On Wednesday, March 27, AWS announced the public developer preview of support for Windows containers on Amazon EKS. This preview allows customers to take advantage of the latest Kubernetes functionality and start validating performance and stability of containerized Windows applications managed by Amazon EKS. More details are available at https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-eks-opens-public-preview-of-windows-container-support/
I am very excited by this announcement, as you most probably are aware that there is a huge installed base of Windows applications in the large/medium/small enterprises and they can leverage the power of Windows containers running on Kubernetes managed by Amazon EKS.
This brief blog post is my experience in spinning up an Amazon EKS cluster with Windows worker nodes as per the instructions at https://github.com/aws/containers-roadmap/tree/master/preview-programs/eks-windows-preview
Make sure you read the section on “Important Considerations for Windows nodes” which lists the key things with Windows node on Amazon EKS.
The steps in github are pretty intuitive, this blog is meant to be more a add-on to this official guide ..
Step 1:
Make sure you complete the prerequisites given at https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html#eks-prereqs
I installed kubectl for Kubernetes 1.11 from https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html on an EC2 client along with the iam-authenticator as given in the prereqs.
finally check, kubectl is installed properly ..
$ kubectl version — short — client
Client Version: v1.11.9
Step 2:
Creating the Amazon EKS cluster and the worker nodes, make sure you specify the correct Linux AMI ID and the Windows AMI ID for Kubernetes 1.11 (I chose the full Windows server AMI) as per the region that you are installing. This is basically step 2 from https://github.com/aws/containers-roadmap/tree/master/preview-programs/eks-windows-preview
The Cloudformation took around approximately 15–16 minutes with a full Windows server. Note down the Linux and Windows Node Instance Roles once the Cloudformation stack finishes.
Step 3:
This was basically the Step 3, 4 and 5 of the instructions at https://github.com/aws/containers-roadmap/tree/master/preview-programs/eks-windows-preview
Note: a small typo in the instructions, use the following urls to download the .sh and .yaml file specified (they left out the master in the url), I have submitted an issue on github..
curl -o webhook-create-signed-cert.sh https://raw.githubusercontent.com/aws/containers-roadmap/master/preview-programs/eks-windows-preview/webhook-create-signed-cert.sh
curl -o webhook-patch-ca-bundle.sh https://raw.githubusercontent.com/aws/containers-roadmap/master/preview-programs/eks-windows-preview/webhook-patch-ca-bundle.sh
curl -o vpc-admission-webhook-deployment.yaml https://raw.githubusercontent.com/aws/containers-roadmap/master/preview-programs/eks-windows-preview/vpc-admission-webhook-deployment.yaml
Ran the two commands:
$ ./webhook-create-signed-cert.sh
creating certs in tmpdir /tmp/tmp.lAXdNcqIFb
Generating RSA private key, 2048 bit long modulus
……………+++
………………..+++
e is 65537 (0x10001)
certificatesigningrequest.certificates.k8s.io/vpc-admission-webhook-svc.default created
NAME AGE REQUESTOR CONDITION
vpc-admission-webhook-svc.default 1s kubernetes-admin Pending
certificatesigningrequest.certificates.k8s.io/vpc-admission-webhook-svc.default approved
secret/vpc-admission-webhook-certs created
$ kubectl get secret vpc-admission-webhook-certs
NAME TYPE DATA AGE
vpc-admission-webhook-certs Opaque 2 18s
and finally deployed the vpc admission webhook and complete the rest of the commands.
from the EC2 console, you can see the three Windows worker node and one Linux node
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-192–168–120–74.us-west-2.compute.internal Ready <none> 32s v1.11.5
ip-192–168–143–85.us-west-2.compute.internal Ready <none> 32s v1.11.5
ip-192–168–218–38.us-west-2.compute.internal Ready <none> 28s v1.11.9
ip-192–168–252–139.us-west-2.compute.internal Ready <none> 32s v1.11.5
Step 4:
Deploy the sample IIS service on the Windows worker nodes ..
$ curl -o windows-server-iis.yaml https://raw.githubusercontent.com/aws/containers-roadmap/master/preview-programs/eks-windows-preview/windows-server-IIS.yaml
$ kubectl apply -f windows-server-iis.yaml
deployment.apps/windows-server-iis created
service/windows-server-iis-service created
If you look at the windows-server-iis.yaml, you will see the following windows image and the node selector:
containers:
— name: windows-server-iis
image: mcr.microsoft.com/windows/servercore:1809
…
nodeSelector:
beta.kubernetes.io/os: windows
wait for a bit and you can access the load balancer and the IIS home page shows up ..
$ kubectl describe service windows-server-iis-service
That’s it, the steps were pretty straightforward and we got Windows worker nodes running with Amazon EKS and running a Windows container !! Make sure you test out other Windows images and let me know your feedback. Feel free to log issues and comments at https://github.com/aws/containers-roadmap/tree/master/preview-programs/eks-windows-preview
Bye !!
