Red Hat SummitChapter 2. Release notes
2.1. Red Hat OpenShift support for Windows Containers release notes
You can review the following release notes to learn about changes in the Windows Machine Config Operator (WMCO) version 10.19.2.
2.1.1. Release notes for Red Hat Windows Machine Config Operator 10.19.2
Issued: 15 April 2026
You can review the following release notes to learn about the bug fixes provided in this release of the Windows Machine Config Operator (WMCO).
The components of the WMCO 10.19.2 were released in RHBA-2026:8345.
2.1.1.1. Bug fixes
-
Before this update, the
hybridOverlayservice was not using the trusted CA bundle when connecting to OpenShift Container Platform, because the--k8s-cacertoption was missing from the service command. Because of this, users could encounter trust issues or failures when thehybridOverlayservice attempted to communicate securely with OpenShift Container Platform clusters by using custom or internal CAs. With this release, thehybridOverlayservice command now includes the--k8s-cacert flagthat points to the trusted CA bundle. As a result, thehybridOverlayservice uses the trusted CA bundle for secure communication, preventing trust issues and ensuring compatibility with the cluster. (OCPBUGS-65856)
2.2. Release notes for past releases of the Windows Machine Config Operator
You can review the following release notes to learn about changes in previous versions of the Custom Metrics Autoscaler Operator.
For the current version, see Red Hat OpenShift support for Windows Containers release notes.
2.2.1. Release notes for Red Hat Windows Machine Config Operator 10.19.1
Issued: 11 November 2025
You can review the following release notes to learn about the bug fixes provided in this release of the Windows Machine Config Operator (WMCO).
2.2.1.1. Bug fixes
-
Before this update, the
hybridOverlayservice was not using the trusted CA bundle when connecting to Kubernetes because thehybridOverlayservice command was missing the--k8s-cacertoption. As a consequence, users could have encountered trust issues or failures when thehybridOverlayservice attempted to communicate securely with Kubernetes clusters using custom or internal CAs. With this release, thehybridOverlayservice command now includes the--k8s-cacertflag pointing to the trusted CA bundle. As a result, thehybridOverlayservice uses the trusted CA bundle for secure communication, preventing trust issues and ensuring compatibility with the cluster. - Before this update, the WMCO neglected to close SSH connections when finishing node reconciliation. As a consequence, after adding a new Windows node to a cluster, the node SSH server would eventually refuse new connections due to being overwhelmed, causing node management issues. With this release, the WMCO now properly closes SSH connections. As a result, the node SSH servers no longer refuse new connections due to this problem. (OCPBUGS-60775)
- Before this update, if an internally used config map needed to be deleted and re-created, a nil error was dereferenced when logging the event. As a consequence, the WMCO pod panicked and restarted. With this release, the error handling logic has been reworked. As a result, the Operator pod no longer panics. (OCPBUGS-60792)
- Before this update, during secret reconciliations, secret change data was being added to the logs on each reconciliation loop. As a result, this secret change data was persisting, causing the logs to grow in size with unrelated data. With this release, only the current secret change data is being logged, reducing the size and complexity of the logs. (OCPBUGS-61832)
2.2.2. Release notes for Red Hat Windows Machine Config Operator 10.19.0
The components of the WMCO 10.19.0 were released in RHSA-2025:14048.
2.2.2.1. New features and improvements
- WMCO kubelet configuration changes
With this release, the WMCO now sets the following values in the
KubeletConfigcustom resource (CR):-
The
system-reservedparameter on new Windows nodes is now set to 2GiB of memory for system processes by default, as recommended in the Kubernetes documentation. (WINC-1373) -
The
enforceNodeAllocatableon new Windows nodes is now set tononeby default. Previously, the value was set to[]to avoid a known issue. Both settings disable the enforcement of node allocatable resource limits. (WINC-926) -
The
evictionHardparameters,imagefs.availableandnodefs.available, are now set to15%and10%respectively by default, as recommended in the Kubernetes documentation. (WINC-1374)
The
KubeletConfigobject configures the kubelet service, which runs on each node in the cluster to ensure that containers in a pod are running.-
The
- WMCO kubelet configuration changes
- For disconnected clusters, the Windows AMI that you are using must have the EC2LaunchV2 agent version 2.0.2107 or later installed. Previously, the minimum required EC2LaunchV2 agent version was 2.0.1643. For more information, see the Install the latest version of EC2Launch v2 in the AWS documentation.
2.2.2.2. Bug fixes
-
Before this update, when using the
optional_namespacesparameter in anImageTagMirrorSetCR, Windows nodes could fail to pull the specified image, resulting in a image not found error. With this release, theoptional_namespaceparameter works as expected. (OCPBUGS-47696) - Before this update, Windows Server 2019 nodes did not have a running an SSH server because of network instability. As a result, you were unable to SSH into that node. With this release, the WMCO installs the SSH server node creation. As a result, you can SSH into the Windows nodes as expected. (OCPBUGS-56131)
-
Before this update, because an
Endpoint_IPvariable was not resolving, the Windows Instance Config Daemon (WICD) repeatedly reported anEndpoint_IPerror. With this release, retries are added to ensure that theEndpoint_IPis created before continuing. As a result, the error message is no longer reported. (OCPBUGS-1721)
2.2.2.3. Known issues
- Some Windows 2019 Bring-Your-Own-Host (BYOH) Window instances could enter a non-ready state after upgrading to 4.19. Red Hat has not been able to reproduce the issue outside the testing environment, and advises caution when upgrading. If you experience this situation, restart the non-ready instance. (OCPBUGS-47696)
2.3. Windows Machine Config Operator prerequisites
The following information details the supported platform versions, Windows Server versions, and networking configurations for the Windows Machine Config Operator (WMCO). See the vSphere documentation for any information that is relevant to only that platform.
2.3.1. WMCO supported installation method
The WMCO fully supports installing Windows nodes into installer-provisioned infrastructure (IPI) clusters. This is the preferred OpenShift Container Platform installation method.
For user-provisioned infrastructure (UPI) clusters, the WMCO supports installing Windows nodes only into a UPI cluster installed with the platform: none field set in the install-config.yaml file (bare-metal or provider-agnostic) and only for the BYOH (Bring Your Own Host) use case. UPI is not supported for any other platform.
2.3.2. WMCO 10-19.0 supported platforms and Windows Server versions
The following table lists the Windows Server versions that are supported by WMCO 10-19.0, based on the applicable platform. Windows Server versions not listed are not supported and attempting to use them will cause errors. To prevent these errors, use only an appropriate version for your platform.
| Platform | Supported Windows Server version |
|---|---|
| Amazon Web Services (AWS) |
|
| Microsoft Azure |
|
| VMware vSphere | Windows Server 2022, OS Build 20348.681 or later |
| Google Cloud | Windows Server 2022, OS Build 20348.681 or later |
| Nutanix | Windows Server 2022, OS Build 20348.681 or later |
| Bare metal or provider agnostic |
|
- For disconnected clusters, the Windows AMI must have the EC2LaunchV2 agent version 2.0.2107 or later installed. For more information, see the Install the latest version of EC2Launch v2 in the AWS documentation.
2.3.3. Supported networking
Hybrid networking with OVN-Kubernetes is the only supported networking configuration. See the additional resources below for more information on this functionality. The following tables outline the type of networking configuration and Windows Server versions to use based on your platform. You must specify the network configuration when you install the cluster.
- The WMCO does not support OVN-Kubernetes without hybrid networking or OpenShift SDN.
- Dual NIC is not supported on WMCO-managed Windows instances.
| Platform | Supported networking |
|---|---|
| Amazon Web Services (AWS) | Hybrid networking with OVN-Kubernetes |
| Microsoft Azure | Hybrid networking with OVN-Kubernetes |
| VMware vSphere | Hybrid networking with OVN-Kubernetes with a custom VXLAN port |
| Google Cloud | Hybrid networking with OVN-Kubernetes |
| Nutanix | Hybrid networking with OVN-Kubernetes |
| Bare metal or provider agnostic | Hybrid networking with OVN-Kubernetes |
2.4. Windows Machine Config Operator known limitations
Note the following limitations when working with Windows nodes managed by the WMCO (Windows nodes):
The following OpenShift Container Platform features are not supported on Windows nodes:
- Image builds
- OpenShift Pipelines
- OpenShift Service Mesh
- OpenShift monitoring of user-defined projects
- OpenShift Serverless
- Horizontal Pod Autoscaling
- Vertical Pod Autoscaling
- Hosted Control Planes
The following Red Hat features are not supported on Windows nodes:
- Dual NIC is not supported on WMCO-managed Windows instances.
- Windows nodes do not support workloads created by using deployment configs. You can use a deployment or other method to deploy workloads.
- Red Hat OpenShift support for Windows Containers does not support adding Windows nodes to a cluster through a trunk port. The only supported networking configuration for adding Windows nodes is through an access port that carries traffic for the VLAN.
- Red Hat OpenShift support for Windows Containers does not support any Windows operating system language other than English (United States).
-
Due to a limitation within the Windows operating system,
clusterNetworkCIDR addresses of class E, such as240.0.0.0, are not compatible with Windows nodes. Kubernetes has identified the following node feature limitations :
- Huge pages are not supported for Windows containers.
- Privileged containers are not supported for Windows containers.
- Kubernetes has identified several API compatibility issues.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}