I'd like to run Windows containers in GKE.
Is it possible to use Windows Server Containers OS in Google Kubernetes Engine?
I see Windows Server Containers OS is available in Compute Engine and seems that Kubernetes support is available for Windows.
It is possible to run Windows containers, but only as a container in a Compute Engine VM instance.
I would refer you to this article in the GCP blog. Please be aware that there a few known issues that you should read before deploying Windows containers in Windows VM instances.
For GKE, there is currently a Feature Request. Other customers have asked to include future support for Windows containers in GKE. This is a request through official means. Google will consider the need based on its feasibility, or the number of customers who ask for it, but they can't guarantee an implementation or provide you with an ETA for it.
Related
This is Yaseen Zafar. DevOps Engineer from Integrated Dealer Systems. We have multiple customers whose servers are hosted on multiple locations from Canada to America. They are hosted on premises (i.e. they are not currently on Azure). Though we are currently using Microsoft Azure Log Analytics to get some insights of the Windows and Linux Servers. So far it has been a very good experience.
Actually I wanted to know if there is any solution available on Azure that can show me firewall related logs, rules, IP and port details ingested from the Windows and Linux Servers that are hosted on premise location.
Best Regards.
Yaseen Zafar
• Yes, there is a way through which you can forward your on-premises firewall logs to Azure log analytics workspace since almost every firewall device has syslog functionality in built in it to forward logs to a log management server on a specific port. Thus, similarly, on-premises firewall logs that include all data collected related to the traffic passed inbound and outbound to the environment can be forwarded to a Linux virtual machine which then can be forwarded to the Azure Log Analytics.
• Syslog is the cross-platform equivalent of Windows Event log which can be leveraged by forwarding these syslog messages to Azure Log Analytics through Linux machines. This linux system should be deployed as a virtual appliance (VM) in on-premises or in Azure cloud such that the syslog-generating firewalls can communicate directly with them. The Linux forwarder can be on-premises physically near the firewall, or it can be in Azure or another cloud, connected to your firewall by an IPSEC tunnel. The Linux computer has a Log Analytics agent configured to communicate with your Log Analytics workspace.
• Once your firewall is connected to Azure Log Analytics you should create a custom dashboard solution that suits your needs. You will have excellent visibility and gain a lot of insight into your firewall operation by studying the collected and indexed syslog data in the Log search feature of the Azure portal. You will notice which types of data your firewall is delivering and learn what to monitor to meet your business and security needs.
Please find the below links for more information on how to configure the Linux virtual machine as a syslog forwarder and how to implement the above stated solution as a whole: -
https://blog.johnjoyner.net/connect-your-firewall-to-azure-log-analytics-for-security-insights/
https://accountabilit.com/azure-log-analytics-best-syslog-destination/
Microsoft recently announced the GA for "Bridge to Kubernetes" which enables hybrid development on a kubernetes cluster. Does it also support on-premise kubernetes cluster (without an Internet connection)?
As you can read here:
Bridge to Kubernetes is expanding support to any Kubernetes. Whether
you’re connecting to your development cluster running in the cloud, or
to your local Kubernetes cluster, Bridge to Kubernetes is available
for your end-to-end debugging scenarios.
Support for Bridge to Kubernetes on any Kubernetes cluster is
initially available in the VS Code experience and soon after in Visual
Studio.
So yes, you can use it also with your local kubernetes environment.
More on its usage and configuration you can read in Microsoft's official docs.
You may also take a look at Use Bridge to Kubernetes with Visual Studio Code.
Hey I'm running a Kubernetes cluster on Azure using ACS.
My question is if there is any way to add a Windows agent to the cluster without completely rebuilding the cluster?
I know this is possible for Linux distro's depending on what you use but I wonder if anyone knows a way to do this for Windows agents?
If you have deployed your cluster using the Azure portal then you can simply follow the instructions here https://learn.microsoft.com/en-us/azure/container-service/container-service-scale
But if you have deployed using the ACS engine and ARM template then currently there is an issue that it does not creates the acs resource.
I'm currently experimenting with Swarm Services with Docker for Windows. The new Win10 Insider build supports overlay networking for Windows containers and I was pleased to see my IIS service actually starting. The only issue i came across is that i can not reach the service in the browser, despite trying multiple things such as different ports and networks. The command issued is as following:
docker service create --name webfarm -p 80:80 microsoft/iis
I have also tried to use the --network flag to try different networks and I have made sure to test all IP addresses visible in the docker service inspect webfarm command.
docker service ps webfarm does indicate that my service is in state RUNNING and does not have any errors, so i don't know what else i can try. Especially since these commands worked fine on Linux with Apache.
I was wondering if anyone has been able to successfully create a service using Windows Containers on the Windows Insider build (15046), and if so, how?
Never mind, i found this actually is not supported yet.
The following source states:
"At the moment only DNS round robin is implemented as described in the Microsoft blog post. You cannot use to publish ports externally right now. More to come in the near future." (https://stefanscherer.github.io/docker-swarm-mode-windows10/)
And indeed, the blogposts states the following:
"Currently, Windows supports DNS Round-Robin load balancing between services. The routing mesh for Windows Docker hosts is not yet supported, but will be coming soon. Users seeking an alternative load balancing strategy today can setup an external load balancer (e.g. NGINX) and use Swarm’s publish-port mode to expose container host ports over which to load balance." (https://blogs.technet.microsoft.com/virtualization/2017/02/09/overlay-network-driver-with-support-for-docker-swarm-mode-now-available-to-windows-insiders-on-windows-10/)
I guess I'll have to wait for this feature, in the meantime I will use the alternative.
Can you install and run your own windows services on ec2? Does it have MSMQ?
Yes, you can. You can also install MSMQ, and I can confirm that it works perfectly.
First you need to create an EBS volume, using a snapshot of the appropriate Windows installation media:
Install windows services on EC2 http://img515.imageshack.us/img515/9644/aws.png
Then simply attach the EBS volume to your Windows instance. At this stage, you would be able to install any Windows service, such as MSMQ and IIS, that did not come pre-installed with the original AMI.
You could also take advantage of Amazon Simple Queue Service. It's exposed as a webservice so you could easily communicate with it from your Windows Service or virtually any other platform/technology.
Yes, you can install any software that you like.
I don't know for sure if MSMQ is available or not. If you don't get a specific answer here you could post on the AWS forums, or if you have an account, fire up an instance and test it out (e.g. using this AMI).