Presented by Sudhanva Huruli and Dongha Paek at Microsoft Ignite, this session guides enterprises on modernizing and securing AKS container workloads using Azure Linux, with hands-on deep-dives into new performance and security features.

Building, Modernizing, and Securing AKS Workloads with Azure Linux

Presented by Sudhanva Huruli and Dongha Paek at Microsoft Ignite 2025, this session explores strategies to enhance Azure Kubernetes Service (AKS) workloads through the Azure Linux Container Host.

Key Topics Covered

Introduction and Rebranding
- Evolution of CBL Mariner into Azure Linux
Migration Strategy
- Seamless migration from Ubuntu to Azure Linux with no extra capacity requirements
Performance Improvements
- Benefits of a lightweight operating system
- Consistent, reliable update mechanisms
Container Innovations
- Running both Normal and Sandbox containers on Azure Linux nodes
- Deep dive into Kata Container Architecture within AKS
Enhanced Security Features
- Demo of OS Guard and its role in securing containers
- Integrity Policy Enforcement (IPE) using the kernel module
- Implementation of SELinux for enhanced security
- dm-verity for workload integrity validation
Workload Isolation
- How enterprises use Azure Linux to isolate and protect workloads
Roadmap and Future Enhancements
- Planned features: stricter SELinux enforcement, minimal image builds, GPU support

Security and Compliance Features

Integrity Policy Enforcement: Policy-driven kernel security
SELinux: Mandatory access control for containers
dm-verity: Data integrity for block devices
OS Guard: Kernel isolation for container workloads

Migration and Modernization Guidance

Strategies for migrating containerized workloads to Azure Linux
Benefits in node lifecycle management and performance

Additional Resources

Conclusion

Azure Linux strengthens AKS with improved performance, innovation in container management, and robust security controls, enabling enterprises to confidently modernize and scale cloud-native workloads.