Chapter 2. Red Hat OpenShift support for Windows Containers release notes
2.1. About Red Hat OpenShift support for Windows Containers
Windows Container Support for Red Hat OpenShift enables running Windows compute nodes in an OpenShift Container Platform cluster. Running Windows workloads is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes. With Windows nodes available, you can run Windows container workloads in OpenShift Container Platform.
These release notes track the development of the WMCO, which provides all Windows container workload capabilities in OpenShift Container Platform.
2.2. Getting support
Windows Container Support for Red Hat OpenShift is provided and available as an optional, installable component. Windows Container Support for Red Hat OpenShift is not part of the OpenShift Container Platform subscription. It requires an additional Red Hat subscription and is supported according to the Scope of coverage and Service level agreements.
You must have this separate subscription to receive support for Windows Container Support for Red Hat OpenShift. Without this additional Red Hat subscription, deploying Windows container workloads in production clusters is not supported. You can request support through the Red Hat Customer Portal.
For more information, see the Red Hat OpenShift Container Platform Life Cycle Policy document for Red Hat OpenShift support for Windows Containers.
If you do not have this additional Red Hat subscription, you can use the Community Windows Machine Config Operator, a distribution that lacks official support.
2.3. Release notes for Red Hat Windows Machine Config Operator 6.0.1
This release of the Windows Machine Config Operator (WMCO) provides bug fixes for running Windows compute nodes in an OpenShift Container Platform cluster. The components of the WMCO 6.0.0 were released in RHSA-2023:4488.
Windows Server 2019 is not supported in vSphere.
2.3.1. Bug fixes
-
Before this update, the test to determine if the Windows Defender antivirus service is running was incorrectly checking for any process whose name started with Windows Defender, regardless of state. This resulted in an error when creating firewall exclusions for
containerd
on instances without Windows Defender installed. This fix now checks for the presence of the specific running process associated with the Windows Defender antivirus service. As a result, the WMCO can properly configure Windows instances as nodes regardless of whether Windows Defender is installed or not. (OCPBUGS-3572) - Before this update, an endpoint object missing required information caused the WMCO pod to fail during startup. With this fix, WMCO verifies the endpoint object is present with the required fields. As a result, WMCO is able to start and reconcile an invalid or misconfigured endpoint object. (OCPBUGS-4336)
-
Before this update, the
containerd
container runtime reported an incorrect version on each Windows node because repository tags were not propagated to the build system. This configuration causedcontainerd
to report its Go build version as the version for each Windows node. With this update, the correct version is injected into the binary during build time, so thatcontainerd
reports the correct version for each Windows node. (OCPBUGS-8055)
2.4. Release notes for Red Hat Windows Machine Config Operator 6.0.0
This release of the WMCO provides bug fixes for running Windows compute nodes in an OpenShift Container Platform cluster. The components of the WMCO 6.0.0 were released in RHBA-2022:6129.
Windows Server 2019 is not supported in vSphere.
2.4.1. Bug fixes
- Previously, a Windows instance could not be unconfigured when the node’s external IP was present without a pointer record (PTR). As a result, the node’s external IP address without reverse lookup records was used to associate the Windows instance. With this release, a Windows instance can be unconfigured when the node’s external IP address is present without a PTR . (BZ#2070892)
2.4.2. Known issues
- Windows nodes do not support pulling container images from secure private registries. Use images from public registries or pre-pull the images in the VM image.
2.4.3. Deprecated features
- Windows Server 20H2 is no longer supported for vSphere worker nodes.
2.4.4. New features and improvements
2.4.4.1. Windows node certificates are updated
With this release, the WMCO updates the Windows node certificates when the kubelet client certificate authority (CA) certificate is rotated.
2.4.4.2. Containerd is the default container runtime
Because the Docker runtime is deprecated in Kubernetes 1.24, containerd is now the default runtime for WMCO-supported Windows nodes. Upon the installation of or an upgrade to WMCO 6.0.0, containerd is installed as a Windows service. The kubelet now uses containerd for image pulls instead of the Docker runtime. Users no longer need to enable the Docker-formatted container runtime or install the Docker container runtime on Bring-Your-Own-Host (BYOH) instances. You can continue to use nodes based on VM images that use Docker. The containerd runtime can run along with the Docker service.
The WMCO supports a Windows golden image with or without Docker for vSphere and BYOH Windows instances.
2.5. Windows Machine Config Operator prerequisites
The following information details the supported platform versions, Windows Server versions, and networking configurations for the Windows Machine Config Operator. See the vSphere documentation for any information that is relevant to only that platform.
2.5.1. WMCO 6 supported platforms and Windows Server versions
The following table lists the Windows Server versions that are supported by WMCO 6.0.0 and WMCO 6.0.1, based on the applicable platform. Windows Server versions not listed are not supported and attempting to use them will cause errors. To prevent these errors, use only an appropriate version for your platform.
Platform | Supported Windows Server version |
---|---|
Amazon Web Services (AWS) | Windows Server 2019, version 1809 |
Microsoft Azure |
|
VMware vSphere | Windows Server 2022, OS Build 20348.681 or later |
Bare metal or provider agnostic |
|
2.5.2. Supported networking
Hybrid networking with OVN-Kubernetes is the only supported networking configuration. See the additional resources below for more information on this functionality. The following tables outline the type of networking configuration and Windows Server versions to use based on your platform. You must specify the network configuration when you install the cluster. Be aware that OpenShift SDN networking is the default network for OpenShift Container Platform clusters. However, OpenShift SDN is not supported by WMCO.
Platform | Supported networking |
---|---|
Amazon Web Services (AWS) | Hybrid networking with OVN-Kubernetes |
Microsoft Azure | Hybrid networking with OVN-Kubernetes |
VMware vSphere | Hybrid networking with OVN-Kubernetes with a custom VXLAN port |
Bare metal or provider agnostic | Hybrid networking with OVN-Kubernetes |
Hybrid networking with OVN-Kubernetes | Supported Windows Server version |
---|---|
Default VXLAN port |
|
Custom VXLAN port | Windows Server 2022, OS Build 20348.681 or later |
2.6. Known limitations
Note the following limitations when working with Windows nodes managed by the WMCO (Windows nodes):
The following OpenShift Container Platform features are not supported on Windows nodes:
- Image builds
- OpenShift Pipelines
- OpenShift Service Mesh
- OpenShift monitoring of user-defined projects
- OpenShift Serverless
- Horizontal Pod Autoscaling
- Vertical Pod Autoscaling
The following Red Hat features are not supported on Windows nodes:
- Windows nodes do not support pulling container images from private registries. You can use images from public registries or pre-pull the images.
- Windows nodes do not support workloads created by using deployment configs. You can use a deployment or other method to deploy workloads.
- Windows nodes are not supported in clusters that use a cluster-wide proxy. This is because the WMCO is not able to route traffic through the proxy connection for the workloads.
- Windows nodes are not supported in clusters that are in a disconnected environment.
- Red Hat OpenShift support for Windows Containers does not support adding Windows nodes to a cluster through a trunk port. The only supported networking configuration for adding Windows nodes is through an access port that carries traffic for the VLAN.
- Red Hat OpenShift support for Windows Containers supports only in-tree storage drivers for all cloud providers.
Kubernetes has identified the following node feature limitations :
- Huge pages are not supported for Windows containers.
- Privileged containers are not supported for Windows containers.
- Kubernetes has identified several API compatibility issues.