sigs.k8s.io/cluster-api-provider-azure@v1.17.0/docs/book/src/self-managed/windows.md

sigs.k8s.io/cluster-api-provider-azure@v1.17.0/docs/book/src/self-managed/windows.md (about)

     1  # Windows Clusters
     2  
     3  ## Overview
     4  
     5  CAPZ enables you to create Windows Kubernetes clusters on Microsoft Azure. We recommend using Containerd for the Windows runtime in Cluster API for Azure.
     6  
     7  ### Using Containerd for Windows Clusters
     8  
     9  To deploy a cluster using Windows, use the [Windows flavor template](https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/cluster-template-windows.yaml).
    10  
    11  ## Deploy a workload
    12  
    13  After you Windows VM is up and running you can deploy a workload. Using the deployment file below:
    14  
    15  ```
    16  apiVersion: apps/v1
    17  kind: Deployment
    18  metadata:
    19    name: iis-1809
    20    labels:
    21      app: iis-1809
    22  spec:
    23    replicas: 1
    24    template:
    25      metadata:
    26        name: iis-1809
    27        labels:
    28          app: iis-1809
    29      spec:
    30        containers:
    31        - name: iis
    32          image: mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019
    33          resources:
    34            limits:
    35              cpu: 1
    36              memory: 800m
    37            requests:
    38              cpu: .1
    39              memory: 300m
    40          ports:
    41            - containerPort: 80
    42        nodeSelector:
    43          "kubernetes.io/os": windows
    44    selector:
    45      matchLabels:
    46        app: iis-1809
    47  ---
    48  apiVersion: v1
    49  kind: Service
    50  metadata:
    51    name: iis
    52  spec:
    53    type: LoadBalancer
    54    ports:
    55    - protocol: TCP
    56      port: 80
    57    selector:
    58      app: iis-1809
    59  ```
    60  
    61  Save this file to iis.yaml then deploy it:
    62  
    63  ```
    64  kubectl apply -f .\iis.yaml
    65  ```
    66  
    67  Get the Service endpoint and curl the website:
    68  
    69  ```
    70  kubectl get services
    71  NAME         TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
    72  iis          LoadBalancer   10.0.9.47    <pending>     80:31240/TCP   1m
    73  kubernetes   ClusterIP      10.0.0.1     <none>        443/TCP        46m
    74  
    75  curl <EXTERNAL-IP>
    76  ```
    77  
    78  #### Kube-proxy and CNIs for Containerd
    79  
    80  The Windows HostProcess Container feature is Alpha for Kubernetes v1.22 and Beta for v1.23. In v1.28, this feature is on by default and the `WindowsHostProcessContainers` feature gate is no longer recognized. See the Windows [Hostprocess KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-windows/1981-windows-privileged-container-support) for more details. Kube-proxy and other CNI's have been updated to run in HostProcess containers. The current implementation is using [kube-proxy and Calico CNI built by sig-windows](https://github.com/kubernetes-sigs/sig-windows-tools/pull/161). Sig-windows is working to upstream the kube-proxy, cni implementations, and improve kubeadm support in the next few releases.
    81  
    82  Current requirements:
    83  
    84  - Kubernetes 1.23+
    85  - containerd 1.6+
    86  - `WindowsHostProcessContainers` feature-gate (Beta / on-by-default for v1.23) turned on for kube-apiserver and kubelet, omitted in v1.28 and later
    87  
    88  These requirements are satisfied by the Windows Containerd Template and Azure Marketplace reference image `cncf-upstream:capi-windows:k8s-1dot22dot1-windows-2019-containerd:2021.10.15`
    89  
    90  ## Details
    91  
    92  See the CAPI proposal for implementation details: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20200804-windows-support.md
    93  
    94  ### VM and VMSS naming
    95  
    96  Azure does not support creating Windows VM's with names longer than 15 characters ([see additional details historical restrictions](https://github.com/kubernetes-sigs/cluster-api/issues/2217#issuecomment-743336941)).
    97  
    98  When creating a cluster with `AzureMachine` if the AzureMachine is longer than 15 characters then the first 9 characters of the cluster name and appends the last 5 characters of the machine to create a unique machine name.
    99  
   100  When creating a cluster with `Machinepool` if the Machine Pool name is longer than 9 characters then the Machine pool uses the prefix `win` and appends the last 5 characters of the machine pool name.
   101  
   102  ### VM password and access
   103  The VM password is [random generated](https://cloudbase-init.readthedocs.io/en/latest/plugins.html#setting-password-main)
   104  by Cloudbase-init during provisioning of the VM. For Access to the VM you can use ssh, which can be configured with a
   105  public key you provide during deployment.
   106  It's required to specify the SSH key using the `users` property in the Kubeadm config template. Specifying the `sshPublicKey` on `AzureMachine` / `AzureMachinePool` resources only works with Linux instances.
   107  
   108  For example like this:
   109  ```yaml
   110  apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
   111  kind: KubeadmConfigTemplate
   112  metadata:
   113    name: test1-md-0
   114    namespace: default
   115  spec:
   116    template:
   117      spec:
   118        ...
   119        users:
   120        - name: username
   121          groups: Administrators
   122          sshAuthorizedKeys:
   123          - "ssh-rsa AAAA..."
   124  ```
   125  
   126  To SSH:
   127  
   128  ```
   129  ssh -t -i .sshkey -o 'ProxyCommand ssh -i .sshkey -W %h:%p capi@<api-server-ip>' capi@<windows-ip>
   130  ```
   131  
   132  Refer to [SSH Access for nodes](ssh-access.md) for more instructions on how to connect using SSH.
   133  
   134  > There is also a [CAPZ kubectl plugin](https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/main/hack/debugging/Readme.md) that automates the ssh connection using the Management cluster
   135  
   136  To RDP you can proxy through the api server:
   137  
   138  ```
   139  ssh -L 5555:<windows-ip>:3389 capi@<api-server-ip>
   140  ```
   141  
   142  And then open an RDP client on your local machine to `localhost:5555`
   143  
   144  ### Image creation
   145  The images are built using [image-builder](https://github.com/kubernetes-sigs/image-builder) and published the the Azure Market place. They use [Cloudbase-init](https://cloudbase-init.readthedocs.io/en/latest/) to bootstrap the machines via Kubeadm.
   146  
   147  Find the latest published images:
   148  
   149  ```
   150  az vm image list --publisher cncf-upstream --offer capi-windows -o table --all
   151  Offer         Publisher      Sku                                     Urn                                                                           Version
   152  ------------  -------------  ----------------------------            ------------------------------------------------------------------            ----------
   153  capi-windows  cncf-upstream  k8s-1dot22dot1-windows-2019-containerd  cncf-upstream:capi-windows:k8s-1dot22dot1-windows-2019-containerd:2021.10.15  2021.10.15
   154  capi-windows  cncf-upstream  k8s-1dot22dot2-windows-2019-containerd  cncf-upstream:capi-windows:k8s-1dot22dot2-windows-2019-containerd:2021.10.15  2021.10.15
   155  ```
   156  
   157  If you would like customize your images please refer to the documentation on building your own [custom images](custom-images.md).