Home Explore Blog CI



kubernetes
4th chunk of `content/en/blog/_posts/2017-09-00-Windows-Networking-At-Parity-With-Linux.md`
504fa1e88e7f883b420f5bfc98c10130796fe1c3630ae9900000000100000c1c
 These new platform features and work on kubelet and kube-proxy align with the CNI network model used by Kubernetes on Linux and simplify the deployment of a K8s cluster without additional configuration or custom (Azure) resource templates. To this end, we completed work on CNI network and IPAM plugins to create/remove endpoints and manage IP addresses. The CNI plugin works through kubelet to target the Windows Host Networking Service (HNS) APIs to create an 'l2bridge' network (analogous to macvlan on Linux) which is enforced by the VFP switch extension.  

 The 'l2bridge' network driver re-writes the MAC address of container network traffic on ingress and egress to use the container host's MAC address. This obviates the need for multiple MAC addresses (one per container running on the host) to be "learned" by the upstream network switch port to which the container host is connected. This preserves memory space in physical switch TCAM tables and relies on the Hyper-V virtual switch to do MAC address translation in the host to forward traffic to the correct container. IP addresses are managed by a default, Windows IPAM plug-in which requires that POD CIDR IPs be taken from the container host's network IP space.  

 The team demoed ([link](https://files.slack.com/files-pri/T09NY5SBT-F6KTG30E8/download/sigwindows-2017-08-08.mp4) to video) these new platform features and open-source updates to the SIG-Windows group on 8/8. We are working with the community to merge the kubelet and kube-proxy PRs to mainline these changes in time for the Kubernetes v1.8 release due out this September. These capabilities can then be used on current Windows Server insider builds and the [Windows Server, version 1709](https://blogs.technet.microsoft.com/windowsserver/2017/08/24/sneak-peek-1-windows-server-version-1709/).  

 Soon after RTM, we will also introduce these improvements into the Azure Container Service (ACS) so that Windows worker nodes and the containers hosted are first-class, Azure VNet citizens. An Azure IPAM plugin for Windows CNI will enable these endpoints to directly attach to Azure VNets with network policies for Windows containers enforced the same way as VMs.  



| Feature | Windows Server 2016 (In-Market) | Next Windows Server Feature Release, Semi-Annual Channel | Linux |
| Multiple Containers per Pod with shared network namespace (Compartment) | One Container per Pod | ✔ | ✔ |
| Single (Shared) Endpoint per Pod | Two endpoints: WinNAT (External) + Transparent (Intra-Cluster) | ✔ | ✔ |
| User-Mode, Load Balancing | ✔ | ✔ | ✔ |
| Kernel-Mode, Load Balancing |  Not Supported | ✔ | ✔ |
| Support for DNS search suffixes per Pod (Docker update) | Kube-Proxy  added multiple DNS suffixes to each request | ✔ | ✔ |
| CNI Plugin Support |  Not Supported | ✔ | ✔ |
  

 The Kubernetes SIG Windows group meets bi-weekly on Tuesdays at 12:30 PM ET. To join or view notes from previous meetings, check out this [document](https://docs.google.com/document/d/1Tjxzjjuy4SQsFSUVXZbvqVb64hjNAG5CQX8bK7Yda9w/edit#heading=h.kbz22d1yc431).
Title: Kubernetes Integration and Roadmap for Windows Server
Summary
New platform features align with the CNI network model used by Kubernetes on Linux, simplifying K8s cluster deployment. CNI network and IPAM plugins create/remove endpoints and manage IP addresses using Windows Host Networking Service (HNS) APIs. The team demoed these updates to SIG-Windows, working towards merging changes for Kubernetes v1.8. These features will be introduced into Azure Container Service (ACS) post-RTM. A table outlines feature support across Windows Server 2016, the next Windows Server release, and Linux, highlighting improvements. The Kubernetes SIG Windows group meets bi-weekly.