support for on-premise OCP

[derek82511]

Can this Operator support for on-premise OCP 4.x ? Or it is in the roadmap?

[aravindhp]

@derek82511, this is on our roadmap.

[jxadro]

Any news?

I think this operator is currently GA, in OpenShift console, in the operator hub tab it is under "Provided by RedHat", not under community.

In the roadmap it was in doubt if VMWare was going to be supported for windows nodes for the GA.

In the documentation it is only listed AWS and Azure.

Are windows nodes created on VMWare or Baremetal supported?

Thank you.

[LorbusChris]

vSphere and Baremetal support are both on the roadmap, but not available yet.

Progress on vSphere support can be tracked here: https://github.com/openshift/windows-machine-config-operator/pull/149 (it's currently blocked on a Windows issue that'll have to be resolved from the Microsoft side)

[jxadro]

Hi @LorbusChris, if I'm not wrong the PR has been currently merged.

What is the plan to move VMWare support for Windows Nodes to GA?

Thank you.

[aravindhp]

@jxadro the plan is to release vSphere IPI support in WMCO in the 2.x version which will be released after OpenShift 4.7.

[aravindhp]

Opened an OpenShift enhancement proposal to add support for Bring Your Own Windows Host: https://github.com/openshift/enhancements/pull/608

[jxadro]

Hi @aravindhp

In the current documentation I read: https://github.com/openshift/windows-machine-config-operator "OKD/OCP 4.6 cluster running on Azure, AWS or vSphere configured with hybrid OVN Kubernetes networking"

With that prerequisite I understand that it is currently possible to deploy windows nodes in vsphere, but in your previous post you said that it will be in WMCO 2.x.

Please could you help to clarify the current status about supporting windows nodes on vmware?

Now that OCP 4.7 has been released, do you have any date about GA of WMCO 2.x?

Thank you.

[jxadro]

I have just installed a 4.7 OpenShift and I only see the community operator 2.0. So I guess the situation is that the windows operator currently support windows on vsphere but it is not GA yet.

Is this correct?

[aravindhp]

Hi @jxadro,

In the current documentation I read: https://github.com/openshift/windows-machine-config-operator "OKD/OCP 4.6 cluster running on Azure, AWS or vSphere configured with hybrid OVN Kubernetes networking"

That should be fixed to say OKD/OCP cluster running on Azure (4.6+), AWS (4.6+) or vSphere (4.7+) configured with hybrid OVN Kubernetes networking.

Now that OCP 4.7 has been released, do you have any date about GA of WMCO 2.x?

It has been scheduled for this week.

So I guess the situation is that the windows operator currently support windows on vsphere but it is not GA yet.

That is correct. To be clear the support is for adding Windows nodes using MachineSets on installer provisioned clusters on vSphere and will not support adding your own Windows hosts.

[jxadro]

Thank you.

[aravindhp]

@jxadro, WMCO 2.0 has been released: OpenShift 4.7: Windows Container Support for Red Hat OpenShift on vSphere

[jandradap]

@jxadro, WMCO 2.0 has been released: OpenShift 4.7: Windows Container Support for Red Hat OpenShift on vSphere

vSphere IPI.

Is vSphere UPI on the roadmap? @aravindhp

[aravindhp]

Is vSphere UPI on the roadmap? @aravindhp

@jandradap yes it is. Please see bring-your-own-windows-host.md

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

[aravindhp]

/remove-lifecycle stale /assign @sebsoto

[aravindhp]

/remove-lifecycle rotten

[jomeier]

Hi, our business is asking for windows container support in our on premises OpenShift cluster with UPI in an air gapped environment running on vSphere.

We also use MachineSets for vSphere to create our worker nodes. We would like to do the same for the windows workers.

Problem: the docs say that ...

• https://docs.openshift.com/container-platform/4.7/windows_containers/windows-containers-release-notes-2-x.html#wmco-2-0-0: Running Windows container workloads is not supported for clusters in a restricted network or disconnected environment. Is that true? Why? Or is this comment already outdated with newer WMCO versions?
• UPI currently seems not to be supported. During our UPI installation we only install the linux masters. All of the workers are created with MachineSets. As far as I understand that's the same with IPI installers. Is creating windows workers with MachineSets supported with UPI OpenShit clusters?
• Is Namespace isolation supported with mixed linux and windows workers?
• What is this VXLan port used for that's mentioned in the docs? https://docs.openshift.com/container-platform/4.7/windows_containers/windows-containers-release-notes-2-x.html

Thanks for your assistance.

Greetings,

Josef

@aravindhp

[jomeier]

I don't see any evidence in the WMCO source code why air gapped environments shouldn't work. The only reason why I could imagine that this is a problem is, that previously files had to be downloaded by the Windows Machine Bootstrapper. Currently this files seem to be included in WMCO's payload:

• cni
• hybrid-overlay-node.exe
• kube-node
• powershell
• windows_exporter.exe
• wmcb.exe

If airgapped installations are now supported, that should be corrected in the docs IMHO.

[sebsoto]

Hi @jomeier at the moment air gapped environments will not work, as the pause image for all Windows pods is set to the image officially provided by microsoft. This is reflected in the WMCB code, which handles the starting/stopping of kubelet.

This will be a limitation for the near future, as we do not currently provide a way to customize kubelet flags.

[jomeier]

@sebsoto: Thanks for your answer. Because we use a pull through cache for docker images where our cluster can get images from the internet, do you think that this might work in that case?

[sebsoto]

@jomeier I can't say with certainty, but as long as you can pull mcr.microsoft.com/oss/kubernetes/pause:3.4.1 from the Windows instance you are trying to join to the cluster it should work.

[sebsoto]

@jomeier I say "should", as I don't know for sure. Github issues are us answering at best effort :) If you have a subscription please open a support case through the Red Hat Customer Portal and you can get more definite answers. Off the top of my head the pause image is the main culprit for preventing air-gapped clusters, but there may be another blocker that I am not thinking of.

[jomeier]

Thank you!

[sebsoto]

@jomeier Circling back here to answer the other questions:

UPI currently seems not to be supported. During our UPI installation we only install the linux masters. All of the workers are created with MachineSets. As far as I understand that's the same with IPI installers. Is creating windows workers with MachineSets supported with UPI OpenShit clusters?

Based on the wording that we put out, it is not officially supported, however as long as there is a Windows Machine (created through a MachineSet), WMCO shouldn't have an issue creating a Windows node. The intent behind not supporting UPI installations, is that we currently only support Windows nodes created through Windows MachineSets, that will change in WMCO release 3.1.0 for OpenShift 4.8, coming soon.

Is Namespace isolation supported with mixed linux and windows workers?

I'm not fully sure what scenario you are asking about

What is this VXLan port used for that's mentioned in the docs? https://docs.openshift.com/container-platform/4.7/windows_containers/windows-containers-release-notes-2-x.html

I'll defer to the vmware docs for that

[jomeier]

That's good news. Thank's a lot, @sebsoto.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[aravindhp]

/close

BYOH support is now available on OKD /OCP 4.8.

[openshift-ci[bot]]

@aravindhp: Closing this issue.

In response to [this](https://github.com/openshift/windows-machine-config-operator/issues/141#issuecomment-952338167): >/close > >BYOH support is now available on OKD /OCP 4.8. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[derek82511]

I've test it in OCP 4.8 and it works. Thanks.