Windows Server containers on GKE


This page provides an overview of Windows Server containers in Google Kubernetes Engine (GKE). To learn how to create a cluster, see Creating a cluster using Windows Server node pools.

Overview

Using Windows Server containers on GKE enables you to take advantage of the benefits of Kubernetes: agility, speed of deployment and simplified management of your Windows Server applications. You can run your Windows Server and Linux containers side by side in the same cluster, which allows for a central management plane for both container platforms. Microsoft Hyper-V containers are not currently supported.

Node images

You can build your Windows Server container node images using Windows Server Semi-Annual Channel (SAC) or Windows Server Long-Term Servicing Channel (LTSC). A single cluster can have multiple Windows Server node pools using different Windows Server versions, but each individual node pool can only use one Windows Server version. To learn more about the differences between these versions, see Choosing your Windows Server node images.

Storage

Your Windows Server containers can take advantage of many of the storage options that GKE provides. For an example of using GKE storage options with Windows, see Local SSDs.

When working with Windows Server containers, you must create a StorageClass object, and specify the name of that object in the storageClassName field of the PersistentVolumeClaim object because the ext4 file storage type is not supported with Windows. If you are using a Compute Engine persistent disk, you must use NTFS as the file storage type.

The Compute Engine persistent disk CSI Driver is also available for Windows Server containers. For more details, see Using the Compute Engine persistent disk CSI Driver.

Security

Like Linux containers, Windows containers provide a process and resource isolation boundary. Windows Server containers can be used for enterprise multi-tenancy. However, because Microsoft does not intend to service Windows container escape vulnerabilities, the use of Windows nodes is not recommended in hostile multi-tenancy scenarios or those where differing risk levels are needed. Instead, give each application or development team a separate cluster and Google Cloud project to achieve isolation.

Feature limitations

There are some Kubernetes features that are not yet supported for Windows Server containers. In addition, some features are Linux-specific and do not work for Windows. For the complete list of supported and unsupported Kubernetes features, see the Kubernetes documentation.

In addition to the unsupported Kubernetes features, there are some GKE features that are not supported.

For GKE clusters, the following features are not supported with Windows Server node pools:

Local External Traffic Policy on Windows node pool is only supported with GKE version v1.23.4-gke.400 or later.

Other Google Cloud products that you want to use with GKE clusters might not support Windows Server node pools. For specific limitations, refer to the documentation of that product.

Resources

The following sections provide links to relevant resources for Windows Server containers on GKE.

Discover

Review these resources to discover information about Windows on GKE:

Get started

Consider these resources for getting started:

Create & deploy

For guidance on creating and deploying your applications, see these pages:

Integrate with Active Directory

For guidance on Active Directory integration, see these pages:

Troubleshoot

For help with troubleshooting, see Collecting diagnostic information.

Explore

To explore and learn about using GKE Enterprise for Windows, see these resources:

Partner solutions

When you modernize your applications, you also want to incorporate them into an end-to-end DevOps management experience that works with your existing tooling and workflows. To that end, Google has worked with several partners to make sure that your build, test, deploy, config and monitoring applications work well with Windows containers. Here are some use cases and partner solutions that we've tested to support Windows containers in GKE:

Use case Description Partner
CI/CD Partner's CI/CD solution can build, test and deploy applications running on Windows containers.
Observability Partner's ITOps and application performance management (APM) solution can collect telemetry and provide visibility (dashboards, reports, insights) for infrastructure and applications managed on Windows containers.
Config management and policy Patner's solution provides secrets management or provisioning capabilities for Windows applications on Google Cloud.
Security Patner's solution can secure the development and configuration of an application that runs on Windows containers.