LinuxKit GITHUB repository recently crossed 3000 stars, forked around 300+ times and added 60+ contributors. Just 5 months old project and it has already gained lot of momentum across the Docker community. Built with a purpose that enables community to create secure, immutable, and minimal Linux distributions, LinuxKit is matured enough to support number of Cloud Platforms like Azure, AWS, Google Cloud Platform, VMware, Packets.net and many more..
In my recent blogs, I showcased how to get LinuxKit OS built for Google Cloud Platform, Amazon Web Services and VirtualBox. ICYMI, I recently published few of the the video on LinuxKit too. Check it out.
Under this blog post, I will walkthrough how to build secure and portal VM based on LinuxKit image on Microsoft Azure Platform.
I will be leveraging macOS Sierra running Docker 17.06.1-ce-rc1-mac20 version. I tested it on Ubuntu 16.04 LTS edition too running on one of Azure VM and it went fine. Prior knowledge of Microsoft Azure / Azure CLI 2.0 will be required to configure Service Principle for VHD image to get uploaded to Azure smoothly.
Step-1: Pulling the latest LinuxKit repository
Pull the LinuxKit repository using the below command:[simterm]
$git clone https://github.com/linuxkit/linuxkit[/simterm]
Step-2: Build Moby & LinuxKit tool[simterm]
Step-3: Copying the tools into the right PATH[simterm]
$cp -rf bin/moby /usr/local/bin/
$cp -rf bin/linuxkit /usr/local/bin/[/simterm]
Step-4: Preparing Azure CLI tool[simterm]
$curl -L https://aka.ms/InstallAzureCli | bash[/simterm]
Step-5: Run the below command to restart your shell[simterm]
$exec -l $SHELL[/simterm]
Step-6: Building LinuxKit OS for Azure Platform[simterm]
$moby build -output vhd azure.yml[/simterm]
This will build up VHD image which now has to be pushed to Azure Platform.
In order to push the VHD image to Azure, you need to authenticate LinuxKit with your Azure subscription, hence you will need to set up the following environment variables:[simterm]
Alternatively, the easy way to get all the above details is through the below command:[simterm]
To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code XXXXXX to authenticate.[/simterm]
The above command lists out Subscription ID and tenant ID which can be exported therein.
Next, follow this link to create an Azure Active Directory application and service principal that can access resources. If you want to stick to CLI rather than UI, you can follow the below steps:
Step-7: Pushing the VHD image to Azure Platform[simterm]
$linuxkit run azure –resourceGroupName mylinuxkit –accountName mylinuxkitstore -location eastasia azure.vhd
Creating resource group in eastasia
Creating storage account in eastasia, resource group mylinuxkit
The command will end up with the below message:
Completed: 100% [ 68.00 MB] RemainingTime: 00h:00m:00s Throughput: 0 Mb/sec
Creating virtual network in resource group mylinuxkitresource, in eastasia
Creating subnet linuxkitsubnet468 in resource group mylinuxkitresource,
within virtual network linuxkitvirtualnetwork702
Creating public IP Address in resource group mylinuxkitresource, with name publicip159
Started deployment of virtual machine linuxkitvm941 in resource group mylinuxkitresource
Creating virtual machine in resource group mylinuxkitresource, with name linuxkitvm941, in location eastasia
NOTE: Since you created a minimal VM without the Azure Linux Agent,
the portal will notify you that the deployment failed. After around 50 seconds try connecting to the VM
ssh -i path-to-key email@example.com
By this time, you should be able to see LinuxKit VM coming up under Azure Platform as shown below:
Wait for next 2-3 minutes till you try SSHing to this Azure instance and its all set to be up an running smoothly.
- Since the image currently does not contain the Azure Linux Agent, the Azure Portal will report the creation as failed.
- The main workaround is the way the VHD is uploaded, specifically by using a Docker container based on Azure VHD Utils. This is mainly because the tool manages fast and efficient uploads, leveraging parallelism
- There is work in progress to specify what ports to open on the VM (more specifically on a network security group)
- The metadata package does not yet support the Azure metadata.
Did you find this blog helpful? Feel free to share your experience. Get in touch @ajeetsraina.
If you are looking out for contribution/discussion, join me at Docker Community Slack Channel.