Forem: Rudy van Sloten The latest articles on Forem by Rudy van Sloten (@rdvansloten). https://forem.com/rdvansloten https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F800301%2F53517cf2-a7c9-42a9-8808-2c8d98a6ff6b.jpeg Forem: Rudy van Sloten https://forem.com/rdvansloten en Getting started with Windows Containers on Azure Kubernetes Service Rudy van Sloten Thu, 20 Jan 2022 22:40:24 +0000 https://forem.com/rdvansloten/getting-started-with-windows-containers-on-azure-kubernetes-service-46ce https://forem.com/rdvansloten/getting-started-with-windows-containers-on-azure-kubernetes-service-46ce <p>Windows support has finally arrived in Kubernetes and AKS. Learn how to migrate your workloads and what pitfalls to avoid in this short and sweet introduction to Windows Containers. </p> <p><a href="https://cloudblogs.microsoft.com/windowsserver/2020/04/28/windows-server-container-support-in-azure-kubernetes-service-is-now-generally-available/" rel="noopener noreferrer">Windows support is relatively new</a> to AKS and has been stable for about a year at the time of this article's writing. I've recently had to do a deep dive into the technology for a project, migrating legacy applications that still require the full .NET 4.8 Framework. While Kubernetes deployment and image building are quite similar to Linux-based containers, there are several key differences.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu15vvg71iod80byjet9f.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu15vvg71iod80byjet9f.png" alt="A diagram of AKS."></a></p> <p>Kubernetes on Windows is a great way to make older .NET/IIS applications, Windows console apps and services more flexible, highly available and scalable using native Kubernetes and cloud technologies. Azure Kubernetes Service takes away the overhead of managing servers or VM images, and gives you a single pane of glass solution for both your Linux and Windows deployments.</p> <h4> Image Versions </h4> <p>Microsoft offers four different base images on <a href="https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/container-base-images" rel="noopener noreferrer">Docker Hub for Windows Server containers</a>, which they also use in their collection of IIS and ASP.NET images:</p> <ul> <li> <a href="https://hub.docker.com/_/microsoft-windows-nanoserver" rel="noopener noreferrer">windows/nanoserver</a> is ultra-light at a mere 112MB. It only runs .NET Core out of the box, but PowerShell Core can be installed during the image build.</li> <li> <a href="https://hub.docker.com/_/microsoft-windows-servercore" rel="noopener noreferrer">windows/servercore</a> is 1.2GB in size and a good option for "lifting and shifting" Windows Server apps. It supports everything regular Windows Server 2019 Core offers.</li> <li> <a href="https://hub.docker.com/_/microsoft-windows-server" rel="noopener noreferrer">windows/server</a> weighs in at a hefty 3.1GB, has full Windows API support, and allows you to use all Windows Server features. This image can only be pulled on Windows 11 and Windows Server 2022.</li> <li> <a href="https://hub.docker.com/_/microsoft-windows" rel="noopener noreferrer">windows</a> is the largest image at 3.4GB. It has full Windows API support, but lacks native server features. This is Windows 10 under the hood. RDP connections are not possible out of the box with this image, so it cannot be used as an Azure Virtual Desktop.</li> </ul> <p><em>Note: These are compressed sizes, unpacked, the size may be up to 2–5 times larger.</em></p> <p>Important to remember is that major version tags such as ltsc2019, 1909, and 20H2 are updated automatically <a href="https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/update-containers" rel="noopener noreferrer">every second Tuesday of the month</a> at 00:00 UTC. For granular control over your Windows Update cycle, refer to KB or version-specific tags.</p> <h4> Memory allocation </h4> <p>Windows does not have an out-of-memory process killer as Linux does. Windows always treats all user-mode memory allocations as virtual, and pagefiles are mandatory. Windows nodes do not overcommit memory for processes running in containers. The net effect is that Windows won’t reach out of memory conditions the same way Linux does, and processes page to disk instead of being subject to out-of-memory (OOM) termination. If memory is over-provisioned and all physical memory is exhausted, then paging can slow down performance.</p> <h2> Prerequisites </h2> <p>To follow along with the practical section, you’ll need a couple of tools:</p> <ul> <li>A Windows 10/11 PC/VM with Virtualization enabled</li> <li><a href="https://github.com/rdvansloten/windows-containers-demo/blob/main/tools/docker-desktop.md" rel="noopener noreferrer">Docker Desktop, with Windows Containers enabled</a></li> <li><a href="https://azure.microsoft.com/en-us/free/" rel="noopener noreferrer">An Azure account</a></li> <li><a href="https://docs.microsoft.com/en-us/cli/azure/install-azure-cli" rel="noopener noreferrer">Azure CLI</a></li> <li><a href="https://kubernetes.io/docs/tasks/tools/" rel="noopener noreferrer">kubectl</a></li> <li><a href="https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell?view=powershell-7.2" rel="noopener noreferrer">PowerShell</a></li> </ul> <p>Every resource used in this article is available in this git repository:<br> <a href="https://github.com/rdvansloten/windows-containers-demo" rel="noopener noreferrer">rdvansloten/windows-containers-demo</a>. You can run the scripts and Dockerfiles by git cloning it to your local machine/server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git clone https://github.com/rdvansloten/windows-containers-demo.git </code></pre> </div> <h2> Creating Azure resources </h2> <h4> Quick version </h4> <p>If you don’t want to explore and create the resource setup step-by-step, there’s an all-inclusive, run-once PowerShell script to set up all required resources. <code>cd</code> into windows-containers-demo/powershell and execute deployment.ps1. Check out the brief <a href="https://github.com/rdvansloten/windows-containers-demo/blob/main/powershell/README.md" rel="noopener noreferrer">README.md</a> in that folder for the script's arguments. A login window may pop up to verify your Azure credentials. </p> <p>Skip to <strong>Creating your Dockerfile</strong> after the deployment script is finished.</p> <h4> Long version </h4> <p>Let’s start off by logging into Azure via the CLI. To execute the scripts in this article, you’ll need to open PowerShell as an Administrator. This is required for interacting with the Docker daemon. macOS/Linux users may use the command <code>pwsh</code> before attempting to create these resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Login to Azure</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">login</span><span class="w"> </span><span class="c"># List and select the right Subscription</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">account</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">account</span><span class="w"> </span><span class="nx">set</span><span class="w"> </span><span class="nt">--subscription</span><span class="w"> </span><span class="s2">"&lt;YOUR SUBSCRIPTION ID/NAME HERE&gt;"</span><span class="w"> </span></code></pre> </div> <p>Set the below variables in your terminal if you intend to run all the other snippets below. Replace the $AZUREUSER value with your Azure account’s email address.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Generate a random number for uniqueness</span><span class="w"> </span><span class="nv">$RANDOM</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-Random</span><span class="w"> </span><span class="nt">-Minimum</span><span class="w"> </span><span class="nt">-100000</span><span class="w"> </span><span class="nt">-Maximum</span><span class="w"> </span><span class="nx">999999</span><span class="w"> </span><span class="nv">$AZUREUSER</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"yourEmail@domain.com"</span><span class="w"> </span><span class="c"># Your Azure account email</span><span class="w"> </span><span class="nv">$NODEPOOLNAME</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"win"</span><span class="w"> </span><span class="c"># Max 6 characters</span><span class="w"> </span><span class="nv">$LOCATION</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"westeurope"</span><span class="w"> </span><span class="c"># The region you prefer</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"rg-aks"</span><span class="w"> </span><span class="c"># Name of your Resource Group</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"myaks</span><span class="si">$(</span><span class="nv">$RANDOM</span><span class="si">)</span><span class="s2">"</span><span class="w"> </span><span class="c"># Must be globally unique</span><span class="w"> </span></code></pre> </div> <p>After logging in, you start off by creating the basics; a Resource Group to hold your infrastructure and an Identity that AKS will use to talk to other services, such as the Virtual Network, Container Registry, and VM Scale Sets.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Create Resource Group</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">group</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--location</span><span class="w"> </span><span class="nv">$LOCATION</span><span class="w"> </span><span class="c"># Create Managed Identity</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">identity</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-id</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--location</span><span class="w"> </span><span class="nv">$LOCATION</span><span class="w"> </span><span class="c"># Store Managed Identity ID in variable for AKS creation</span><span class="w"> </span><span class="nv">$AKSIDENTITY</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">identity</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-id</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="p">)</span><span class="w"> </span></code></pre> </div> <h4> Virtual Network </h4> <p>Let’s create a Virtual Network with enough IP addresses to accommodate a lot of Pods, Services, and Ingresses. Also, make sure that the AKS identity can create network resources, or your components inside Kubernetes will not be able to be provisioned.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Create VNET and subnet</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">network</span><span class="w"> </span><span class="nx">vnet</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-vnet</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--location</span><span class="w"> </span><span class="nv">$LOCATION</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--address-prefixes</span><span class="w"> </span><span class="nx">172.10.0.0/16</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--subnet-name</span><span class="w"> </span><span class="nx">kubernetes</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--subnet-prefixes</span><span class="w"> </span><span class="nx">172.10.128.0/17</span><span class="w"> </span><span class="c"># Store subnet ID in variable for AKS creation</span><span class="w"> </span><span class="nv">$SUBNETID</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">network</span><span class="w"> </span><span class="nx">vnet</span><span class="w"> </span><span class="nx">subnet</span><span class="w"> </span><span class="nx">list</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--vnet-name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-vnet</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"[0].id"</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="c"># Grant AKS identity VNET access for Azure CNI</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">role</span><span class="w"> </span><span class="nx">assignment</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee-object-id</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">identity</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-id</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">principalId</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--scope</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">network</span><span class="w"> </span><span class="nx">vnet</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-vnet</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--assignee-principal-type</span><span class="w"> </span><span class="n">ServicePrincipal</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--role</span><span class="w"> </span><span class="s2">"Network Contributor"</span><span class="w"> </span></code></pre> </div> <h2> Creating the AKS cluster </h2> <p>Now that the prerequisites have been deployed, you can finally build your AKS cluster.</p> <h4> Linux &amp;&amp; Windows </h4> <p>Even though we want a Windows cluster, AKS still requires a Linux node for the control plane. Let’s set the single Linux node to one of the cheapest VM sizes, Standard_B2s (as it won’t be doing much work), and assign the Windows node pool a Standard_D2s_v4 node, sporting 2 vCPU cores and 7GB of RAM.</p> <h4> Networking </h4> <p>You’ll select the virtual network you’ve created in the previous step and define a few private ranges for AKS to use. Pods and Nodes will be assigned an address in the 172.10. range. Services and system resources, such as CoreDNS, will operate on a private 10. range. For testing purposes, let’s let Azure worry about public DNS and Ingress. The addon <code>http_application_routing</code> will provide these resources for you. You will only need to add an annotation to your application to get it published on the internet.</p> <p><em>Please note that the http application routing addon is not meant for production usage. Check out alternatives like <a href="https://github.com/traefik/traefik" rel="noopener noreferrer">Traefik</a> for production workloads.</em></p> <h4> Azure CNI </h4> <p>In order for each Pod to have its own address, you will want to deploy Azure CNI rather than Kubenet for your networking layer. Some benefits of Azure CNI over Kubenet:</p> <ul> <li>No NAT, so the source of the packets is retained.</li> <li>Workloads can be scaled out to <a href="https://docs.microsoft.com/en-us/azure/aks/virtual-nodes" rel="noopener noreferrer">Virtual Nodes</a>.</li> <li>Virtual Networks can be managed separately/independently.</li> <li>Each Pod gets an IP address from the subnet, making debugging easier.</li> <li>Most importantly, <strong>Windows node pools support Azure CNI only</strong>. </li> </ul> <p>Azure CNI also forces you to plan out your Virtual Network beforehand, which helps enormously with network architecture and capacity planning.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Assign AKS Kubelet Identity permissions on the AKS Resource Group</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">role</span><span class="w"> </span><span class="nx">assignment</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee-object-id</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">identity</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-id</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">principalId</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--scope</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">group</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">group</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">name</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="se">`</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="p">)</span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee-principal-type</span><span class="w"> </span><span class="nx">ServicePrincipal</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--role</span><span class="w"> </span><span class="s2">"Contributor"</span><span class="w"> </span><span class="c"># Create AKS cluster</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">aks</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--location</span><span class="w"> </span><span class="nv">$LOCATION</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assign-identity</span><span class="w"> </span><span class="s2">"</span><span class="nv">$AKSIDENTITY</span><span class="s2">"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assign-kubelet-identity</span><span class="w"> </span><span class="s2">"</span><span class="nv">$AKSIDENTITY</span><span class="s2">"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--node-vm-size</span><span class="w"> </span><span class="nx">Standard_B2s</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--node-count</span><span class="w"> </span><span class="nx">1</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--enable-aad</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--enable-azure-rbac</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--network-plugin</span><span class="w"> </span><span class="nx">azure</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--vnet-subnet-id</span><span class="w"> </span><span class="s2">"</span><span class="nv">$SUBNETID</span><span class="s2">"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--docker-bridge-address</span><span class="w"> </span><span class="nx">172.17.0.1/16</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--dns-service-ip</span><span class="w"> </span><span class="nx">10.2.0.10</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--service-cidr</span><span class="w"> </span><span class="nx">10.2.0.0/24</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--generate-ssh-keys</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--enable-addons</span><span class="w"> </span><span class="nx">http_application_routing</span><span class="w"> </span><span class="c"># Add Windows node pool</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">aks</span><span class="w"> </span><span class="nx">nodepool</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$NODEPOOLNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cluster-name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--node-vm-size</span><span class="w"> </span><span class="nx">Standard_D2s_v4</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--node-count</span><span class="w"> </span><span class="nx">1</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--os-type</span><span class="w"> </span><span class="nx">Windows</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--max-surge</span><span class="w"> </span><span class="nx">33</span><span class="o">%</span><span class="w"> </span><span class="c"># Assign yourself Admin permissions on the AKS cluster</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">role</span><span class="w"> </span><span class="nx">assignment</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">ad</span><span class="w"> </span><span class="nx">user</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--id</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">ad</span><span class="w"> </span><span class="nx">user</span><span class="w"> </span><span class="nx">list</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"[?contains(@.otherMails,'</span><span class="nv">$AZUREUSER</span><span class="s2">')].userPrincipalName "</span><span class="w"> </span><span class="nt">-o</span><span class="w"> </span><span class="nx">tsv</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="se">`</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="n">userPrincipalName</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="se">`</span><span class="w"> </span><span class="nt">--scope</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">aks</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--role</span><span class="w"> </span><span class="s2">"Azure Kubernetes Service RBAC Cluster Admin"</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">role</span><span class="w"> </span><span class="nx">assignment</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">ad</span><span class="w"> </span><span class="nx">user</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--id</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">ad</span><span class="w"> </span><span class="nx">user</span><span class="w"> </span><span class="nx">list</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"[?contains(@.userPrincipalName,'</span><span class="nv">$AZUREUSER</span><span class="s2">')].userPrincipalName "</span><span class="w"> </span><span class="nt">-o</span><span class="w"> </span><span class="nx">tsv</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="se">`</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="n">userPrincipalName</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="se">`</span><span class="w"> </span><span class="nt">--scope</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">aks</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--role</span><span class="w"> </span><span class="s2">"Azure Kubernetes Service RBAC Cluster Admin"</span><span class="w"> </span><span class="c"># Assign AKS identity permissions to node pool Resource Group</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">role</span><span class="w"> </span><span class="nx">assignment</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee-object-id</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">identity</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-id</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">principalId</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--scope</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">group</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">aks</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">nodeResourceGroup</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="se">`</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="p">)</span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee-principal-type</span><span class="w"> </span><span class="nx">ServicePrincipal</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--role</span><span class="w"> </span><span class="s2">"Contributor"</span><span class="w"> </span></code></pre> </div> <h4> Permissions, RBAC </h4> <p>The AKS deployment script finishes off by assigning the AKS identity permissions to create resources in the special “MC_” Resource Group that AKS generates during creation. This is required for it to interactively spawn resources. Contributor is a very broad permission set and should not be used lightly in production scenarios.</p> <p>Consult <a href="https://docs.microsoft.com/en-us/azure/aks/concepts-identity" rel="noopener noreferrer">Microsoft Docs: AKS Cluster Identity Permissions</a> for an exhaustive list of permissions you may want to apply/deny when setting up AKS.</p> <p>During the last script, you’ve also applied the Azure Kubernetes Service RBAC Cluster Admin role to your own Azure AD user. This is required because of the <code>--enable-aad</code> and <code>--enable-azure-rbac arguments</code> passed to <code>az aks create</code>. These arguments allow Azure AD/RBAC objects to be added to Kubernetes (Cluster)Roles.</p> <h2> Deploying a Windows Server container image </h2> <p>If you don’t have your own container repository, let’s create one and give the AKS identity permissions to pull images from it. The <a href="https://azure.microsoft.com/en-us/services/container-registry/" rel="noopener noreferrer">Azure Container Registry</a> is a private container repository that includes security scanning, image management, and authentication. It also has experimental support for Helm chart storage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Create Container Registry</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">acr</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$CLUSTERNAME</span><span class="si">)</span><span class="s2">acr"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--sku</span><span class="w"> </span><span class="nx">Basic</span><span class="w"> </span><span class="c"># Add AKS to Container Registry</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">role</span><span class="w"> </span><span class="nx">assignment</span><span class="w"> </span><span class="nx">create</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assignee-object-id</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">identity</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="nt">-id</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">principalId</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--scope</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">acr</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$CLUSTERNAME</span><span class="si">)</span><span class="s2">acr"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="p">)</span><span class="se">`</span><span class="w"> </span><span class="nt">--assignee-principal-type</span><span class="w"> </span><span class="n">ServicePrincipal</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--role</span><span class="w"> </span><span class="s2">"AcrPull"</span><span class="w"> </span></code></pre> </div> <h2> Creating your Dockerfile <a></a> </h2> <p>With AKS up and running, you can now run Windows containers in the cloud. Start off by creating a Dockerfile and uploading the resulting image to an Azure Container Registry.</p> <p>For this demo, I’ve created a simple PowerShell script for the container to loop. <code>cd</code> into the docker/powershell/ folder inside the cloned <a href="https://github.com/rdvansloten/windows-containers-demo" rel="noopener noreferrer">windows-containers-demo</a> repo. </p> <p>Then, run <code>az acr build</code> inside that folder to upload it to your ACR:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">az</span><span class="w"> </span><span class="nx">acr</span><span class="w"> </span><span class="nx">build</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--image</span><span class="w"> </span><span class="nx">myapp:latest</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--platform</span><span class="w"> </span><span class="nx">Windows</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--registry</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$CLUSTERNAME</span><span class="si">)</span><span class="s2">acr"</span><span class="w"> </span><span class="o">.</span><span class="w"> </span></code></pre> </div> <p>This command combines several Docker and Azure commands to save time/effort. You can tag it however you want, and use the tag when deploying your app. For this example, I use <code>latest</code>.</p> <p>Optionally, you may also test your newly uploaded image locally on your Windows machine using <code>docker run</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Uses the docker CLI with your Azure login</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">acr</span><span class="w"> </span><span class="nx">login</span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$CLUSTERNAME</span><span class="si">)</span><span class="s2">acr"</span><span class="w"> </span><span class="c"># Run the container locally on port 5000</span><span class="w"> </span><span class="n">docker</span><span class="w"> </span><span class="nx">run</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--publish</span><span class="w"> </span><span class="nx">5000:5000</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--interactive</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--detach</span><span class="w"> </span><span class="s2">"</span><span class="si">$(</span><span class="nv">$CLUSTERNAME</span><span class="si">)</span><span class="s2">acr.azurecr.io/myapp:latest"</span><span class="w"> </span></code></pre> </div> <h2> Deploying your app </h2> <p>Now that your Windows nodes are up and running, and the image is uploaded to the Container Registry, you can deploy it to AKS using <code>kubectl</code>. For this demo’s purposes, I kept it simple with a the deploy.yaml file in the kubernetes/ folder you can feed into kubectl.</p> <p>Before applying this file, <code>cd</code> into kubernetes/ and open deploy.yaml in a text editor like <a href="https://code.visualstudio.com/" rel="noopener noreferrer">Visual Studio Code</a> or Notepad, and modify lines 20 and 68:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">host</span><span class="pi">:</span> <span class="s">myapp.&lt;CLUSTER_DNS_ZONE&gt;</span> <span class="na">image</span><span class="pi">:</span> <span class="s">&lt;ACR_NAME&gt;.azurecr.io/myapp:latest</span> </code></pre> </div> <p>Fill out the placeholder values with the resources you’ve created. For me, it looked something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">host</span><span class="pi">:</span> <span class="s">myapp.a430e1209ded44679aab.westeurope.aksapp.io</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myaks321123.azurecr.io/myapp:latest</span> </code></pre> </div> <p>The value for <code>image: &lt;ACR_NAME&gt;</code> can be found by running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">az</span><span class="w"> </span><span class="nx">acr</span><span class="w"> </span><span class="nx">list</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"[0].name"</span><span class="w"> </span><span class="nt">-o</span><span class="w"> </span><span class="nx">tsv</span><span class="w"> </span></code></pre> </div> <p>The value for <code>host: &lt;CLUSTER_DNS_ZONE&gt;</code> can be found by running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">az</span><span class="w"> </span><span class="nx">network</span><span class="w"> </span><span class="nx">dns</span><span class="w"> </span><span class="nx">zone</span><span class="w"> </span><span class="nx">list</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">group</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">aks</span><span class="w"> </span><span class="nx">show</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">nodeResourceGroup</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="se">`</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="p">)</span><span class="se">` </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"[0].name"</span><span class="w"> </span><span class="nt">-o</span><span class="w"> </span><span class="nx">tsv</span><span class="w"> </span></code></pre> </div> <p><code>cd</code> into the kubernetes/ folder. Then, use the following snippet to log in to your AKS cluster, and deploy your image:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Load AKS details into ~/.kube/config</span><span class="w"> </span><span class="n">az</span><span class="w"> </span><span class="nx">aks</span><span class="w"> </span><span class="nx">get-credentials</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--name</span><span class="w"> </span><span class="nv">$CLUSTERNAME</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--resource-group</span><span class="w"> </span><span class="nv">$RESOURCEGROUP</span><span class="w"> </span><span class="c"># Check if AKS is reachable and Windows node is up</span><span class="w"> </span><span class="n">kubectl</span><span class="w"> </span><span class="nx">get</span><span class="w"> </span><span class="nx">nodes</span><span class="w"> </span><span class="c"># Deploy yaml manifest to AKS</span><span class="w"> </span><span class="n">kubectl</span><span class="w"> </span><span class="nx">apply</span><span class="w"> </span><span class="nt">-f</span><span class="w"> </span><span class="nx">deploy.yaml</span><span class="w"> </span><span class="c"># Get the URL for your app</span><span class="w"> </span><span class="n">kubectl</span><span class="w"> </span><span class="nx">get</span><span class="w"> </span><span class="nx">ingress</span><span class="w"> </span><span class="nx">myapp</span><span class="w"> </span><span class="nt">-o</span><span class="o">=</span><span class="n">jsonpath</span><span class="o">=</span><span class="s1">'{.spec.rules[0].host}'</span><span class="w"> </span></code></pre> </div> <p>Due to the size of the servercore:ltsc2019 image, the first pull might take 5–10 minutes. Wait for a while and watch for logs or errors using <code>kubectl describe deployment myapp</code>. I recommend tracking the progress using a GUI app, such as <a href="https://k8slens.dev/" rel="noopener noreferrer">Lens Desktop</a>.</p> <p>Open your browser and go to the URL (something.some-region.aksapp.io) presented after running the <code>kubectl get ingress</code> command above. You will now be able to view your first Windows application running on Kubernetes!</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Farlor78gu1ty55rgwy4d.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Farlor78gu1ty55rgwy4d.png" alt="Screenshot of a web browser."></a></p> <h4> Caveats </h4> <p>In contrast to the the benefits of Kubernetes on Windows, there are a few drawbacks to using Windows Containers in AKS:</p> <ul> <li>Node pools are prohibitively more expensive than Linux node pools due to licensing. Bringing your own license with AHUB may alleviate some pain.</li> <li>Windows-based Pods have limited CSI Driver support.</li> <li>Windows versions of your DaemonSets are required. (monitoring, drivers)</li> </ul> <p>Be mindful of the costs of running this setup. The above configuration will cost around $10/day, meaning you can only run it for 2–3 weeks on an Azure free account.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Service</th> <th>Size</th> <th>$/day</th> </tr> </thead> <tbody> <tr> <td>Azure Kubernetes Service</td> <td>Linux, Standard_B2s</td> <td>$1.15</td> </tr> <tr> <td>Azure Container Registry</td> <td>Basic, 25GB Bandwidth</td> <td>$1.37</td> </tr> <tr> <td>Virtual Machine Scale Set</td> <td>Windows, Standard_D2s</td> <td>$7.13</td> </tr> </tbody> </table></div> <p>Run the <code>az aks stop</code> command to stop AKS from draining your wallet, or delete the cluster in its entirety when you are done with it.</p> <h2> Conclusion </h2> <p>With this, you are running your first basic Windows application in Kubernetes. I hope I’ve equipped you with some basic knowledge and tools to start tackling these issues. For a more production-ready environment, I would suggest looking into leveraging Terraform or ARM for infrastructure deployment, enterprise-grade Ingress Controllers, and setting your cluster, registry, and all its dependencies to private.</p> <p>For any questions or inquiries, feel free to <a href="https://www.linkedin.com/in/rdvansloten/" rel="noopener noreferrer">reach out to me on LinkedIn</a> or in the comments!</p> <p><strong>Sources</strong><br> <a href="https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/" rel="noopener noreferrer">kubernetes.io: Windows containers in Kubernetes</a><br> <a href="https://cloudblogs.microsoft.com/windowsserver/2020/04/28/windows-server-container-support-in-azure-kubernetes-service-is-now-generally-available/" rel="noopener noreferrer">Microsoft Windows Server Blog: Windows Server container support in AKS is now generally available</a><br> <a href="https://hub.docker.com/_/microsoft-windows-base-os-images" rel="noopener noreferrer">Docker Hub: Windows base OS images</a><br> <a href="https://blog.sixeyed.com/getting-started-with-kubernetes-on-windows/" rel="noopener noreferrer">blog.sixeyed.com: Getting Started with Kubernetes on Windows</a></p> azure kubernetes powershell docker