In this page, you learn how to create a Google Kubernetes Engine (GKE) cluster with node pools running Microsoft Windows Server. With this cluster, you can use Windows Server containers. Microsoft Hyper-V containers are not currently supported. Similar to Linux containers, Windows Server containers provide process and namespace isolation. Show
A Windows Server node requires more resources than a typical Linux node. Windows Server nodes need the extra resources to run the Windows OS and for the Windows Server components that cannot run in containers. Since Windows Server nodes require more resources, your allocatable resources are lower than they would be with Linux nodes. Creating a cluster using Windows Server node poolsIn this section, you create a cluster that uses a Windows Server container. To create this cluster you need to complete the following tasks:
Choose your Windows Server node imageTo run on GKE, Windows Server container node images need to be built on Windows Server version 2019 (LTSC) or Windows Server version 20H2 (SAC). A single cluster can have multiple Windows Server node pools using different Windows Server versions, but each individual node pool can only use one Windows Server version. Consider the following when choosing your node image:
Update and configure gcloudBefore you start, make sure you have performed the following tasks:
Create a cluster and node poolsTo run Windows Server containers, your cluster must have at least one Windows and one Linux node pool. You cannot create a cluster using only a Windows Server node pool. The Linux node pool is required to run critical cluster add- ons. Because of its importance, we recommend turning on autoscaling to ensure your Linux node pool has sufficient capacity to run cluster add-ons. Create a cluster with the following fields: Replace the following: Create the Windows Server node
pool with the following fields: Replace the following: For more information about these node images, see the Choose your
Windows node image section. Go to the Google Kubernetes Engine page in the Google Cloud console. Go to Google Kubernetes Engine Click Create. In the Cluster basics section, complete the following: From the navigation pane, under Node Pools, click default-pool to create your Linux node pool. When configuring this
node pool, you should provide sufficient compute resources to run cluster add-ons. You must also have available resource quota for the nodes and their resources (such as firewall routes). At the top of the page, click Add Node Pool to create your Windows Server node pool. In the Node pool details section, complete the following:
From the navigation pane, under Node Pools, click Nodes.
From the navigation pane, select the name of your Windows Server node pool. This returns you to the Node pool details page.
From the navigation pane, under Cluster, select Networking.
Click Create. TerraformYou can use the Google Terraform provider to create a GKE cluster with a Windows Server node pool. Add this block to your Terraform configuration:
Replace the following:
After you create a Windows Server node pool, the cluster goes into a Get kubectl credentialsUse the
For more information on the Wait for cluster initializationBefore using the cluster, wait for several seconds until To ensure the webhook is created, run the following command:
The output should show the webhook running:
Now that you have a cluster with two node pools (one Linux and one Windows), you can deploy a Windows application. Mapping GKE and Windows versionsMicrosoft releases new SAC versions approximately every six months and new LTSC versions every two to three years. These new versions are typically available in new GKE minor versions. Within a GKE minor version the LTSC and SAC versions usually remain fixed. To see the version mapping between GKE versions and Windows Server versions, use the
The version mapping is returned in the
Upgrading Windows Server node poolsThe Windows Server container version compatibility requirements mean that your container images might need to be rebuilt to match the Windows Server version for a new GKE version before upgrading your node pools. To ensure that your container images remain compatible with your nodes, we recommend that you check the version mapping and build your Windows Server container images as multi-arch images that can target multiple Windows Server versions. You can then update your container deployments to target the multi-arch images that will work on both the current and the next GKE version before manually invoking a GKE node pool upgrade. Manual node pool upgrades must be performed regularly because nodes cannot be more than two minor versions behind the control plane version. We recommend that you subscribe to upgrade notifications using Pub/Sub to proactively receive updates about new GKE versions and the Windows OS versions they use. We recommend enabling node auto-upgrades only if you continuously build multi-arch Windows Server container images that target the latest Windows Server versions, especially if you are using Windows Server SAC as the node image type. Node auto-upgrades are less likely to cause problems with the Windows Server LTSC node image type but there is still a risk of encountering version incompatibility issues. Windows UpdatesWindows Updates are disabled for Windows Server nodes. Automatic updates can cause node restarts at unpredictable times, and any Windows Updates installed after a node starts would be lost when the node is recreated by GKE. GKE makes Windows Updates available by periodically updating the Windows Server node images used in new GKE releases. There can be a delay between when Windows Updates are released by Microsoft and when they are available in GKE. When critical security updates are released, GKE updates the Windows Server node images as quickly as possible. Enabling network policyYou can use Windows Server containers on clusters that have
network policy enabled in GKE versions 1.22.2 and later. This feature is only available for clusters that use the You can migrate your node pools to a version that supports network policy by upgrading your node pools and your control plane to GKE version 1.22.2 or later. This option is only available if you created your cluster with the After you enable network policy, all previously configured policies, including policies that did not work on Windows Server containers before you enabled the feature, become active. Some clusters cannot be used with Windows Server containers on clusters with network policy enabled. See the limitations section for more details. Viewing and querying logsLogging is enabled automatically in GKE clusters. You can view the logs of the containers and the logs from other services on the Windows Server nodes using Kubernetes Engine monitoring. The following is an example of a filter to get the container log:
Accessing a Windows Server node using Remote Desktop Protocol (RDP)You can connect to a Windows Server node in your cluster using RDP. For instructions on how to connect, see Connecting to Windows instances in the Compute Engine documentation. Building multi-arch imagesYou can build the multi-arch images manually or use a Cloud Build builder. For instructions, see Building Windows multi-arch images. Using gMSAThe following steps show you how to use a Group Managed Service Account (gMSA) with your Windows Server node pools.
Deleting Windows Server node poolsDelete a Windows Server node pool by using To delete a Windows Server node pool using the Google Cloud console, perform the following steps: Go to the Google Kubernetes Engine page in the Google Cloud console. Go to Google Kubernetes Engine Beside the
cluster you want to edit, click Actions, then click Edit. Select the Nodes tab. Under the Node Pools section, click Delete next to the node pool you want to delete. When prompted to confirm, click Delete again. LimitationsThere are some Kubernetes features that are not yet supported for Windows Server containers. In addition, some features are Linux-specific and do not work for Windows. For the complete list of supported and unsupported Kubernetes features, see the Kubernetes documentation. In addition to the unsupported Kubernetes features, there are some GKE features that are not supported. For GKE clusters, the following features are not supported with Windows Server node pools:
Local External Traffic Policy on Windows node pool is only supported with GKE version v1.23.4-gke.400 or later. Other Google Cloud products that you want to use with GKE clusters might not support Windows Server node pools. For specific limitations, refer to the documentation of that product. Windows Server containers on clusters with network policy enabled cannot be used with the following:
TroubleshootingSee the Kubernetes documentation for general guidance on debugging Pods and Services. Containerd node issuesFor known issues using a Containerd node image, see Known issues. Windows Pods fail to startA version mismatch between the Windows Server container and the Windows node that is trying to run the container can result in your Windows Pods failing to start. If the version for your Windows node pool is
1.16.8-gke.8 or later, review Microsoft's documentation for the February 2020 Windows Server container incompatibility issue and build your container images with base Windows images that include Windows Updates
from March 2020. Container images built on earlier base Windows images might fail to run on these Windows nodes and can also cause the node to fail with status Image pull errorsWindows Server container images, and the individual layers they are composed of, can be quite large. Their size can cause Kubelet to timeout and fail when downloading and extracting the container layers. You might have encountered this
problem if you see the "Failed to pull image" or "Image pull context cancelled" error messages or an If the pull image occurs frequently, you should use node pools with a higher CPU specification. Container extraction is executed in parallel across cores, so machine types with more cores reduces the overall pull time. Try the following options to successfully pull your Windows Server containers:
Image family reached end of lifeWhen creating a node pool with a Windows image, you receive an error similar to the following:
To resolve this error, choose a Windows image that is available and supported. You can find the support end date for GKE Windows node images by
using the Timeout during node pool creationNode pool creation can time out if you are creating a large number of nodes (for example, 500) and it's the first node pool in the cluster using a Windows Server image. To resolve this issue, reduce the number of nodes you are creating. You can increase the number of nodes later. Windows nodes become NotReady with error: "PLEG is not healthy"This is a known Kubernetes issue that happens when multiple Pods are started very rapidly on a single Windows node. To recover from this situation, restart the Windows Server node. A recommended workaround to avoid this issue is to limit the rate at which Windows Pods are created to one Pod every 30 seconds. Inconsistent TerminationGracePeriodThe Windows system timeout for the container might differ from the grace period you configure. This difference can cause Windows to force-terminate the container before the end of the grace period passed to the runtime. You can modify the Windows timeout by editing container-local registry keys at image-build time. If you modify the Windows timeout, you might also need to adjust TerminationGracePeriodSeconds to match. Network connectivity problemsIf you experience network
connectivity problems from your Windows Server containers, it might be because Windows Server container networking often assumes a network MTU of Check that the MTU of the network interface in the container and the network interfaces of the Windows Server node itself are all Node startup issuesIf nodes fail to start in the cluster or fail to join the cluster successfully, review the diagnostic information provided in the node's serial port output. Run the following command to see the serial port output:
Replace the following:
What's next
How do I setup and configure a nano server?In Windows PowerShell and run the following commands Step by Step:-. Import-Module D:\Nano\NanoServerImageGenerator.psm1(Press Enter) ... . New-NanoServerImage -Edition Standard -MediaPath E:\ ... . Nano\NanoServer.vhdx -DeploymentType Guest -ComputerName Nano(Press Enter). What command installs the Nano server base image quizlet?Use PXE boot and WDS to install Nano Server on a bare-Metal computer.
Which tool in HyperYou can use System Center - Virtual Machine Manager (VMM) to manage hosts and virtual machines running Nano server. Using VMM, you can add and manage existing hosts running Nano, configure bare metal machines as Nano Server-based hosts, deploy compute clusters, and storage clusters (disaggregated and hyper-converged).
Which server role can be deployed on a nano server?You need to create a custom Nano Server image that includes the Hyper-V server role. The image will be used to deploy Nano Servers to physical servers.
|