Adding Windows nodes

FEATURE STATE: Kubernetes v1.18 [beta]

You can use Kubernetes to run a mixture of Linux and Windows nodes, so you can mix Pods that run on Linux on with Pods that run on Windows. This page shows how to register Windows nodes to your cluster.

Before you begin

Your Kubernetes server must be at or later than version 1.17. To check the version, enter kubectl version.

Objectives

  • Register a Windows node to the cluster
  • Configure networking so Pods and Services on Linux and Windows can communicate with each other

Getting Started: Adding a Windows Node to Your Cluster

Networking Configuration

Once you have a Linux-based Kubernetes control-plane node you are ready to choose a networking solution. This guide illustrates using Flannel in VXLAN mode for simplicity.

Configuring Flannel

  1. Prepare Kubernetes control plane for Flannel

    Some minor preparation is recommended on the Kubernetes control plane in our cluster. It is recommended to enable bridged IPv4 traffic to iptables chains when using Flannel. The following command must be run on all Linux nodes:

    1. sudo sysctl net.bridge.bridge-nf-call-iptables=1
  2. Download & configure Flannel for Linux

    Download the most recent Flannel manifest:

    1. wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

    Modify the net-conf.json section of the flannel manifest in order to set the VNI to 4096 and the Port to 4789. It should look as follows:

    1. net-conf.json: |
    2. {
    3. "Network": "10.244.0.0/16",
    4. "Backend": {
    5. "Type": "vxlan",
    6. "VNI": 4096,
    7. "Port": 4789
    8. }
    9. }

    Note: The VNI must be set to 4096 and port 4789 for Flannel on Linux to interoperate with Flannel on Windows. See the VXLAN documentation. for an explanation of these fields.

    Note: To use L2Bridge/Host-gateway mode instead change the value of Type to "host-gw" and omit VNI and Port.

  3. Apply the Flannel manifest and validate

    Let’s apply the Flannel configuration:

    1. kubectl apply -f kube-flannel.yml

    After a few minutes, you should see all the pods as running if the Flannel pod network was deployed.

    1. kubectl get pods -n kube-system

    The output should include the Linux flannel DaemonSet as running:

    1. NAMESPACE NAME READY STATUS RESTARTS AGE
    2. ...
    3. kube-system kube-flannel-ds-54954 1/1 Running 0 1m
  4. Add Windows Flannel and kube-proxy DaemonSets

    Now you can add Windows-compatible versions of Flannel and kube-proxy. In order to ensure that you get a compatible version of kube-proxy, you’ll need to substitute the tag of the image. The following example shows usage for Kubernetes v1.24.0, but you should adjust the version for your own deployment.

    1. curl -L https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/kube-proxy.yml | sed 's/VERSION/v1.24.0/g' | kubectl apply -f -
    2. kubectl apply -f https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/flannel-overlay.yml

    Note: If you’re using host-gateway use https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/flannel-host-gw.yml instead

    Note:

    If you’re using a different interface rather than Ethernet (i.e. “Ethernet0 2”) on the Windows nodes, you have to modify the line:

    1. wins cli process run --path /k/flannel/setup.exe --args "--mode=overlay --interface=Ethernet"

    in the flannel-host-gw.yml or flannel-overlay.yml file and specify your interface accordingly.

    1. # Example
    2. curl -L https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/flannel-overlay.yml | sed 's/Ethernet/Ethernet0 2/g' | kubectl apply -f -

Joining a Windows worker node

Note: All code snippets in Windows sections are to be run in a PowerShell environment with elevated permissions (Administrator) on the Windows worker node.

Install containerD

  1. curl.exe -LO https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/Install-Containerd.ps1
  2. .\Install-Containerd.ps1

Note:

To install a specific version of containerD specify the version with -ContainerDVersion.

  1. # Example
  2. .\Install-Containerd.ps1 -ContainerDVersion 1.4.1

If you’re using a different interface rather than Ethernet (i.e. “Ethernet0 2”) on the Windows nodes, specify the name with -netAdapterName.

  1. # Example
  2. .\Install-Containerd.ps1 -netAdapterName "Ethernet0 2"

Install wins, kubelet, and kubeadm

  1. curl.exe -LO https://raw.githubusercontent.com/kubernetes-sigs/sig-windows-tools/master/kubeadm/scripts/PrepareNode.ps1
  2. .\PrepareNode.ps1 -KubernetesVersion v1.24.0 -ContainerRuntime containerD

Install crictl from the cri-tools project which is required so that kubeadm can talk to the CRI endpoint.

Run kubeadm to join the node

Use the command that was given to you when you ran kubeadm init on a control plane host. If you no longer have this command, or the token has expired, you can run kubeadm token create --print-join-command (on a control plane host) to generate a new token and join command.

Install Docker Engine

Install the Containers feature

  1. Install-WindowsFeature -Name containers

Install Docker Instructions to do so are available at Install Docker Engine - Enterprise on Windows Servers.

Install cri-dockerd which is required so that the kubelet can communicate with Docker on a CRI compatible endpoint.

Note: Docker Engine does not implement the CRI which is a requirement for a container runtime to work with Kubernetes. For that reason, an additional service cri-dockerd has to be installed. cri-dockerd is a project based on the legacy built-in Docker Engine support that was removed from the kubelet in version 1.24.

Install crictl from the cri-tools project which is required so that kubeadm can talk to the CRI endpoint.

Install wins, kubelet, and kubeadm

  1. curl.exe -LO https://raw.githubusercontent.com/kubernetes-sigs/sig-windows-tools/master/kubeadm/scripts/PrepareNode.ps1
  2. .\PrepareNode.ps1 -KubernetesVersion v1.24.0

Run kubeadm to join the node

Use the command that was given to you when you ran kubeadm init on a control plane host. If you no longer have this command, or the token has expired, you can run kubeadm token create --print-join-command (on a control plane host) to generate a new token and join command.

Verifying your installation

You should now be able to view the Windows node in your cluster by running:

  1. kubectl get nodes -o wide

If your new node is in the NotReady state it is likely because the flannel image is still downloading. You can check the progress as before by checking on the flannel pods in the kube-system namespace:

  1. kubectl -n kube-system get pods -l app=flannel

Once the flannel Pod is running, your node should enter the Ready state and then be available to handle workloads.

What’s next