LinuxKit GITHUB repository recently crossed 3000 stars, forked around 300+ times and added 60+ contributors. Just 5 months old project and it has already gained lot of momentum across the Docker community. Built with a purpose that enables community to create secure, immutable, and minimal Linux distributions, LinuxKit is matured enough to support number of Cloud Platforms like Azure, AWS, Google Cloud Platform, VMware, Packets.net and many more..

 

In my recent blogs, I showcased how to get LinuxKit OS built for Google Cloud Platform, Amazon Web Services and VirtualBox. ICYMI, I recently published few of the the video on LinuxKit too. Check it out.

 

Under this blog post, I will walkthrough how to build secure and portal VM based on LinuxKit image on Microsoft Azure Platform.

Pre-requisite:

I will be leveraging macOS Sierra running Docker 17.06.1-ce-rc1-mac20 version. I tested it on Ubuntu 16.04 LTS edition too running on one of Azure VM and it went fine. Prior knowledge of Microsoft Azure / Azure CLI 2.0 will be required to configure Service Principle for VHD image to get uploaded to Azure smoothly.

 

Step-1: Pulling the latest LinuxKit repository

Pull the LinuxKit repository using the below command:

[simterm]

$git clone https://github.com/linuxkit/linuxkit

[/simterm]

 

Step-2: Build Moby & LinuxKit tool

[simterm]

$cd linuxkit

$make

[/simterm]

 

Step-3: Copying the tools into the right PATH

[simterm]

$cp -rf bin/moby /usr/local/bin/

$cp -rf bin/linuxkit /usr/local/bin/

[/simterm]

 

Step-4: Preparing Azure CLI tool

[simterm]

$curl -L https://aka.ms/InstallAzureCli | bash

[/simterm]

 

Step-5: Run the below command to restart your shell

[simterm]

$exec -l $SHELL

[/simterm]

 

Step-6: Building LinuxKit OS for Azure Platform

[simterm]

$cd linuxkit/examples/

$moby build -output vhd azure.yml

[/simterm]

This will build up VHD image which now has to be pushed to Azure Platform.

In order to push the VHD image to Azure, you need to authenticate LinuxKit with your Azure subscription, hence you  will need to set up the following environment variables:

[simterm]

   export AZURE_SUBSCRIPTION_ID=43b263f8-XXXX–XXXX–XXXX–XXXXXXXX

   export AZURE_TENANT_ID=633df679-XXXX–XXXX–XXXX–XXXXXXXX

   export AZURE_CLIENT_ID=c7e4631a-XXXX–XXXX–XXXX–XXXXXXXX

   export AZURE_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXXXXXX=

[/simterm]

Alternatively, the easy way to get all the above details is through the below command:

[simterm]

$az login

To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code XXXXXX to authenticate.

[/simterm]

The above command lists out Subscription ID and tenant ID which can be exported therein.

Next, follow this link to create an Azure Active Directory application and service principal that can access resources. If you want to stick to CLI rather than UI, you can follow the below steps:

Step-7: Pushing the VHD image to Azure Platform

[simterm]

$linuxkit run azure –resourceGroupName mylinuxkit –accountName mylinuxkitstore -location eastasia azure.vhd
Creating resource group in eastasia
Creating storage account in eastasia, resource group mylinuxkit

[/simterm]

The command will end up with the below message:

 

 Completed: 100% [     68.00 MB] RemainingTime: 00h:00m:00s Throughput: 0 Mb/sec    

Creating virtual network in resource group mylinuxkitresource, in eastasia

Creating subnet linuxkitsubnet468 in resource group mylinuxkitresource,

within virtual network linuxkitvirtualnetwork702

Creating public IP Address in resource group mylinuxkitresource, with name publicip159

Started deployment of virtual machine linuxkitvm941 in resource group mylinuxkitresource

Creating virtual machine in resource group mylinuxkitresource, with name linuxkitvm941, in location eastasia

NOTE: Since you created a minimal VM without the Azure Linux Agent,

the portal will notify you that the deployment failed. After around 50 seconds try connecting to the VM

ssh -i path-to-key root@publicip159.eastasia.cloudapp.azure.com

 

By this time, you should be able to see LinuxKit VM coming up under Azure Platform as shown below:

Wait for next 2-3 minutes till you try SSHing to this Azure instance and its all set to be up an running smoothly.

Known Issue:

  • Since the image currently does not contain the Azure Linux Agent, the Azure Portal will report the creation as failed.
  • The main workaround is the way the VHD is uploaded, specifically by using a Docker container based on Azure VHD Utils. This is mainly because the tool manages fast and efficient uploads, leveraging parallelism
  • There is work in progress to specify what ports to open on the VM (more specifically on a network security group)
  • The metadata package does not yet support the Azure metadata.

 

Did you find this blog helpful?  Feel free to share your experience. Get in touch @ajeetsraina

If you are looking out for contribution/discussion, join me at Docker Community Slack Channel.

Further Reference:

Clap


Ajeet Raina

My name is Ajeet Singh Raina and I am an author of this blogging site. I am a Docker Captain, ARM Innovator & Docker Bangalore Community Leader. I bagged 2 special awards last year(2019) : Firstly, “The Tip of Captain’s Hat Award” at Dockercon 2019, San Francisco and secondly, “2019 Docker Community Award“. I was overwhelmed to receive the first award in front of around 5000 audience.

3 Comments

bketelsen · 3rd August 2017 at 5:44 am

Thanks! This inspired me to add Azure metadata support to linuxkit. PR submitted!

    Ajeet Singh Raina · 3rd August 2017 at 7:36 am

    Thanks for the comments and contribution towards LinuxKit. Good to hear this.

Running LinuxKit locally on Oracle VirtualBox Platform Made Easy – Collabnix · 13th December 2017 at 9:43 pm

[…] Building a Secure VM based on LinuxKit on Microsoft Azure Platform […]

Leave a Reply

Your e-mail address will not be published. Required fields are marked *