Windows Worker Nodes¶
From version 1.14, Amazon EKS supports Windows Nodes that allow running Windows containers. In addition to having Windows nodes, a Linux node in the cluster is required to run CoreDNS, as Microsoft doesn't support host-networking mode yet. Thus, a Windows EKS cluster will be a mixture of Windows nodes and at least one Linux node. The Linux nodes are critical to the functioning of the cluster, and thus, for a production-grade cluster, it's recommended to have at least two t2.large
Linux nodes for HA.
Note
You no longer need to install the VPC resource controller on Linux worker nodes to run Windows workloads in EKS clusters created after October 22, 2021. You can enable Windows IP address management on the EKS control plane via a ConfigMap setting (see https://docs.aws.amazon.com/eks/latest/userguide/windows-support.html for details). eksctl will automatically patch the ConfigMap to enable Windows IP address management when a Windows nodegroup is created.
Creating a new Windows cluster¶
The config file syntax allows creating a fully-functioning Windows cluster in a single command:
# cluster.yaml
# An example of ClusterConfig containing Windows and Linux node groups to support Windows workloads
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: windows-cluster
region: us-west-2
nodeGroups:
- name: windows-ng
amiFamily: WindowsServer2019FullContainer
minSize: 2
maxSize: 3
managedNodeGroups:
- name: linux-ng
instanceType: t2.large
minSize: 2
maxSize: 3
- name: windows-managed-ng
amiFamily: WindowsServer2019FullContainer
minSize: 2
maxSize: 3
eksctl create cluster -f cluster.yaml
To create a new cluster with Windows un-managed nodegroup without using a config file, issue the following commands:
eksctl create cluster --managed=false --name=windows-cluster --node-ami-family=WindowsServer2019CoreContainer
Adding Windows support to an existing Linux cluster¶
To enable running Windows workloads on an existing cluster with Linux nodes (AmazonLinux2
AMI family), you need to add a Windows nodegroup.
NEW Support for Windows managed nodegroup has been added (--managed=true or omit the flag).
eksctl create nodegroup --managed=false --cluster=existing-cluster --node-ami-family=WindowsServer2019CoreContainer
eksctl create nodegroup --cluster=existing-cluster --node-ami-family=WindowsServer2019CoreContainer
To ensure workloads are scheduled on the right OS, they must have a nodeSelector
targeting the OS it must run on:
# Targeting Windows
nodeSelector:
kubernetes.io/os: windows
kubernetes.io/arch: amd64
# Targeting Linux
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
If you are using a cluster older than 1.19
the kubernetes.io/os
and kubernetes.io/arch
labels need to be replaced with beta.kubernetes.io/os
and beta.kubernetes.io/arch
respectively.