You can ensure your Windows nodes have the latest updates by upgrading the Windows Machine Config Operator (WMCO).

Windows Machine Config Operator upgrades

When a new version of the Windows Machine Config Operator (WMCO) is released that is compatible with the current cluster version, the Operator is upgraded based on the upgrade channel and subscription approval strategy it was installed with when using the Operator Lifecycle Manager (OLM). The WMCO upgrade results in the Kubernetes components in the Windows machine being upgraded.

Because WMCO 6.0.0 uses containerd as the default container runtime instead of Docker, note the following changes that are made during the upgrade:

  • For nodes created using a machine set:

    • All machine objects are deleted, which results in the draining and deletion of any Windows nodes.

    • New Windows nodes are created.

    • The upgraded WMCO configures the new Windows nodes with containerd as the default runtime.

    • After the new Windows nodes join the OpenShift Container Platform cluster, you can deploy pods on those nodes.

  • For Bring-Your-Own-Host (BYOH) nodes:

    • The kubelet, kube-proxy, CNI, and the hybrid-overlay components, which were installed by the WMCO, are all uninstalled.

    • Any Windows OS-specific configurations that were created as part of configuring the instance, such as HNS networks, are deleted or reverted.

    • The WMCO installs containerd as the default runtime, and reinstalls the kubelet, kube-proxy, CNI, and hybrid-overlay components.

    • The kubelet service starts.

    • After the new Windows nodes join the OpenShift Container Platform cluster, you can deploy pods on those nodes.

    • If any Docker service is present, it continues to run. Alternatively, you can manually uninstall Docker.

If you are upgrading to a new version of the WMCO and want to use cluster monitoring, you must have the openshift.io/cluster-monitoring=true label present in the WMCO namespace. If you add the label to a pre-existing WMCO namespace, and there are already Windows nodes configured, restart the WMCO pod to allow monitoring graphs to display.

For a non-disruptive upgrade, the WMCO terminates the Windows machines configured by the previous version of the WMCO and recreates them using the current version. This is done by deleting the Machine object, which results in the drain and deletion of the Windows node. To facilitate an upgrade, the WMCO adds a version annotation to all the configured nodes. During an upgrade, a mismatch in version annotation results in the deletion and recreation of a Windows machine. To have minimal service disruptions during an upgrade, the WMCO only updates one Windows machine at a time.

The WMCO is only responsible for updating Kubernetes components, not for Windows operating system updates. You provide the Windows image when creating the VMs; therefore, you are responsible for providing an updated image. You can provide an updated Windows image by changing the image configuration in the MachineSet spec.

For more information on Operator upgrades using the Operator Lifecycle Manager (OLM), see Updating installed Operators.