feat: add Azure Container Linux ARM64 VHD build target#8102
Merged
cameronmeissner merged 1 commit intomainfrom Mar 18, 2026
Merged
feat: add Azure Container Linux ARM64 VHD build target#8102cameronmeissner merged 1 commit intomainfrom
cameronmeissner merged 1 commit intomainfrom
Conversation
aadhar-agarwal
requested review from
AbelHu,
Devinwong,
awesomenix,
calvin197,
cameronmeissner,
djsly,
ganeshkumarashok,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an Azure Container Linux (ACL) ARM64 Gen2 Trusted Launch VHD build target across the VHD builder, SIG config, pipelines, and E2E coverage.
Changes:
- Introduces new
AKSACLArm64Gen2TLdistro and wires it into SIG image config maps and distro availability lists. - Adds a dedicated ARM64 ACL Packer template and Makefile target for building the new VHD.
- Updates pipeline and E2E test infrastructure to exercise ARM64 ACL Gen2 TL (including VM size selection for TL-capable ARM64 SKUs).
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/vhd-scanning.sh | Chooses TL-capable ARM64 VM sizes (v6) for scanning when Trusted Launch is enabled. |
| vhdbuilder/packer/vhd-image-builder-acl-arm64.json | New Packer template for ACL ARM64 VHD builds (ARM64 binaries, mirrored provisioning flow). |
| vhdbuilder/packer/test/run-test.sh | Updates ARM64 test VM sizing to use v6 when Trusted Launch is enabled. |
| pkg/agent/datamodel/types.go | Adds AKSACLArm64Gen2TL distro and includes it in VHD-available distros. |
| pkg/agent/datamodel/types_test.go | Extends ACL detection tests to include the new ARM64 ACL distro. |
| pkg/agent/datamodel/sig_config.go | Adds ACL ARM64 Gen2 TL to maintained distro lists and SIG image config templates/maps. |
| pkg/agent/datamodel/sig_config_test.go | Updates SIG config tests for new ACL ARM64 entry and expected map size. |
| pkg/agent/bakerapi_test.go | Includes the new ACL ARM64 distro in API implementation coverage tests. |
| packer.mk | Adds AzureContainerLinux ARM64 branch to select the new Packer template. |
| e2e/config/vhd.go | Registers VHDACLArm64Gen2TL image config for E2E runs. |
| e2e/scenario_test.go | Adds an E2E scenario that boots an ACL ARM64 Gen2 TL node (Trusted Launch + NVMe). |
| .pipelines/.vsts-vhd-builder-release.yaml | Adds an acl-arm64 build job/parameter for the new target. |
aadhar-agarwal
force-pushed
the
aadagarwal/add-acl-arm64
branch
from
2da78fb to
ed6fca7
Compare
aadhar-agarwal
force-pushed
the
aadagarwal/add-acl-arm64
branch
from
ed6fca7 to
088b771
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new Azure Container Linux (ACL) ARM64 Gen2 Trusted Launch VHD build target, extending existing ACL (amd64) support across packer templates, pipeline wiring, and test coverage.
Changes:
- Introduces new distro
AKSACLArm64Gen2TLand wires it into SIG image config + maintained distro lists. - Adds an ARM64-specific ACL packer template and build target selection (
packer.mk), plus a new release pipeline job. - Updates scanning/test VM sizing for ARM64 Trusted Launch (v6) and adds an ARM64 ACL E2E scenario + config.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/vhd-scanning.sh | Selects ARM64 VM size based on Trusted Launch support (v5 vs v6). |
| vhdbuilder/packer/vhd-image-builder-acl-arm64.json | New ARM64 ACL packer template mirroring existing ACL template but using arm64 binaries. |
| vhdbuilder/packer/test/run-test.sh | Uses TL-capable ARM64 VM size when Trusted Launch is enabled. |
| vhdbuilder/byoi.txt | Adds a BYOI example command for creating a cluster with a custom image. |
| pkg/agent/datamodel/types_test.go | Extends ACL detection test coverage to include the new ARM64 ACL distro. |
| pkg/agent/datamodel/types.go | Adds AKSACLArm64Gen2TL distro constant and includes it in VHD-available distros. |
| pkg/agent/datamodel/sig_config_test.go | Updates SIG config tests to expect the additional ACL ARM64 entry. |
| pkg/agent/datamodel/sig_config.go | Registers ACL ARM64 SIG image config template and adds distro to relevant maps/lists. |
| pkg/agent/bakerapi_test.go | Ensures baker API coverage includes the new ACL ARM64 distro. |
| packer.mk | Adds AzureContainerLinux handling for ARM64 builds to select the new template. |
| e2e/scenario_test.go | Adds an ACL ARM64 Trusted Launch E2E scenario (with NVMe + v6 VM sizing). |
| e2e/config/vhd.go | Adds an E2E VHD config entry for aclgen2arm64TL. |
| .pipelines/.vsts-vhd-builder-release.yaml | Adds an acl-arm64 build job/parameter to the VHD builder release pipeline. |
aadhar-agarwal
force-pushed
the
aadagarwal/add-acl-arm64
branch
from
088b771 to
740538b
Compare
aadhar-agarwal
changed the title
Contributor
Author
|
The AgentBaker E2E PR check failure is expected as the ARM64 ACL image does not exist yet |
Add Azure Container Linux (ACL) ARM64 Trusted Launch Gen2 build target: - Add AKSACLArm64Gen2TL distro constant and SIG image config template - Register in AvailableContainerdDistros, AvailableGen2Distros, AvailableACLDistros - Create vhd-image-builder-acl-arm64.json packer template (arm64 binary variant) - Add AzureContainerLinux ARM64 case in packer.mk - Add buildazurecontainerlinuxarm64tlgen2 pipeline job (default: true) - VM size: Standard_D16pds_v5 - Source image: acldevel-arm64 from ACLDEVEL gallery - Add VHDACLArm64Gen2TL e2e config and Test_ACL_ARM64 scenario - Update unit tests and SIG config test counts Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
aadhar-agarwal
force-pushed
the
aadagarwal/add-acl-arm64
branch
from
740538b to
cfde711
Compare
cameronmeissner
approved these changes
Mar 17, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new Azure Container Linux (ACL) ARM64 Gen2 Trusted Launch VHD build target across the VHD builder (Packer + Make), release pipeline, and AgentBaker distro/SIG config + E2E coverage.
Changes:
- Introduces a new distro (
AKSACLArm64Gen2TL) and wires it into SIG image config templates/maps and distro capability lists. - Adds a new Packer template (
vhd-image-builder-acl-arm64.json) and Make target routing forOS_SKU=AzureContainerLinux+ARCHITECTURE=ARM64. - Updates pipeline + post-build scan/test scripts and adds an E2E scenario + VHD config for ACL ARM64 TL (using v6 ARM64 SKUs for Trusted Launch support).
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/vhd-scanning.sh | Selects TL-capable ARM64 VM sizes (v6) when Trusted Launch is enabled. |
| vhdbuilder/packer/vhd-image-builder-acl-arm64.json | New ARM64 ACL packer template (mirrors ACL x86, swaps in ARM64 binaries). |
| vhdbuilder/packer/test/run-test.sh | Uses TL-capable ARM64 VM sizes (v6) in post-build VM tests. |
| pkg/agent/datamodel/types.go | Adds AKSACLArm64Gen2TL distro and includes it in VHD-available distro list. |
| pkg/agent/datamodel/types_test.go | Extends ACL distro detection test coverage for the new distro. |
| pkg/agent/datamodel/sig_config.go | Registers SIG config template for ACL ARM64 Gen2 TL and adds it to maintained maps/lists. |
| pkg/agent/datamodel/sig_config_test.go | Updates SIG config tests for new ACL ARM64 entry and expected counts. |
| pkg/agent/bakerapi_test.go | Includes new ACL ARM64 distro in API distro coverage tests. |
| packer.mk | Routes ARM64 + AzureContainerLinux builds to the new packer template. |
| e2e/config/vhd.go | Adds VHDACLArm64Gen2TL image config for E2E. |
| e2e/scenario_test.go | Adds an ACL ARM64 Trusted Launch E2E scenario (NVMe placement + v6 SKU). |
| .pipelines/.vsts-vhd-builder-release.yaml | Adds a new buildaclarm64tlgen2 pipeline job and variables for the new target. |
cameronmeissner
approved these changes
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for building Azure Container Linux (ACL) ARM64 Gen2 TrustedLaunch VHD images, extending the existing ACL x86 Gen2 TL support to the ARM64 architecture.
Changes
New distro definition (
AKSACLArm64Gen2TL):AvailableContainerdDistros,AvailableGen2Distros,AvailableACLDistros, andAKSDistrosAvailableOnVHDlistsSIGACLArm64Gen2TLImageConfigTemplate) with definitionaclgen2arm64TLPacker config:
vhd-image-builder-acl-arm64.json(mirrors the existing ACL x86 config, targeting ARM64 binaries)Pipeline:
acl-arm64build target to.pipelines/.vsts-vhd-builder-release.yamlTest infrastructure:
Standard_D2pds_v6) which supports TL, while non-TL ARM64 continues using Ampere Altra (Standard_D2pds_V5)AKSACLArm64Gen2TLto E2E VHD config and scenario testsBuild system:
acl-arm64target topacker.mkvhd-scanning.shto handle the new SKUTest run
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #