microsoft Corporate VP Brendan Burns.
The same things that make containers an advantage for Linux applications also apply to Windows applications, and, as Burns notes, companies that want to “lift and move” local applications must continue to run them on Windows.
Although Microsoft has stated that Windows container support is generally available, there are warnings. Kubernetes is made up of many parts, and if you dig into the details, you will find that not everything is supported and that some components are alpha versions, even on Kubernetes 1.18, the current version. The CSI proxy for Windows, for example, which enables storage operations using CSI (Container Storage Interface) drivers. This does not mean that the Windows containers on AKS will not be reliable, but suggest caution when using certain features.
Windows on Kubernetes is a work in progress and it is not surprising that it is both long term and somewhat behind the Linux implementation. Microsoft has made great strides and supported features include Windows Group Managed Service Accounts (GSMA), RunAsUserName to run the application in a container under another user and meet the limits of processor resources. Coming to Kubernetes 1.19 is isolation using Hyper-V containers.
It is fair to say, however, that Linux containers are preferable to run on AKS and Kubernetes in general, and it is difficult to see how Microsoft will ever achieve full parity.
Microsoft’s GA announcement is behind that of AWS, which announced full support for Windows containers on its Elastic Kubernetes service in October 2019. There is no magic, however, and the documentation highlights the limits. . Some features like GSMA are not supported on Amazon EKS, so AWS is not really ahead of Azure containers for Windows. Google Cloud Platform also supports Windows containers on Kubernetes, but this is not yet generally available.
Microsoft has also announced private clusters on AKS (not just for Windows containers). This means a Kubernetes cluster managed in a private network space and not on the Internet, convenient for security and compliance. There is also new support for managed identities on AKS, allowing you to run applications as an Azure AD user through an approved instance, instead of having to provide credentials. ®
Office 365 client-to-client migration tips