Windows containers in Kubernetes: Automating nodepool management with Calico’s Windows HPC Support
Hello, we would like to feature our partners from Tigera Calico that we team up with to co-author a blog on Host Process Containers with Calico. Below are the names of the partners that co-authored the blog.
Dhiraj Sehgal Reza Ramezanpour
As the landscape of containerized applications evolves, enterprises are increasingly integrating Windows containers into their Kubernetes workflows.
These days with the help of cloud services such as Microsoft Azure Kubernetes Service, anyone can build and operate a Kubernetes environment with ease. However, there are a lot of fine-tuning and automation that are involved in preparing your production-ready environment that are done in the background. For example, networking is a huge part of the cloud-native environment, and all aspects of your business in the cloud depend on it.
Project Calico is a networking and security solution for the bare metal and cloud that offers great flexibility for such environments. In this blog, we will focus on how the new release of Calico has leveraged a new a feature of Windows containers, Host Process Containers (HPC) to optimize footprint in your cloud environment. On top of that, we will look at how HPC support makes the life of DevOps administrators easier by offering more control over the host machine in a Windows environment.
The challenge of manual nodepool management
One of the biggest challenges of managing Kubernetes clusters in an unmanaged or on-premise deployment. In a cloud environment like AKS (Azure Kubernetes Service), the cloud provider takes care of many aspects of managing your Kubernetes cluster, making it a seamless and hassle-free experience. However, when it comes to a customized environment where you have control over the node pools, the responsibility of managing and configuring the cluster falls on your shoulders. This can be a bit daunting, especially if you are new to Kubernetes or have limited experience with infrastructure management.
Managing Windows nodepools in such environments can be more challenging than Linux where privileged containers can configure host settings and integrate naturally with Kubernetes, Windows containers previously lacked this capability requiring administrators to use scripts or manual configuration steps outside of Kubernetes. This can be time-consuming and error-prone, especially when scaling your cluster quickly. Additionally, manual nodepool management can be disruptive to application lifecycles.
HPC is similar to a privileged container in Linux, just like privileged containers, HPC containers have the capability to access and make modifications to the host operating system. Silos are similar to namespaces in Linux which allow processes to run in an isolated environment. The following blog post highlights how Windows HPC is used for Calico and what are the benefits of it.
Calico’s Windows Host Process Containers
Calico’s Windows HPC support released in Calico OS 3.27 automates CNI installation and brings the Calico capabilities to Windows nodepools. This means that Kubernetes administrators can easily install Calico on their environment without having to manually install and configure Calico on each node, similar to Linux-based containers.
Calico’s support for Windows HPC feature works by running Calico as a HPC on each node. HPC are a special type of container that has access to the host’s filesystem. This allows Calico to install and configure itself on each node without requiring manual intervention from the Kubernetes administrator.
Benefits of automating nodepool management
Automating node pool management with Calico’s support for Windows HPC feature provides a number of benefits for Kubernetes administrators, including:
Reduced operational overhead: Automating nodepool management eliminates the need for Kubernetes administrators to manually install and configure Calico on each node. This frees up their time to focus on other tasks, such as managing Windows container-based applications.
Improved application performance and reliability: By automating node pool management, Kubernetes administrators can reduce the risk of disruptions to application lifecycles. This is because Calico can be installed and configured on new nodes without requiring any downtime for existing applications.
Increased agility and responsiveness to changing business needs: Automating node pool management makes it easier for Kubernetes administrators to scale their clusters up or down as needed. This can help businesses to respond more quickly to changing customer demand and other business needs.
Consistency between Windows and Linux GitOps practices.
How to enable Calico using Windows Host Process container support
For this part, we are going to assume that you have a hybrid Kubernetes cluster in your environment that supports HPC.
HPC support is provided with Kubernetes 1.22 and above, it also requires containerd 1.6+. If you would like to know more about these requirements, click here.
When your cluster is up and running, install the latest Tigera operator:
Use the following installation resource to install Calico for your Windows environment using the HPC feature:
kubectl create -f -<<EOF
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
calicoNetwork:
windowsDataplane: HNS
ipPools:
– blockSize: 26
cidr: 192.168.0.0/16
encapsulation: VXLAN
natOutgoing: Enabled
nodeSelector: all()
—
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
name: default
spec: {}
EOF
In environments where Calico is used for IP Address Management, you need to disable IPaddress sharing by using the following command:
kubectl patch ipamconfigurations default –type merge –patch='{“spec”: {“strictAffinity”: true}}’
Conclusion
To sum up, Windows nodes in non-cloud-provider environment used to be hard to install and configure because they did not have privileged containers. However, with HPC now generally available on Kubernetes, users can create containers that can automate the configuration of their node via accessing the host filesystem.
Calico has leveraged this technology to provide a Kubernetes-native way to install and manage networking in your cluster.
This means that the management of Windows nodes in a Kubernetes cluster is now fully automated, eliminating the need for administrators to manually configure nodes or containers.
Overall, the adoption of HPC in Kubernetes has transformed the way CNI solutions are installed and managed on Windows nodes, providing a more streamlined and automated approach that enhances the scalability, reliability, and ease of use of Kubernetes clusters.
Please look out for a coming blog covering Zero Trust with Tigera Calico.
Microsoft Tech Community – Latest Blogs –Read More