Taking Azure Arc and Kubernetes to the Edge!
Published Oct 12 2022 09:00 AM 10.9K Views
Microsoft

We are excited to announce the public preview of AKS lite (introduced as Project Haven during Build 2022) – the AKS hybrid option for small footprint edge devices. AKS lite will be available for public preview this November 2022. AKS lite is a lightweight, Kubernetes platform that enables rapid application innovation and modernization at scale at the edge. In addition to this, we are excited to announce Azure Arc support for Windows IoT Enterprise. Connecting your Windows IoT Enterprise devices to Azure via Arc provides you with robust deployment, management, and governance capabilities for your IoT devices using the Azure portal.

 

Why Kubernetes at the edge?

 

Today, Kubernetes is used extensively in the cloud as well as on server-class hyperconverged infrastructure on the edge. Increasingly, enterprises want to extend Kubernetes to their lightweight (constrained) devices, providing a consistent cloud-native platform across the cloud, customer-owned infrastructure, and lightweight devices.  This allows them to rapidly innovate and respond to operational signals at the edge. Imagine a fast-food chain that automates its operations based on predictions of an ML model that’s trained in the cloud using historical data from stores and determines the required quantity of an item needed at any point in time. However, this prediction is not always accurate because footfall at a store could spike or drop say due to a sport event or a snowstorm.

 

If the prediction model could integrate inputs from in-store point-of-sale (POS) devices and the camera sensors monitoring footfall, the model can be adjusted in real-time to get a more accurate prediction of the quantity needed at any point in time. These operational edge inputs come from microprocessor class or the ‘light-edge’ devices which aggregate and derive insights on data and serve as the brain for larger automation systems. Enabling these operational technology (OT) systems to participate in your cloud-native infrastructure at the edge empowers customers to easily move workloads between the cloud and the edge as described in this video:

 

 

Additionally, modernizing the fast-food applications which run on the edge with runtimes like HTML5 requires an edge computing paradigm for modern app hosting. As applications at the edge continue to evolve, Kubernetes extends cloud-native benefits and practices to the edge bringing in flexibility and the capability to update applications continuously as needed. This enables rapid innovation and helps deploy business functionality reliably and efficiently.

 

Cloud-native input processing, artificial intelligence, and modern applications require Kubernetes on smaller, resource constrained edge devices to be able to scale and manage workloads on hundreds of distributed nodes. This presents a different challenge in terms of scale. Rather than having thousands of containers running on a few large K8S clusters, the operational edge requires thousands of dispersed clusters, each running a few containers. This highlights the need for simplified management and visibility across your deployment.

 

So be it medical scanners connected to an Intel NUC processing images to derive insights and detect anomalies at a hospital, or point of sale (POS) devices connected to a backend SQL server at a retail outlet, you can run Kubernetes in these environments to innovate rapidly, gain high availability and maximize utilization at the edge using your existing infrastructure investments.  

 

What is AKS lite?

 

AKS lite brings the AKS platform to the light-weight edge devices. AKS is the managed, CNCF-conformant, Kubernetes platform by Microsoft, that can run both Linux and Windows container applications. AKS lite builds on this stable platform to offer a light-weight Kubernetes distribution – both K8S and K3S, that can be easily deployed at the edge, on any Windows PC class device with Windows 10 and 11 IoT Enterprise, Enterprise and Pro. In addition to this, for scenarios where you use Windows Server at the light-weight operational technology edge, you can use AKS lite as well.  AKS lite simplifies managing, deploying, and maintaining a Kubernetes cluster on-premises, making it easy to get started hosting Linux and Windows containers. 

 

Slide1.JPG

 

Key features

 

  • Microsoft supported Kubernetes platform: This includes a lightweight, CNCF conformant K8S and K3S distribution that is supported and managed by Microsoft.
    • The key difference between AKS on HCI and AKS lite is that AKS lite is designed to operate on constrained devices, with minimal compute and available memory requirements of 2 vCPUs and 4 GB of RAM.
    • Each Kubernetes cluster runs in its own Hyper-V isolated virtual machines and includes many features to help secure your container infrastructure
    • Microsoft-maintained Linux and Windows images for worker nodes - Worker nodes run Linux and Windows virtual machine images created by Microsoft to adhere to security best practices. Microsoft also refreshes these images monthly with the latest security updates.
    • Simplified installation experience with PowerShell cmdlets and agents to enable provisioning and control of VMs and infra​structure. You can run these cmdlets either locally or remotely via fleet management tools like Azure Arc for Server or Microsoft Endpoint Configuration Manager.  
    • In addition to the host OS updates, Microsoft will provide automatic updates for your Kubernetes deployment, so you stay up-to-date with the latest available Kubernetes versions.
  • Locally install nodes on single or multiple machines: AKS lite simplifies the process of setting up Kubernetes by providing you with PowerShell scripts and cmdlets for setting up Kubernetes and creating single or multi node Kubernetes clusters
  • Run Linux and windows containers: AKS lite fully supports both Linux-based and Windows-based containers. When you create a Kubernetes cluster on AKS you can choose to run Linux containers, Windows containers, or both running at the same time on the same machine.
  • Management with Azure Arc: Once you have set up on-premises Kubernetes using AKS and created a Kubernetes cluster, you can manage your Kubernetes infrastructure using the Azure portal providing you a centralized management console for Kubernetes clusters running anywhere. In addition to this, various Azure Arc-enabled services like Azure Policy, Azure Monitor, Microsoft Defender for Cloud, and Azure ML services enable you to ensure compliance, monitor your clusters and run cloud-services on your edge clusters. It helps to ensure that applications and clusters are consistently deployed and configured at scale from source control.

 

Benefits

 

AKS lite provides you with

  • Interop with native Windows application: Windows provides a rich app eco system, user experience and robust security, and powers much of the infrastructure for operational technology today from HMIs, robots, PLCs, medical devices etc. That said, a lot of the cloud-native workloads are built in Linux containers and customers are faced with the challenge of having to introduce Linux systems to the edge to take advantage of cloud-native solutions which requires additional infrastructure investments, management tools and skills to manage Linux systems in their environment. With AKS lite hybrid options, customers get the best of both worlds. Customers can continue to use their Windows application investments on their existing hardware. In addition to this, they can also run cloud-native Linux workloads on Windows without the need to have new skills or new control plane to manage the Linux devices. This enables customers to use a broad set of AI capabilities to innovate quickly and drive their edge innovation forward with the least disruption. In addition to that, AKS lite offers interoperability between native Windows applications and containerized Linux workloads. 

 

Blogimage2.jpg

 

  • Kernel to cloud support: With AKS lite, customers get the benefit of having a fully supported stack from kernel to cloud. With Windows IoT, Microsoft provides 10-year LTSC for the host OS. The Linux VM is fully managed and is based on a curated CBL-Mariner image, which is a lightweight image that helps reduce attack surface, ensures better performance, and provides less-overhead for patching vulnerabilities. Added to that Microsoft has a robust testing matrix for individual Mariner packages and extensive regression tests prior to an image release, reducing the likelihood of downtime for the service. VM policies ensure A/B updates of the VM image, and the Kubernetes distribution ensures your Kubernetes stack is the latest and greatest. This helps customers keep their assets on the Linux VM upt-date and ‘version matched’ to their cloud workloads for cloud-edge compatibility. Lastly, customers can manage all their containers and ​Kubernetes configs across cloud and on-prem with Arc-enabled Kubernetes. This multi-layered approach ensures that the entire software stack is secure and updated so that your business applications can run reliably.  
  • Cloud-services enabled at the edge: When your AKS lite cluster is connected to Azure Arc, it extends the Azure platform to the edge with core services like governance, monitoring, application, ML and data services. It also helps bring DevOps practices anywhere and build iteratively using GitOps and Flux to seamlessly manage application deployments.

 

Arc support for Windows IoT Enterprise

 

Azure Arc unlocks new hybrid scenarios for organizations by bringing new Azure services and management features to any infrastructure. With Azure Arc for servers now supported on Windows IoT Enterprise, you can now extend Azure Resource Manager capabilities to your Windows IoT Enterprise devices and manage them on Azure.

When you connect your machine to Azure Arc-enabled servers, you can perform the following functions

  • Monitor operating system performance and discover application components to monitor processes and dependencies with other resources using VM insights. Collect other log data, such as performance data and events, from the operating system or workloads running on the machine and this data is stored in a Log Analytics workspace.
  • Govern: Assign Azure Policy guest configurations to audit settings inside the machine. 

We are actively working on expanding this list of supported actions.

 

AKS lite on Arc-enabled Windows 10 IoT - better together!

 

Deploying AKS lite on Windows 10 IoT Enterprise enables you to manage your Kubernetes cluster and workloads using Arc for Kubernetes and manage your host machine using Arc for servers. This helps simplify management and governance of both your infrastructure and edge applications. Added to that, you can now run Azure services both on the host machine as well as within your Kubernetes cluster enabling you to maximize your compute investments at the edge.

 

Excited and want to give it a shot?

 

AKS lite will be available for public preview in November 2022. We are currently accepting limited private preview customers, do reach out to projecthaven@microsoft.com for access. You can Arc-enable your Windows IoT Enterprise devices as described here.

3 Comments
Co-Authors
Version history
Last update:
‎Oct 12 2022 09:05 AM