- Deploy an AKS cluster with BYOCNI mode.
- Configure Calico using VXLAN.
- Add a Windows 2019 or 2022 nodepool.
- Configure strict affinity for the ip pools.
- Follow the instructions on Installing Calico for Windows using HostProcess Containers with the following modifications:
- In calico-windows.yaml, make the following changes:
- Set K8S_SERVICE_CIDR and K8S_NAME_SERVERS appropriately for your environment.
- Set CNI_BIN_DIR to "C:\k\azurecni\bin"
- Set CNI_CONF_DIR to "C:\k\azurecni\netconf"
- Add an initContainer to the calico-node-windows DaemonSet to delete the Azure CNI configuration that's present by default:
- name: delete-azure-cni image: calico/windows:v3.24.5 command: - powershell.exe - -Command - "Get-Item -ErrorAction SilentlyContinue C:\\k\\azurecni\\netconf\\10-azure.conf | Remove-Item; exit 0" imagePullPolicy: Always
- The default installation of kube-proxy will not start without Azure CNI, so you have to bring your own kube-proxy per step 7 on the Calico install instructions, referencing windows-kube-proxy.yaml for the following modifications:
- In the ConfigMap, remove the lines that modify kubeConfig and set
$kubeConfigPath = "C:\k\config" - Set K8S_VERSION appropriately in the environment variables
- Add a tolarations block:
tolerations: - operator: Exists effect: NoSchedule
- Duplicate the Daemonset, using the following configurations:
- Windows Server 2019
- image: mcr.microsoft.com/windows/nanoserver:ltsc2019
- nodeSelector: kubernetes.azure.com/os-sku: Windows2019
- Windows Server 2022
- image: mcr.microsoft.com/windows/nanoserver:ltsc2022
- nodeSelector: kubernetes.azure.com/os-sku: Windows2022
- Windows Server 2019
- In the ConfigMap, remove the lines that modify kubeConfig and set
- In calico-windows.yaml, make the following changes:
cloud-node-manager-windows is currently unable to reach IMDS from its pod - how can we build a route to 169.254.169.254?