sigs.k8s.io/cluster-api-provider-azure@v1.14.3/docs/book/src/topics/windows.md

sigs.k8s.io/cluster-api-provider-azure@v1.14.3/docs/book/src/topics/windows.md (about)

     1  # Windows Clusters
     2  
     3  ## Overview
     4  
     5  CAPZ enables you to create Windows Kubernetes clusters on Microsoft Azure. We recommend using Containerd for the Windows runtime in Cluster API for Azure.
     6  
     7  ### Using Containerd for Windows Clusters
     8  
     9  To deploy a cluster using Windows, use the [Windows flavor template](https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/cluster-template-windows.yaml).
    10  
    11  ## Deploy a workload
    12  
    13  After you Windows VM is up and running you can deploy a workload. Using the deployment file below:
    14  
    15  ```
    16  apiVersion: apps/v1
    17  kind: Deployment
    18  metadata:
    19    name: iis-1809
    20    labels:
    21      app: iis-1809
    22  spec:
    23    replicas: 1
    24    template:
    25      metadata:
    26        name: iis-1809
    27        labels:
    28          app: iis-1809
    29      spec:
    30        containers:
    31        - name: iis
    32          image: mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019
    33          resources:
    34            limits:
    35              cpu: 1
    36              memory: 800m
    37            requests:
    38              cpu: .1
    39              memory: 300m
    40          ports:
    41            - containerPort: 80
    42        nodeSelector:
    43          "kubernetes.io/os": windows
    44    selector:
    45      matchLabels:
    46        app: iis-1809
    47  ---
    48  apiVersion: v1
    49  kind: Service
    50  metadata:
    51    name: iis
    52  spec:
    53    type: LoadBalancer
    54    ports:
    55    - protocol: TCP
    56      port: 80
    57    selector:
    58      app: iis-1809
    59  ```
    60  
    61  Save this file to iis.yaml then deploy it:
    62  
    63  ```
    64  kubectl apply -f .\iis.yaml
    65  ```
    66  
    67  Get the Service endpoint and curl the website:
    68  
    69  ```
    70  kubectl get services
    71  NAME         TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
    72  iis          LoadBalancer   10.0.9.47    <pending>     80:31240/TCP   1m
    73  kubernetes   ClusterIP      10.0.0.1     <none>        443/TCP        46m
    74  
    75  curl <EXTERNAL-IP>
    76  ```
    77  
    78  #### Kube-proxy and CNIs for Containerd
    79  
    80  The Windows HostProcess Container feature is Alpha for Kubernetes v1.22 and Beta for v1.23.  See the Windows [Hostprocess KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-windows/1981-windows-privileged-container-support) for more details.  Kube-proxy and other CNI's  have been updated to run in HostProcess containers.  The current implementation is using [kube-proxy and Calico CNI built by sig-windows](https://github.com/kubernetes-sigs/sig-windows-tools/pull/161). Sig-windows is working to upstream the kube-proxy, cni implementations, and improve kubeadm support in the next few releases.
    81  
    82  Current requirements:
    83  
    84  - Kubernetes 1.23+
    85  - containerd 1.6+
    86  - `WindowsHostProcessContainers` feature-gate (Beta / on-by-default for v1.23) turned on for kube-apiserver and kubelet
    87  
    88  These requirements are satisfied by the Windows Containerd Template and Azure Marketplace reference image `cncf-upstream:capi-windows:k8s-1dot22dot1-windows-2019-containerd:2021.10.15`
    89  
    90  ## Details
    91  
    92  See the CAPI proposal for implementation details: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20200804-windows-support.md
    93  
    94  ### VM and VMSS naming
    95  
    96  Azure does not support creating Windows VM's with names longer than 15 characters ([see additional details historical restrictions](https://github.com/kubernetes-sigs/cluster-api/issues/2217#issuecomment-743336941)).
    97  
    98  When creating a cluster with `AzureMachine` if the AzureMachine is longer than 15 characters then the first 9 characters of the cluster name and appends the last 5 characters of the machine to create a unique machine name.
    99  
   100  When creating a cluster with `Machinepool` if the Machine Pool name is longer than 9 characters then the Machine pool uses the prefix `win` and appends the last 5 characters of the machine pool name.
   101  
   102  ### VM password and access
   103  The VM password is [random generated](https://cloudbase-init.readthedocs.io/en/latest/plugins.html#setting-password-main)
   104  by Cloudbase-init during provisioning of the VM. For Access to the VM you can use ssh, which can be configured with a
   105  public key you provide during deployment.
   106  It's required to specify the SSH key using the `users` property in the Kubeadm config template. Specifying the `sshPublicKey` on `AzureMachine` / `AzureMachinePool` resources only works with Linux instances.
   107  
   108  For example like this:
   109  ```yaml
   110  apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
   111  kind: KubeadmConfigTemplate
   112  metadata:
   113    name: test1-md-0
   114    namespace: default
   115  spec:
   116    template:
   117      spec:
   118        ...
   119        users:
   120        - name: username
   121          groups: Administrators
   122          sshAuthorizedKeys:
   123          - "ssh-rsa AAAA..."
   124  ```
   125  
   126  To SSH:
   127  
   128  ```
   129  ssh -t -i .sshkey -o 'ProxyCommand ssh -i .sshkey -W %h:%p capi@<api-server-ip>' capi@<windows-ip>
   130  ```
   131  
   132  Refer to [SSH Access for nodes](ssh-access.md) for more instructions on how to connect using SSH.
   133  
   134  > There is also a [CAPZ kubectl plugin](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/main/hack/debugging/Readme.md) that automates the ssh connection using the Management cluster
   135  
   136  To RDP you can proxy through the api server:
   137  
   138  ```
   139  ssh -L 5555:<windows-ip>:3389 capi@<api-server-ip>
   140  ```
   141  
   142  And then open an RDP client on your local machine to `localhost:5555`
   143  
   144  ### Image creation
   145  The images are built using [image-builder](https://github.com/kubernetes-sigs/image-builder) and published the the Azure Market place. They use [Cloudbase-init](https://cloudbase-init.readthedocs.io/en/latest/) to bootstrap the machines via Kubeadm.
   146  
   147  Find the latest published images:
   148  
   149  ```
   150  az vm image list --publisher cncf-upstream --offer capi-windows -o table --all
   151  Offer         Publisher      Sku                                     Urn                                                                           Version
   152  ------------  -------------  ----------------------------            ------------------------------------------------------------------            ----------
   153  capi-windows  cncf-upstream  k8s-1dot22dot1-windows-2019-containerd  cncf-upstream:capi-windows:k8s-1dot22dot1-windows-2019-containerd:2021.10.15  2021.10.15
   154  capi-windows  cncf-upstream  k8s-1dot22dot2-windows-2019-containerd  cncf-upstream:capi-windows:k8s-1dot22dot2-windows-2019-containerd:2021.10.15  2021.10.15
   155  ```
   156  
   157  If you would like customize your images please refer to the documentation on building your own [custom images](custom-images.md).