[wip] Kubeadm updates for Windows and Containerd #32862
Conversation
k8s-ci-robot
added
sig/windows
👷 Deploy Preview for kubernetes-io-vnext-staging processing.
|
k8s-ci-robot
added
the
size/L
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
language/en
jsturtevant
changed the title
| We will leverage host-process containers to run kube-proxy as a DaemonSet. This can be run from any Linux machine that has kubectl installed with its context configured to your new cluster. | ||
|
|
||
| ``` powershell | ||
| curl -L https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/kube-proxy-flannel-hpc.yml | sed 's/KUBERNETES_VERSION/v1.23.5/g' | kubectl apply -f - |
There was a problem hiding this comment.
Should we have a floating image tag for latest patch release for each minor version (in addition to a tag for each major/minor/patch)?
If we do that we can use v{{< skew currentVersion >}} instead of hardcoding the K8s version to use in the sec command here.
|
/hold Changes for #31428 are not yet ready to merge. |
k8s-ci-robot
added
the
do-not-merge/hold
There was a problem hiding this comment.
Thanks for proposing these changes.
It looks to me as if this page needs quite a lot of work. I'd like to see a comprehensive rewrite or, at a minimum, a PR that makes the page better with no regressive changes. Please do consider revising this PR in light of the inline feedback here.
|
|
||
| #### Install kube-proxy DaemonSet | ||
|
|
||
| We will leverage host-process containers to run kube-proxy as a DaemonSet. This can be run from any Linux machine that has kubectl installed with its context configured to your new cluster. |
There was a problem hiding this comment.
- Please address the reader as you.
- Setting up networking is not specific to containerd, so this advice seems to be in the wrong place.
- Can you run
kubectlon Windows, or does it require Linux?
| If you no longer have this command, or the token has expired, you can run `kubeadm token create --print-join-command` | ||
| (on a control plane host) to generate a new token and join command. | ||
|
|
||
| #### Install Flannel CNI DaemonSet |
There was a problem hiding this comment.
- Because Flannel is not part of Kubernetes, this doesn't comply with our content guide. Please read https://kubernetes.io/blog/2020/05/third-party-dual-sourced-content/ for context.
Make sure to include the relevant third-party shortcode as part of this page rewrite. - Setting up networking is not specific to containerd, so this advice seems to be in the wrong place.
| @@ -172,7 +172,7 @@ installing the `containerd.io` package can be found at | |||
| {{% /tab %}} | |||
| {{% tab name="Windows (PowerShell)" %}} | |||
|
|
|||
| Start a Powershell session, set `$Version` to the desired version (ex: `$Version="1.4.3"`), | |||
| Start a Powershell session, set `$Version` to the desired version (ex: `$Version="1.6.2"`), | |||
There was a problem hiding this comment.
I recommend using an example that is deliberately not valid, and then helping the reader work out the right version.
Also, this page is likely to change: see #32738
|
|
||
| ### Intro |
There was a problem hiding this comment.
We never have a heading “introduction” in our documentation. Actual introductory text should appear before the first heading at <h2> level.
Please reword this heading. Alternatively, you can list prerequisites under the Prerequisites heading (line 20 ish).
|
|
||
| ### Joining a Windows worker node | ||
| The Before running any of these step the Windows node should have the following Windows Features installed: `Containers`,`Hyper-V`,`Hyper-V-PowerShell`. These can be installed using the Powershell `Install-WindowsFeature` command. |
There was a problem hiding this comment.
You can list prerequisites under the Prerequisites heading (line 20 ish). Also, PowerShell has a capital S.
| [Install `crictl` from the cri-tools package](https://github.com/kubernetes-sigs/cri-tools) | ||
| which is required so that kubeadm can talk to the CRI endpoint. | ||
| curl.exe -L https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubeadm.exe -o c:\k\kubeadm.exe | ||
| ``` | ||
|
|
||
| #### Run `kubeadm` to join the node |
There was a problem hiding this comment.
Can this be a third-level heading?
| @@ -226,6 +252,35 @@ curl.exe -LO https://raw.githubusercontent.com/kubernetes-sigs/sig-windows-tools | |||
| .\PrepareNode.ps1 -KubernetesVersion {{< param "fullversion" >}} | |||
| ``` | |||
|
|
|||
| #### Add Windows Flannel and kube-proxy DaemonSets | |||
There was a problem hiding this comment.
- Because Flannel is not part of Kubernetes, this doesn't comply with our content guide. Please read https://kubernetes.io/blog/2020/05/third-party-dual-sourced-content/ for context.
Make sure to include the relevant third-party shortcode as part of this page rewrite. - Setting up networking is not specific to containerd, so this advice seems to be in the wrong place.
- Overall, it might be better to link to the Flannel docs about how to set that up on a Windows node.
- If those docs don't exist, make them (in the Flannel docs) and then hyperlink to the page you made.
| Now you can add Windows-compatible versions of Flannel and kube-proxy. In order | ||
| to ensure that you get a compatible version of kube-proxy, you'll need to substitute | ||
| the tag of the image. The following example shows usage for Kubernetes {{< param "fullversion" >}}, | ||
| but you should adjust the version for your own deployment. |
There was a problem hiding this comment.
| but you should adjust the version for your own deployment. | |
| however, if you are running a different version of Kubernetes, you should consult the | |
| documentation for that release instead. |
| curl -L https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/kube-proxy.yml | sed 's/VERSION/{{< param "fullversion" >}}/g' | kubectl apply -f - | ||
| kubectl apply -f https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/flannel-overlay.yml |
There was a problem hiding this comment.
Avoid recommending that readers fetch things using curl and then apply those manifests to production clusters.
If there's no reasonable alternative, explain that readers should verify the manifest before they apply it.
| If you're using a different interface rather than Ethernet (i.e. "Ethernet0 2") on the Windows nodes, you have to modify the line: | ||
|
|
||
| ```powershell | ||
| wins cli process run --path /k/flannel/setup.exe --args "--mode=overlay --interface=Ethernet" |
There was a problem hiding this comment.
Avoid recommending that readers create a directory k directly under C:\; this does not represent good practice.
I think this makes sense to me to comply with the third party dual sourced content. The current version of this doc does heavy use Flannel and many of the things you've called out as we should remove/avoid. I've always felt this doc was heavily focused on the wrong things but wasn't sure how to fix it. If I understand correctly, we should probably close this and address the items in the current doc. In reality, This doc was focused on setting up the node more than kubeadm aspects and should probably be cleaned up to highlight kubeadm not flannel and containerd set up. We should have other pages that go into more details how to configure a Windows node which is currently missing (or dispersed randomly throughout the large doc https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/) |
big +1 to this |
jsturtevant
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
added
the
needs-rebase
|
@jsturtevant: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Hi @jsturtevant, I'm not sure if this PR should target /cc @marosset |
|
/close |
|
@marosset: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
We discussed at sig-windows doc pairing session and we are going take similiar approach the rest of the documentation is taking with regards to https://kubernetes.io/blog/2020/05/third-party-dual-sourced-content/ for context. There is no major differences on joining a Windows node beyond adding the named pipe flag so we will augment the existing kubeadm documentation with the differences for Windows as we have been doing with the other work in #31428 |
This PR updates to set up instructions for using Kubeadm on Windows with Containerd. This is part of the larger overhaul of Windows documentation: #31428
This requires some minor changes to the Host process examples: kubernetes-sigs/sig-windows-tools#212
/sig windows