×

About Red Hat OpenShift support for Windows Containers

Red Hat OpenShift support for Windows Containers enables running Windows compute nodes in an OpenShift Container Platform cluster. Running Windows workloads is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes. With Windows nodes available, you can run Windows container workloads in OpenShift Container Platform.

These release notes track the development of the WMCO, which provides all Windows container workload capabilities in OpenShift Container Platform.

Version 5.x of the WMCO is compatible only with OpenShift Container Platform 4.10.

Because Microsoft has stopped publishing Windows Server 2019 images with Docker, Red Hat no longer supports Windows Azure for WMCO releases earlier than version 6.0.0. For WMCO 5.y.z and earlier, Windows Server 2019 images must have Docker pre-installed. WMCO 6.0.0 and later uses containerd as the runtime. You can upgrade to OpenShift Container Platform 4.11, which uses WMCO 6.0.0.

Getting support

Red Hat OpenShift support for Windows Containers is provided and available as an optional, installable component. Windows Container Support for Red Hat OpenShift is not part of the OpenShift Container Platform subscription. It requires an additional Red Hat subscription and is supported according to the Scope of coverage and Service level agreements.

You must have this separate subscription to receive support for Windows Container Support for Red Hat OpenShift. Without this additional Red Hat subscription, deploying Windows container workloads in production clusters is not supported. You can request support through the Red Hat Customer Portal.

For more information, see the Red Hat OpenShift Container Platform Life Cycle Policy document for Red Hat OpenShift support for Windows Containers.

If you do not have this additional Red Hat subscription, you can use the Community Windows Machine Config Operator, a distribution that lacks official support.

Release notes for Red Hat Windows Machine Config Operator 5.1.1

This release of the WMCO is now available with a bug fix and a few improvements. The components of the WMCO 5.1.1 are now available in RHBA-2023:4487. https://errata.devel.redhat.com/advisory/101759

Bug fix

  • Previously, an endpoint object missing required information caused the WMCO pod to fail during startup. With this fix, WMCO verifies the endpoint object is present with the required fields. As a result, WMCO is able to start and reconcile an invalid or misconfigured endpoint object. (OCPBUGS-5131)

Removed features

Support for Microsoft Azure has been removed

Support for Microsoft Azure has been removed. Microsoft is removing images from the Azure registry that have Docker preinstalled, which is a prerequisite for using the WCMO 5.x on Microsoft Azure.

Release notes for Red Hat Windows Machine Config Operator 5.1.0

This release of the WMCO is now available with a bug fix and a few improvements. The components of the WMCO 5.1.0 is now available in RHBA-2022:4989-01.

Bug fix

Previously, the reverse DNS lookup of Windows Bring-Your-Own-Host (BYOH) instances failed when the node’s external IP was present without pointer records (PTR). With this release, the WMCO looks in the other node addresses until a reverse lookup record is found, if the PTR record is not present in the first node IP address. As a result, the reverse configuration of Windows BYOH instances succeed when the node external IP address is present without a PTR record. (BZ#2081825)

Known Issue

Windows machine sets cannot scale up when the publicIP parameter is set to false in machineSets on Microsoft Azure. This issue is tracked by (BZ#2091642).

New features and improvements

Windows node certificates are updated

With this release, the WMCO updates the Windows node certificates when the kubelet client certificate authority (CA) certificate rotates.

Windows Server 2022 support

With this release, Windows Server 2022 now supports VMware vSphere and Bare metal.

Release notes for Red Hat Windows Machine Config Operator 5.0.0

This release of the WMCO provides bug fixes for running Windows compute nodes in an OpenShift Container Platform cluster. The components of the WMCO 5.0.0 were released in RHSA-2022:0577.

  • Previously, Windows Containers on Windows Nodes could get assigned an incorrect DNS server IP. This caused DNS resolution to fail. This fix removes the hard-coded cluster DNS information and the DNS server IP is now passed as a command-line argument. As a result, Windows Containers on Windows Nodes get assigned a valid DNS Server IP and DNS resolution works for Windows workloads. (BZ#1994859)

  • Previously, certain commands being run by the WMCO against Windows VMs that used PowerShell as the default SSH shell were not parsed correctly. As a result, these VMs could not be added to a cluster as a node. With this fix the WMCO identifies the default SSH shell of a VM and runs commands accordingly. As a result, VMs with PowerShell as the default SSH shell can now be added to the cluster as a node. (BZ#2000772)

  • Previously, if a Bring-Your-Own-Host (BYOH) VM was specified with a DNS object, the WMCO was not properly associating the VM with its node object. This caused the WMCO to attempt to configure VMs that were already fully configured. With this fix the WMCO correctly resolves the DNS address of the VMs when looking for an associated node. As a result, BYOH VMs are now only configured when needed. (BZ#2005360)

  • Previously, if the windows-exporter metrics endpoint object contained a reference to a deleted machine, the WMCO ignored Deleting phase notification event for those machines. This fix removes the validation of the machine object from event filtering. As a result, the windows-exporter metrics endpoint object is correctly updated even when the machine is still deleting. (BZ#2008601)

  • Previously, if an entity other than the WMCO modified the certificate signing request (CSR) associated with a BYOH node, the WMCO would have a stale reference to the CSR and would be unable to approve it. With this fix, if an update conflict is detected, the WMCO retries the CSR approval until a specified timeout. As a result, the CSR processing completes as expected. (BZ#2032048)

Windows Machine Config Operator prerequisites

The following information details the supported platform versions, Windows Server versions, and networking configurations for the Windows Machine Config Operator. See the vSphere documentation for any information that is relevant to only that platform.

Because Microsoft has stopped publishing Windows Server 2019 images with Docker, Red Hat no longer supports Windows Azure for WMCO releases earlier than version 6.0.0. For WMCO 5.y.z and earlier, Windows Server 2019 images must have Docker pre-installed. WMCO 6.0.0 and later uses containerd as the runtime. You can upgrade to OpenShift Container Platform 4.11, which uses WMCO 6.0.0.

WMCO 5.1.x supported platforms and Windows Server versions

The following table lists the Windows Server versions that are supported by WMCO 5.1.1 and 5.1.0, based on the applicable platform. Windows Server versions not listed are not supported and attempting to use them will cause errors. To prevent these errors, use only an appropriate version for your platform.

Platform Supported Windows Server version

Amazon Web Services (AWS)

Windows Server 2019 (version 1809)

Microsoft Azure

Windows Server 2019 (version 1809)

VMware vSphere

Windows Server Long-Term Servicing Channel (LTSC): Windows Server 2022 (OS Build 20348.681 or later).

Bare metal or provider agnostic

  • Windows Server 2022 Long-Term Servicing Channel (LTSC). OS Build 20348.681 or later.

  • Windows Server 2019 (version 1809)

WMCO 5.0.0 supported platforms and Windows Server versions

The following table lists the Windows Server versions that are supported by WMCO 5.0.0, based on the applicable platform. Windows Server versions not listed are not supported and attempting to use them will cause errors. To prevent these errors, use only the appropriate version for your platform.

Platform Supported Windows Server version

Amazon Web Services (AWS)

Windows Server 2019 (version 1809)

VMware vSphere

Windows Server 2022 Long-Term Servicing Channel (LTSC). OS Build 20348.681 or later.

Bare metal or provider agnostic

Windows Server 2019 (version 1809)

Supported networking

Hybrid networking with OVN-Kubernetes is the only supported networking configuration. See the additional resources below for more information on this functionality. The following tables outline the type of networking configuration and Windows Server versions to use based on your platform. You must specify the network configuration when you install the cluster. Be aware that OpenShift SDN networking is the default network for OpenShift Container Platform clusters. However, OpenShift SDN is not supported by WMCO.

Table 1. Platform networking support
Platform Supported networking

Amazon Web Services (AWS)

Hybrid networking with OVN-Kubernetes

Microsoft Azure

Hybrid networking with OVN-Kubernetes

VMware vSphere

Hybrid networking with OVN-Kubernetes with a custom VXLAN port

bare metal

Hybrid networking with OVN-Kubernetes

Table 2. WMCO 5.1.0 Hybrid OVN-Kubernetes Windows Server support
Hybrid networking with OVN-Kubernetes Supported Windows Server version

Default VXLAN port

Windows Server 2019 (version 1809)

Custom VXLAN port

Windows Server 2022 Long-Term Servicing Channel (LTSC). OS Build 20348.681 or later

Table 3. WMCO 5.0.0 Hybrid OVN-Kubernetes Windows Server support
Hybrid networking with OVN-Kubernetes Supported Windows Server version

Default VXLAN port

Windows Server 2019 (version 1809)

Custom VXLAN port

Windows Server 2022 Long-Term Servicing Channel (LTSC). OS Build 20348.681 or later

Known limitations

Note the following limitations when working with Windows nodes managed by the WMCO (Windows nodes):

  • The following OpenShift Container Platform features are not supported on Windows nodes:

    • Image builds

    • OpenShift Pipelines

    • OpenShift Service Mesh

    • OpenShift monitoring of user-defined projects

    • OpenShift Serverless

    • Horizontal Pod Autoscaling

    • Vertical Pod Autoscaling

  • The following Red Hat features are not supported on Windows nodes:

  • Windows nodes do not support pulling container images from private registries. You can use images from public registries or pre-pull the images.

  • Windows nodes do not support workloads created by using deployment configs. You can use a deployment or other method to deploy workloads.

  • Windows nodes are not supported in clusters that use a cluster-wide proxy. This is because the WMCO is not able to route traffic through the proxy connection for the workloads.

  • Windows nodes are not supported in clusters that are in a disconnected environment.

  • Red Hat OpenShift support for Windows Containers does not support adding Windows nodes to a cluster through a trunk port. The only supported networking configuration for adding Windows nodes is through an access port that carries traffic for the VLAN.

  • Red Hat OpenShift support for Windows Containers supports only in-tree storage drivers for all cloud providers.

  • Kubernetes has identified the following node feature limitations :

    • Huge pages are not supported for Windows containers.

    • Privileged containers are not supported for Windows containers.

    • Pod termination grace periods require the containerd container runtime to be installed on the Windows node.

  • Kubernetes has identified several API compatibility issues.