Adding Windows worker nodes
Kubernetes v1.18 [beta]
This page explains how to add Windows worker nodes to a kubeadm cluster.
Before you begin
- A running Windows Server 2022 (or higher) instance with administrative access.
- A running kubeadm cluster created by
kubeadm init
and following the steps in the document Creating a cluster with kubeadm.
Adding Windows worker nodes
Note:
To facilitate the addition of Windows worker nodes to a cluster, PowerShell scripts from the repository https://sigs.k8s.io/sig-windows-tools are used.Do the following for each machine:
- Open a PowerShell session on the machine.
- Make sure you are Administrator or a privileged user.
Then proceed with the steps outlined below.
Install containerd
To install containerd, first run the following command:
curl.exe -LO https://raw.githubusercontent.com/kubernetes-sigs/sig-windows-tools/master/hostprocess/Install-Containerd.ps1
Then run the following command, but first replace CONTAINERD_VERSION
with a recent release
from the containerd repository.
The version must not have a v
prefix. For example, use 1.7.22
instead of v1.7.22
:
.\Install-Containerd.ps1 -ContainerDVersion CONTAINERD_VERSION
- Adjust any other parameters for
Install-Containerd.ps1
such asnetAdapterName
as you need them. - Set
skipHypervisorSupportCheck
if your machine does not support Hyper-V and cannot host Hyper-V isolated containers. - If you change the
Install-Containerd.ps1
optional parametersCNIBinPath
and/orCNIConfigPath
you will need to configure the installed Windows CNI plugin with matching values.
Install kubeadm and kubelet
Run the following commands to install kubeadm and the kubelet:
curl.exe -LO https://raw.githubusercontent.com/kubernetes-sigs/sig-windows-tools/master/hostprocess/PrepareNode.ps1
.\PrepareNode.ps1 -KubernetesVersion v1.32
- Adjust the parameter
KubernetesVersion
ofPrepareNode.ps1
if needed.
Run kubeadm join
Run the command that was output by kubeadm init
. For example:
kubeadm join --token <token> <control-plane-host>:<control-plane-port> --discovery-token-ca-cert-hash sha256:<hash>
Additional information about kubeadm join
Note:
To specify an IPv6 tuple for<control-plane-host>:<control-plane-port>
, IPv6 address must be enclosed in square brackets, for example: [2001:db8::101]:2073
.If you do not have the token, you can get it by running the following command on the control plane node:
# Run this on a control plane node
sudo kubeadm token list
The output is similar to this:
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
8ewj1p.9r9hcjoqgajrj4gi 23h 2018-06-12T02:51:28Z authentication, The default bootstrap system:
signing token generated by bootstrappers:
'kubeadm init'. kubeadm:
default-node-token
By default, node join tokens expire after 24 hours. If you are joining a node to the cluster after the current token has expired, you can create a new token by running the following command on the control plane node:
# Run this on a control plane node
sudo kubeadm token create
The output is similar to this:
5didvk.d09sbcov8ph2amjw
If you don't have the value of --discovery-token-ca-cert-hash
, you can get it by running the
following commands on the control plane node:
sudo cat /etc/kubernetes/pki/ca.crt | openssl x509 -pubkey | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'
The output is similar to:
8cb2de97839780a412b93877f8507ad6c94f73add17d5d7058e91741c9d5ec78
The output of the kubeadm join
command should look something like:
[preflight] Running pre-flight checks
... (log output of join workflow) ...
Node join complete:
* Certificate signing request sent to control-plane and response
received.
* Kubelet informed of new secure connection details.
Run 'kubectl get nodes' on control-plane to see this machine join.
A few seconds later, you should notice this node in the output from kubectl get nodes
.
(for example, run kubectl
on a control plane node).
Network configuration
CNI setup on clusters mixed with Linux and Windows nodes requires more steps than just
running kubectl apply
on a manifest file. Additionally, the CNI plugin running on control
plane nodes must be prepared to support the CNI plugin running on Windows worker nodes.
Only a few CNI plugins currently support Windows. Below you can find individual setup instructions for them:
Install kubectl for Windows (optional)
See Install and Set Up kubectl on Windows.
What's next
- See how to add Linux worker nodes.
Items on this page refer to third party products or projects that provide functionality required by Kubernetes. The Kubernetes project authors aren't responsible for those third-party products or projects. See the CNCF website guidelines for more details.
You should read the content guide before proposing a change that adds an extra third-party link.