Microsoft Azure Container Linux & AKS

KubeCon + CloudNativeCon Europe 2026

Session Date: March 24, 2026 — London

Azure Container Linux (ACL)

  • Container-optimized Linux distribution from Microsoft
  • Successor to CBL-Mariner
  • Minimal, secure OS purpose-built for container workloads
  • Reduced attack surface and faster boot times

AKS Updates

Feature Status
ACNS (Advanced Container Networking) Requires cluster recreate to enable
AKS Agent + Inspector Gadget Agent can talk to Inspector Gadget
Inspector Gadget No advanced networking required — just extra CRDs
AKS Desktop for Azure Agent GA, desktop integration in preview

Air-Gapped Environment Challenges

Problem: Azure pushes Grafana and Prometheus, but these don't work in air-gapped secure environments

Alternatives:

  • Container Insights with Private Endpoints (recommended)
  • Log Analytics Agent via Private Link
  • No public internet egress needed

Monitoring Gaps Identified

  • Missing alerts for pods in pending/failing state
  • Translating Prometheus exports to Container Insights is painful
  • Defender tickets lacked traction for needed information
  • No clear path for air-gapped alerting with Container Insights

Workaround: Custom KQL queries against ContainerInventory table

Key Takeaways

  1. ACL provides a hardened container OS for AKS workloads
  2. Inspector Gadget is a powerful troubleshooting tool — no advanced networking needed
  3. Air-gapped environments remain a significant gap in Azure monitoring
  4. Prometheus-to-Insights translation needs improvement
  5. AKS Desktop integration signals Microsoft's focus on developer experience

Questions?

KubeCon EU 2026 — London