Microsoft’s Windows Server Containers is now generally available on its Azure Kubernetes Service, three years after AKS’s launch.
AKS was introduced in 2017, as a replacement for the Azure Container Service for Kubernetes that was itself only launched the previous year. These services were for Linux containers only, even though Windows Server Containers have existed since the release of Windows Server 2016.
There have been other ways to run Windows containers on Azure, including Azure Container Instances and Web App for Containers, or for large-scale applications Service Fabric. Service Fabric is Microsoft’s home-grown microservices platform and is baked deeply into Azure, running foundational services like Azure Active Directory.
Kubernetes is the industry standard though, originally developed by Google and designed for Linux. It derived from Google’s Borg cluster manager, intended to solve similar problems for Google as Service Fabric solved for Microsoft. A 2015 paper [PDF] describing the origins of Borg notes why it uses containers:
Thought Microsoft’s licence plans were Kafkaesque? How about a Kafka extension for Azure Functions?
“The vast majority of the Borg workload does not run inside virtual machines (VMs), because we don’t want to pay the cost of virtualization. Also, the system was designed at a time when we had a considerable investment in processors with no virtualization support in hardware.”
As a Windows company, Microsoft addressed the advent of containers and then Kubernetes in two ways. On the Windows side, it worked to introduce Windows containers and then to contribute to the Kubernetes project to support adding Windows nodes to Kubernetes running on Linux. The documentation notes that “there are no plans to have a Windows-only Kubernetes cluster.”
Second, Microsoft became less of a Windows company and more of a cloud company, supporting Linux on Azure, porting its .NET and SQL Server technology to Linux, and supporting both Linux containers and then Linux Kubernetes on Azure.
Microsoft’s efforts to run Linux have been successful. By late 2018 the company acknowledged that there were more Linux VMs on Azure than Windows and today the proportion must be significantly higher.
The new announcement though covers the other aspect of Microsoft’s container adoption, getting the technology working on Windows. “Running both Windows and Linux applications side by side in a single AKS cluster, you can modernize your operations processes for a broader set of applications while increasing the density (and thus lowering the costs) of your application environment,” said Microsoft Corporate VP Brendan Burns.
The same things that make containers an advantage for Linux applications also apply to Windows applications, and as Burns notes, businesses that want to “lift and shift” on-premises applications need to keep running them on Windows.
Although Microsoft has declared the Windows container support generally available, there are cautionary notes. Kubernetes is composed of many pieces, and if you dig into the details you will find that not everything is supported and that some components are alpha versions even on Kubernetes 1.18, the current version. The CSI Proxy for Windows, for example, which enables storage operations using CSI (Container Storage Interface) drivers. This does not mean that Windows containers on AKS will be unreliable, but does suggest caution in using some features.
Windows on Kubernetes is an ongoing project and it is not surprising that it is both long term and somewhat behind the Linux implementation. Microsoft has made big progress and supported features include Windows Group Managed Service Accounts (GSMA), RunAsUserName for running application in a container under a different user, and respecting CPU resource limits. Coming in Kubernetes 1.19 is isolation using Hyper-V containers.
It is fair to say, though, that Linux containers are preferable for running on AKS and Kubernetes generally, and it is hard to see how Microsoft will ever achieve full parity.
Microsoft’s GA announcement is behind that of AWS, which announced full support for Windows containers on its Elastic Kubernetes Service back in October 2019. There is no magic though and the documentation highlights limitations. Certain features like GSMA are not supported on Amazon EKS so AWS is not really ahead of Azure for Windows containers. Google Cloud Platform also supports Windows Containers on Kubernetes, but this is not yet generally available.
Microsoft has also announced private clusters on AKS (not just for Windows containers). This means a managed Kubernetes cluster inside a private network space and not on the internet, handy for security and compliance. There is also new support for managed identities on AKS, letting you run applications as an Azure AD user via a trusted instance, instead of having to supply credentials. ®
Follow me for more information.