Slides used at Boulder Kubernetes Meetup Nov 7 2019

1. Why Would you run
Windows containers in k8s?
Craig Peters
Principal Program Manager, Azure Container Compute
@peterscraig

2. Applying modern ops to Windows Apps
What is hard about Windows
operations?
• Dependencies and version conflicts
• Registry settings
• Automation
Windows containers
• Portable and reusable runtimes
• Developers control dependencies
How to improve manual break/fix
operations?
Declarative config + control loops

3. Who needs Windows in K8s?
• Enterprises
• Thousands of back-office .NET applications
• New apps are Linux
• Is there a cheaper/easier way than babysitting VMs for .NET apps?
• Software Vendors
• Existing customers run Windows
• New products run as Linux containers with Kubernetes
• How can I serve my whole customer base?
• SaaS Operators
• Existing Windows apps

4. Is Kubernetes right for all Windows apps?
• Certainly not
• Kubernetes is appropriate when
• Reboots fix common errors
• Critical data is persisted outside of process
• Kubernetes is a great fit when
• More than one process can work on shared data

5. How can Windows containers work in K8s?

6. Where to run it?
Cloud
• Azure
• AKS
• AKS Engine
• Azure RedHat OpenShift (soon)
• GKE/GCP
• EKS
• Huawei Cloud
On-prem
• RedHat OpenShift
• Pivotal PKS
• Docker EE
• Rancher 2.x

7. Demo
1. Kubernetes cluster with one Linux node for control plane, and two Windows Server 2019 nodes
2. Deployment with two containers, one running PS to write a counter to shared storage, the
other IIS to display in a simple web page
https://github.com/craiglpeters/windows-two-containers-demo

8. How did we get here?
Alpha Release
Kubelet and kube-
proxy running on
windows
Dec 2017
v1.9
Beta Release
Major updates in functionality
and CNI support
March 2019
v1.14
Stable Release
Support for adding
Windows Server 2019
nodes to Kubernetes
Jun 2019
v1.15
Refinements
gMSA to alpha,
usability and quality
improvements
Sept 2019
v1.16
More refinements
gMSA to beta,
RunAsUsername, and
CSI alpha
Dec 2019
v1.17
Refinements
RunTimeClass
support, Containerd to
alpha

9. What’s still lacking?
• Examples, and app migration tooling
• Node management tooling
• Monitoring and logging solutions
• Host-container version skew/compatibility
• Privileged containers
• Physical resource access
• Fine grained resource control

10. What’s coming upstream?
Kubernetes v1.17
• Containerd alpha on Windows
• Supports flannel and process isolation
(using containerd 1.4)
• https://github.com/kubernetes/enhanceme
nts/issues/1001
• RunTimeClass alpha on Windows
• Automatic OS version label which can help
steer workloads to the right nodes
• Allows configuration of runtimes at cluster
level using RunTimeClass
• https://github.com/kubernetes/enhanceme
nts/issues/1301
• Kubeadm for Windows to beta in v1.17
• https://github.com/kubernetes/enhanceme
nts/issues/995
Future
• Hyper-V support
• Version skew
• Multitenant isolation
• Finer memory and cpu resource control
• Linux containers on Windows using
Windows Subsystem for Linux v2
• Cluster-api support

11. How to Contribute
End User Contributor Tech Lead
GitHub
Issues
Document/
Blog
Community
Meetings
1st
Commit
Fix Bugs
Member Community
Meetings
Commits Reviews
Presentations
Release
Plans
Cross Group
Collaboration

12. Getting Started
Join our weekly meetings Tuesdays at 10.30 am Mountain Time
View recorded community meetings
Find bugs you can fix in our project board
Help us write additional documentation and user stories

13. How to find the community
https://groups.google.com/forum/#
!forum/kubernetes-sig-windows
#sig-windows
@m2
@patricklang
@craiglpeters
https://github.com/kubernetes/co
mmunity/tree/master/sig-windows
https://zoom.us/j/297282383
https://www.youtube.com/pl
aylist?list=PL69nYSiGNLP2OH
9InCcNkWNu2bl-gmIU4
https://kubernetes.io/docs/setup/produc
tion-environment/windows/intro-
windows-in-kubernetes/

14. Resources
• Patrick Lang’s repos https://github.com/PatrickLang
• Flexvolumes https://github.com/microsoft/K8s-Storage-
Plugins/tree/master/flexvolume/windows
• Overlay Networking for Windows
https://techcommunity.microsoft.com/t5/Networking-
Blog/Introducing-Kubernetes-Overlay-Networking-for-Windows/ba-
p/363082
• Troubleshooting Kubernetes Networking on Windows
https://techcommunity.microsoft.com/t5/Networking-
Blog/Troubleshooting-Kubernetes-Networking-on-Windows-Part-
1/ba-p/508648

15. Q&A if time allows

16. Addendum slides

17. Networking Update
• Networking topologies available
• Overlay
• Requires Windows Server 2019 with KB4489899
• Win-overlay plugin available
• Flannel vxlan support in alpha
• Underlay - L2Bridge, L2Tunnel
• win-bridge plugin available
• Flannel host-gw support
• Transparent – vSwitch extension
• ovn-kubernetes
• Network Policy
• Calico
• OVN

18. Things to Consider
Read the documentation!
Where the container runs
- Need a Windows Server node = Use NodeSelector
If you’re adding Windows and don’t already have nodeSelector on Linux deployments
- Option 1 (preferred): Add a taint to Windows nodes, toleration to Windows deployments
- Option 2: Update your Helm Charts and YAML files
Resource Consumption
- Need higher limits (300Mb min) - need Windows background services per container
Kernel/User compatibility
- Windows kernel major version should match (for now) – use versioned tags, not latest!
- Build on Windows Server 2019 = must run on Windows Server 2019
- Hyper-V isolation [alpha] can run older containers on a newer node

19. Testing Update
Windows node tests in test grid across
Azure, GCP and vSphere
• Conformance tests (excluding LinuxOnly)
• Windows specific tests
• Ongoing dot release testing