Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, we provide an overview of Azure Container Linux (ACL), an immutable, container-optimized operating system (OS) for Azure Kubernetes Service (AKS). ACL is derived from the Flatcar Container Linux project, building on Flatcar's proven, container-first immutable design while layering in Azure Linux packages, servicing, and platform integration. This allows ACL to stay closely aligned with upstream Flatcar innovation while meeting Azure's production, security, and compliance requirements. To learn more about Flatcar Container Linux, see the Flatcar documentation.
ACL is generally available (GA) as an OS option on AKS starting AKS v1.34. You can deploy ACL node pools in a new AKS cluster or add ACL node pools to your existing clusters.
Note
ACL is the GA release of Flatcar Container Linux for AKS, which entered public preview in November 2025. OS Guard (preview) features, such as code integrity with Integrity Policy Enforcement (IPE), will be incorporated into ACL in a future release, after which OS Guard (preview) will be retired. If you need OS Guard features today, we recommend continuing to use OS Guard and migrating to ACL once those features become available.
Benefits of using ACL on AKS
| Benefit | Description |
|---|---|
| Built-in immutability for stronger security | Kernel-enforced immutability of the /usr directory verifies the integrity of the OS image at boot and runtime. This design helps block unauthorized changes before they can affect your cluster and reduces the risk of OS-level tampering. |
| Minimal attack surface | ACL ships only the components required to run containers. By reducing the size and complexity of the OS, ACL minimizes the number of packages, services, and potential entry points available to attackers and simplifies security management. |
| Automated node image updates | ACL delivers weekly image-based updates that include the latest security patches and bug fixes. This approach keeps node OS versions consistent and current across the cluster and helps reduce exposure to known vulnerabilities. |
| Supply-chain trust | Builds on Azure Linux’s signed packages and supply-chain processes, delivering clear provenance for system components. |
| Integration with Azure security features | Native support for Trusted Launch and Secure Boot provides measured boot protections and attestation. |
| Open-source transparency | Flatcar as well as many of the underlying technologies (dm-verity and SELinux) are upstream or open source, and Microsoft has tooling and contributions to support these features. |
Key features of ACL
The following key features distinguish ACL as a hardened, container-optimized OS for AKS:
- Immutability: The '/usr' directory is mounted as a read-only volume protected by dm-verity. At runtime, the kernel validates a signed root hash to detect and block tampering
- Mandatory access control with SELinux: ACL includes SELinux to enforce mandatory access control policies that restrict which processes can access sensitive system resources. SELinux operates in enforcing mode by default.
- Trusted Launch and Secure Boot: ACL requires Trusted Launch with Secure Boot and vTPM, to ensure the integrity of the boot chain before the OS loads. This is achieved using a Unified Kernel Image (UKI), which bundles the kernel, initramfs, and kernel command line into a single signed artifact. During boot, the UKI is measured and recorded in the vTPM, ensuring integrity from the earliest stage.
- NVIDIA GPU node support: ACL supports NVIDIA GPU-enabled node pools on AMD64 architectures, allowing you to run high-performance computing (HPC) and AI/ML workloads on AKS with a hardened, container-optimized OS. ACL doesn't support ARM64 architectures for GPU-enabled node pools.
- AMD64 and ARM64 architecture support: ACL is available for both AMD64 and ARM64 architectures on AKS.
- Sovereign Supply Chain Security: ACL inherits Azure Linux’s secure build pipelines and signed Unified Kernel Images (UKIs).
- Node auto-provisioning: ACL supports node auto-provisioning (NAP).
Unsupported features
ACL currently doesn't support the following features:
- The
SecurityPatchandUnmanagednode OS upgrade channels. - Generation 1 VMs: You can't use VM sizes that only support Generation 1 with ACL.
- Pod Sandboxing.
- A non-Trusted Launch variant. ACL requires Trusted Launch.
If your existing cluster uses any of the unsupported features, you might not be able to add an ACL node pool to that cluster.
Feature roadmap
Azure Linux publishes a feature roadmap that contains features that are in development and available for general availability (GA) and public preview.
OS migrations and upgrades with ACL
AKS supports migrating existing node pools to ACL using in-place OS SKU migration or by creating new ACL node pools. For detailed migration steps, considerations, and rollback instructions, see Migrate existing nodes to ACL.
ACL for AKS versioning
ACL for AKS releases weekly AKS node images. Versioning follows the AKS date-based format (for example: 202506.13.0). ACL currently only supports full node image updates.
You can check available node images in the release notes and view the nodeImageVersion for a running cluster using the az aks nodepool list command. For example:
az aks nodepool list --resource-group <resource-group-name> --cluster-name <aks-cluster-name> --query '[].{name: name, nodeImageVersion: nodeImageVersion}'
Example output:
[
{
"name": "nodes",
"nodeImageVersion": "AKSAzureContainerLinux-202606.01.0"
}
]
Related content
To get started using ACL for AKS, see the following resources: