1

I have a requirement to set up Kubernetes on-prem and have Windows worker nodes that run .NET 4.5 containers. Now, while I found this link, I don't particularly like the idea of upgrading the control plane and rotating needed certificates manually.

Has anyone tried to use kubespray to bootstrap a Kubernetes cluster and manually add a Windows worker? Or can share any insight to setting this up?

Thanks for sharing.

Michael Hausenblas
  • 13,162
  • 4
  • 52
  • 66
JuniorPenguin
  • 163
  • 10
  • What do you mean upgrading the control plane? and certs manually? kubeadm creates them for you. – Rico Sep 14 '18 at 22:38
  • control plane - the various kubernetes software, etcd, different version of plugins. Does Kubeadm rotate expired certs for you too? – JuniorPenguin Sep 14 '18 at 23:14
  • found it - [link](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-ha/), and this [link](https://kubernetes.io/docs/tasks/tls/certificate-rotation/) – JuniorPenguin Sep 14 '18 at 23:54

1 Answers1

2

This is an opinion question so I'll answer in an opinionated way.

So kubespray will give you more automation and it actually uses kubeadm to create the control plane and cluster components including your network overlay.

It also provides you with capabilities for upgrades.

Certificate rotation is an option on your kubelet and kubespray also supports it.

The downside of using kubespray is that you may not know how all the Kubernetes components work but if you want something more fully automated and like ansible it's a great choice.

Also the latest kubeadm supports certificate rotation on all your Kubernetes components as per this PR

Rico
  • 58,485
  • 12
  • 111
  • 141
  • Thank you for your answer. Do you know if I am using kubespray, I can manually join windows worker nodes manually without much fuss? Seems like reading around the net, people are having trouble doing this. Thanks a million! – JuniorPenguin Sep 17 '18 at 16:26
  • Hard to tell if you used kubespray initially. Do you have any ansible files somewhere? – Rico Sep 17 '18 at 16:56