Create Windows ECI pods in a Kubernetes cluster-Container Service for Kubernetes(ACK)-阿里云帮助中心

ECI now supports instances that run the Windows operating system. If your containers require a Windows environment, you can add a Windows virtual node to your cluster and schedule pods to it. This creates a Windows-based ECI pod (an ECI instance) to run your containers.

Prerequisites

Submit a ticket to request access to this feature.
The ACK Virtual Node component in your cluster is version v2.11.0-rc.0 or later. For more information, see Manage components and ACK Virtual Node.

Limitations

When you create a Windows ECI instance, the instance specification must be at least 2 vCPU and 4 GiB of memory.
The Windows container image version must be 10.0.20348.*, which corresponds to Windows Server 2022.
The following features are not supported:
- Local disks are not supported.
- GPUs are not supported.
- Windows HostProcess containers are not supported.
For more unsupported features, see Windows containers in Kubernetes.

Add a Windows virtual node

Follow these steps to modify the eci-profile ConfigMap and add a Windows virtual node to your cluster.

Console

On the ACK Clusters page, click the name of your cluster. In the left navigation pane, click Configurations > ConfigMaps.
Select the kube-system namespace. In the Actions column for the eci-profile ConfigMap, click Edit.
Click Add. For Name, enter enableWindowsAmd64Node. For Value, enter true. Then, click OK.
In the navigation pane on the left, choose Nodes > Node Pools to verify that the Windows virtual node has been added.

Kubectl

Obtain the cluster kubeconfig and use kubectl to connect to the cluster.
Edit the eci-profile ConfigMap in your cluster.
```
kubectl edit -n kube-system cm/eci-profile
```

In the data section, add the enableWindowsAmd64Node: "true" configuration.

data:
  ......
  enableWindowsAmd64Node: "true"   # Enable the Windows node
  ......

Verify that the Windows virtual node exists.

kubectl get nodes -l kubernetes.io/os=windows

Expected output:

NAME                                          STATUS   ROLES   AGE   VERSION
virtual-kubelet-cn-hangzhou-i-windows-amd64   Ready    agent   23m   v1.34.3-aliyun.1
virtual-kubelet-cn-hangzhou-j-windows-amd64   Ready    agent   23m   v1.34.3-aliyun.1
virtual-kubelet-cn-hangzhou-k-windows-amd64   Ready    agent   23m   v1.34.3-aliyun.1

Windows workload examples

Windows virtual nodes have the kubernetes.io/os: windows label. When you create a Windows workload, use a nodeSelector to schedule the workload to a Windows virtual node.

Use a Secret

Create a Windows workload and mount a Secret to the secrets directory on the C drive.

Create a file named windows-deploy-secret-example.yaml with the following content. Then, run the kubectl apply -f windows-deploy-secret-example.yaml command to create the resources.

apiVersion: v1
kind: Secret
metadata:
  name: windows-test-secret
type: Opaque
stringData:
  username: testuser
  password: testpass123
  secret.txt: "This is a secret file for Windows Pod"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: windows-deployment-secret-example
  labels:
    app: windows-secret-app
spec:
  replicas: 1 # The number of replicas is set to 1 for this example.
  selector:
    matchLabels:
      app: windows-secret-app
  template:
    metadata:
      labels:
        app: windows-secret-app
        alibabacloud.com/acs: "true"
    spec:
      nodeSelector:
        kubernetes.io/os: windows
      containers:
      - name: test
        image: registry-cn-hangzhou.ack.aliyuncs.com/test/nanoserver:ltsc2022
        command: ["ping", "-t", "localhost"]
        resources:
          requests:
            cpu: "4"         
            memory: "8Gi"     
          limits:
            cpu: "4"         
            memory: "8Gi"
        volumeMounts:
        - name: secret-volume
          mountPath: C:\secrets
          readOnly: true
      volumes:
      - name: secret-volume
        secret:
          secretName: windows-test-secret

Verify that the workload is running as expected and check the content of the Secret.

Open a command shell in the container.

kubectl exec -it deployment/windows-deployment-secret-example -- cmd

In the command shell, verify the content of the Secret.

# Navigate to the directory where the Secret is mounted. 
C:\>cd secrets

# View the content of the Secret.
C:\secrets>type secret.txt
This is a secret file for Windows Pod

Attach an EIP

Install the ack-extend-network-controller component. For more information, see Attach an EIP to a Pod by using annotations.

Create a Windows workload with the network.alibabacloud.com/pod-with-eip: "true" annotation.

Create a file named windows-deploy-eip-example.yaml with the following content. Then, run the kubectl apply -f windows-deploy-eip-example.yaml command to create the resources.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: windows-deployment-eip-example
  labels:
    app: windows-eip-app
spec:
  replicas: 1 # The number of replicas is set to 1 for this example.
  selector:
    matchLabels:
      app: windows-eip-app
  template:
    metadata:
      labels:
        app: windows-eip-app
        alibabacloud.com/acs: "true"
      annotations:
        network.alibabacloud.com/pod-with-eip: "true"
    spec:
      nodeSelector:
        kubernetes.io/os: windows
      containers:
      - name: test
        image: registry-cn-hangzhou.ack.aliyuncs.com/test/nanoserver:ltsc2022
        command: ["ping", "-t", "localhost"]
        resources:
          requests:
            cpu: "4"
            memory: "8Gi"
          limits:
            cpu: "4"
            memory: "8Gi"

Get the EIP of the Pod.

kubectl get pod $(kubectl get pods -l app=windows-eip-app -o jsonpath='{.items[0].metadata.name}') -o jsonpath="{.metadata.annotations['network\.alibabacloud\.com/allocated-eipAddress']}"

Your output may vary.