openshift · codyhoag · Dec 14, 2020 · Aug 12, 2020
diff --git a/_topic_map.yml b/_topic_map.yml
@@ -386,6 +386,8 @@ Topics:
     File: troubleshooting-s2i
   - Name: Troubleshooting storage issues
     File: troubleshooting-storage-issues
+  - Name: Troubleshooting Windows container workload issues
+    File: troubleshooting-windows-container-workload-issues
   - Name: Investigating monitoring issues
     File: investigating-monitoring-issues
   - Name: Diagnosing OpenShift CLI (oc) issues
@@ -753,6 +755,8 @@ Topics:
   - Name: Disabling multicast for a project
     File: disabling-multicast
     Distros: openshift-origin,openshift-enterprise,openshift-webscale
+  - Name: Configuring hybrid networking
+    File: configuring-hybrid-networking
 - Name: Configuring Routes
   Dir: routes
   Topics:
@@ -1367,6 +1371,32 @@ Topics:
   - Name: Using remote worker node at the network edge
     File: nodes-edge-remote-workers
 ---
+Name: OpenShift for Windows Containers
+Dir: windows_containers
+Distros: openshift-origin,openshift-enterprise,openshift-webscale
+Topics:
+- Name: OpenShift for Windows Containers release notes
+  File: windows-containers-release-notes
+- Name: Understanding Windows container workloads
+  File: understanding-windows-container-workloads
+- Name: Enabling Windows container workloads
+  File: enabling-windows-container-workloads
+- Name: Creating Windows MachineSet objects
+  Dir: creating_windows_machinesets
+  Topics:
+  - Name: Creating a Windows MachineSet object on AWS
+    File: creating-windows-machineset-aws
+  - Name: Creating a Windows MachineSet object on Azure
+    File: creating-windows-machineset-azure
+- Name: Scheduling Windows container workloads
+  File: scheduling-windows-workloads
+- Name: Windows node upgrades
+  File: windows-node-upgrades
+- Name: Removing Windows nodes
+  File: removing-windows-nodes
+- Name: Disabling Windows container workloads
+  File: disabling-windows-container-workloads
+---
 Name: Logging
 Dir: logging
 Distros: openshift-enterprise,openshift-webscale,openshift-origin,openshift-dedicated

diff --git a/images/mixed-windows-linux-workloads.png b/images/mixed-windows-linux-workloads.png
diff --git a/images/wmco-design.png b/images/wmco-design.png
diff --git a/installing/installing_aws/installing-aws-network-customizations.adoc b/installing/installing_aws/installing-aws-network-customizations.adoc
@@ -73,6 +73,13 @@ include::modules/nw-aws-nlb-new-cluster.adoc[leveloffset=+1]
 
 include::modules/nw-operator-cr.adoc[leveloffset=+1]
 
+include::modules/configuring-hybrid-ovnkubernetes.adoc[leveloffset=+1]
+
+[NOTE]
+====
+For more information on using Linux and Windows nodes in the same cluster, see xref:../../windows_containers/understanding-windows-container-workloads.adoc#understanding-windows-container-workloads[Understanding Windows container workloads].
+====
+
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
 include::modules/cli-installing-cli.adoc[leveloffset=+1]

diff --git a/installing/installing_azure/installing-azure-network-customizations.adoc b/installing/installing_azure/installing-azure-network-customizations.adoc
@@ -49,6 +49,12 @@ include::modules/installation-azure-config-yaml.adoc[leveloffset=+2]
 // Network Operator specific configuration
 include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
 include::modules/nw-operator-cr.adoc[leveloffset=+1]
+include::modules/configuring-hybrid-ovnkubernetes.adoc[leveloffset=+1]
+
+[NOTE]
+====
+For more information on using Linux and Windows nodes in the same cluster, see xref:../../windows_containers/understanding-windows-container-workloads.adoc#understanding-windows-container-workloads[Understanding Windows container workloads].
+====
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 

diff --git a/modules/accessing-windows-node-using-rdp.adoc b/modules/accessing-windows-node-using-rdp.adoc
@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
+
+[id="accessing-windows-node-using-rdp_{context}"]
+= Accessing a Windows node using RDP
+
+You can access a Windows node by using a Remote Desktop Protocol (RDP).
+
+.Prerequisites
+
+* You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
+* You have created a Windows machine set.
+* You have added the key used in the `cloud-private-key` secret and the key used when creating the cluster to the ssh-agent. For security reasons, remember to remove the keys from the ssh-agent after use.
+* You have connected to the Windows node link:https://access.redhat.com/solutions/4073041[using an `ssh-bastion` pod].
+
+.Procedure
+
+. Run the following command to set up an SSH tunnel:
++
+[source,terminal]
+----
+$ ssh -L 2020:<windows_node_internal_ip>:3389 \ <1>
+    core@$(oc get service --all-namespaces -l run=ssh-bastion -o go-template="{{ with (index (index .items 0).status.loadBalancer.ingress 0) }}{{ or .hostname .ip }}{{end}}")
+----
+<1> Specify the internal IP address of the node, which can be discovered by running the following command:
++
+[source,terminal]
+----
+$ oc get nodes <node_name> -o jsonpath={.status.addresses[?\(@.type==\"InternalIP\"\)].address}
+----
+
+. From within the resulting shell, SSH into the Windows node and run the following command to create a password for the user:
++
+[source,terminal]
+----
+C:\> net user <username> * <1>
+----
+<1> Specify the cloud provider user name, such as `Administrator` for AWS or `capi` for Azure.
+
+You can now remotely access the Windows node at `localhost:2020` using an RDP client.
diff --git a/modules/accessing-windows-node-using-ssh.adoc b/modules/accessing-windows-node-using-ssh.adoc
@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
+
+[id="accessing-windows-node-using-ssh_{context}"]
+= Accessing a Windows node using SSH
+
+You can access a Windows node by using a secure shell (SSH).
+
+.Prerequisites
+
+* You have installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
+* You have created a Windows machine set.
+* You have added the key used in the `cloud-private-key` secret and the key used when creating the cluster to the ssh-agent. For security reasons, remember to remove the keys from the ssh-agent after use.
+* You have connected to the Windows node link:https://access.redhat.com/solutions/4073041[using an `ssh-bastion` pod].
+
+.Procedure
+
+* Access the Windows node by running the following command:
++
+[source,terminal]
+----
+$ ssh -t -o StrictHostKeyChecking=no -o ProxyCommand='ssh -A -o StrictHostKeyChecking=no \
+    -o ServerAliveInterval=30 -W %h:%p core@$(oc get service --all-namespaces -l run=ssh-bastion \
+    -o go-template="{{ with (index (index .items 0).status.loadBalancer.ingress 0) }}{{ or .hostname .ip }}{{end}}")' <username>@<windows_node_internal_ip> <1> <2>
+----
+<1> Specify the cloud provider username, such as `Administrator` for Amazon Web Services (AWS) or `capi` for Microsoft Azure.
+<2> Specify the internal IP address of the node, which can be discovered by running the following command:
++
+[source,terminal]
+----
+$ oc get nodes <node_name> -o jsonpath={.status.addresses[?\(@.type==\"InternalIP\"\)].address}
+----
diff --git a/modules/collecting-docker-logs-windows.adoc b/modules/collecting-docker-logs-windows.adoc
@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
+
+[id="collecting-docker-logs-windows_{context}"]
+= Collecting Docker logs for Windows containers
+
+The Windows Docker service does not stream its logs to stdout, but instead, logs to the event log for Windows. You can view the Docker event logs to investigate issues you think might be caused by the Windows Docker service.
+
+.Prerequisites
+
+* You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
+* You have created a Windows machine set.
+
+.Procedure
+
+. SSH into the Windows node and enter PowerShell:
++
+[source,terminal]
+----
+C:\> powershell
+----
+
+. View the Docker logs by running the following command:
++
+[source,terminal]
+----
+C:\> Get-EventLog -LogName Application -Source Docker
+----
diff --git a/modules/collecting-kube-node-logs-windows.adoc b/modules/collecting-kube-node-logs-windows.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
+
+[id="collecting-kube-node-logs-windows_{context}"]
+= Collecting Kubernetes node logs for Windows containers
+
+Windows container logging works differently from Linux container logging; the Kubernetes node logs for Windows workloads are streamed to the `C:\k\logs` directory by default. Therefore, you must gather the Windows node logs from that directory.
+
+.Prerequisites
+
+* You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
+* You have created a Windows machine set.
+
+.Procedure
+
+. To view the logs under all directories in `C:\k\logs`, run the following command:
++
+[source,terminal]
+----
+$ oc adm node-logs -l kubernetes.io/os=windows --path= \
+    /ip-10-0-138-252.us-east-2.compute.internal containers \
+    /ip-10-0-138-252.us-east-2.compute.internal hybrid-overlay \
+    /ip-10-0-138-252.us-east-2.compute.internal kube-proxy \
+    /ip-10-0-138-252.us-east-2.compute.internal kubelet \
+    /ip-10-0-138-252.us-east-2.compute.internal pods
+----
+
+. You can now list files in the directories using the same command and view the individual log files. For example, to view the kubelet logs, run the following command:
++
+[source,terminal]
+----
+$ oc adm node-logs -l kubernetes.io/os=windows --path=/kubelet/kubelet.log
+----
diff --git a/modules/collecting-windows-application-event-logs.adoc b/modules/collecting-windows-application-event-logs.adoc
@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * support/troubleshooting/troubleshooting-windows-container-workload-issues.adoc
+
+[id="collecting-windows-application-event-logs_{context}"]
+= Collecting Windows application event logs
+
+The `Get-WinEvent` shim on the kubelet `logs` endpoint can be used to collect application event logs from Windows machines.
+
+.Prerequisites
+
+* You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
+* You have created a Windows machine set.
+
+.Procedure
+
+* To view logs from all applications logging to the event logs on the Windows machine, run:
++
+[source,terminal]
+----
+$ oc adm node-logs -l kubernetes.io/os=windows --path=journal
+----
++
+The same command is executed when collecting logs with `oc adm must-gather`.
++
+Other Windows application logs from the event log can also be collected by specifying the respective service with a `-u` flag. For example, you can run the following command to collect logs for the docker runtime service:
++
+[source,terminal]
+----
+$ oc adm node-logs -l kubernetes.io/os=windows --path=journal -u docker
+----
diff --git a/modules/configuring-hybrid-ovnkubernetes.adoc b/modules/configuring-hybrid-ovnkubernetes.adoc
@@ -0,0 +1,85 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_aws/installing-aws-network-customizations.adoc
+// * installing/installing_azure/installing-azure-network-customizations.adoc
+// * networking/ovn_kubernetes_network_provider/configuring-hybrid-networking.adoc
+
+[id="configuring-hybrid-ovnkubernetes_{context}"]
+= Configuring hybrid networking with OVN-Kubernetes
+
+You can configure your cluster to use hybrid networking with OVN-Kubernetes. This allows a hybrid cluster that supports different node networking configurations. For example, this is necessary to run both Linux and Windows nodes in a cluster.
+
+[IMPORTANT]
+====
+You must configure hybrid networking with OVN-Kubernetes during the installation of your cluster. You cannot switch to hybrid networking after the installation process.
+====
+
+.Prerequisites
+
+* You defined `OVNKubernetes` for the `networking.networkType` parameter in the `install-config.yaml` file.
+
+.Procedure
+
+. Use the following command to create manifests:
++
+[source,terminal]
+----
+$ ./openshift-install create manifests --dir=<installation_directory> <1>
+----
+<1> For `<installation_directory>`, specify the name of the directory that contains the `install-config.yaml` file for your cluster.
+
+. Create a file that is named `cluster-network-03-config.yml` in the `<installation_directory>/manifests/` directory:
++
+[source,terminal]
+----
+$ touch <installation_directory>/manifests/cluster-network-03-config.yml <1>
+----
+<1> For `<installation_directory>`, specify the directory name that contains the `manifests/` directory for your cluster.
++
+After creating the file, several network configuration files are in the `manifests/` directory, as shown:
++
+[source,terminal]
+----
+$ ls <installation_directory>/manifests/cluster-network-*
+----
++
+.Example output
+[source,terminal]
+----
+cluster-network-01-crd.yml
+cluster-network-02-config.yml
+cluster-network-03-config.yml
+----
+
+. Open the `cluster-network-03-config.yml` file and configure OVN-Kubernetes with hybrid networking. For example:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  creationTimestamp: null
+  name: cluster
+spec: <1>
+  clusterNetwork: <2>
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  externalIP:
+    policy: {}
+  serviceNetwork:
+  - 172.30.0.0/16
+  defaultNetwork:
+    type: OVNKubernetes <3>
+    ovnKubernetesConfig:
+      hybridOverlayConfig:
+        hybridClusterNetwork: <4>
+        - cidr: 10.132.0.0/14
+          hostPrefix: 23
+status: {}
+----
+<1> The parameters for the `spec` parameter are only an example. Specify your configuration for the Cluster Network Operator in the custom resource.
+<2> Specify the CIDR configuration used when adding nodes.
+<3> Specify `OVNKubernetes` as the Container Network Interface (CNI) cluster network provider.
+<4> Specify the CIDR configuration used for nodes on the additional overlay network. The `hybridClusterNetwork` CIDR cannot overlap with the `clusterNetwork` CIDR.
+
+. Optional: Back up the `<installation_directory>/manifests/cluster-network-03-config.yml` file. The installation program deletes the `manifests/` directory when creating the cluster.
diff --git a/modules/configuring-secret-for-wmco.adoc b/modules/configuring-secret-for-wmco.adoc
@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * windows_containers/enabling-windows-container-workloads.adoc
+
+[id="configuring-secret-for-wmco_{context}"]
+= Configuring a secret for the Windows Machine Config Operator
+
+To run the Windows Machine Config Operator (WMCO), you must create a secret in the WMCO namespace containing a private key. This is required to allow the WMCO to communicate with the Windows virtual machine (VM).
+
+.Prerequisites
+
+* You installed the Windows Machine Config Operator (WMCO) using Operator Lifecycle Manager (OLM).
+* You created a PEM-encoded file containing an RSA key.
+
+.Procedure
+
+* Define the secret required to access the Windows VMs:
++
+[source,terminal]
+----
+$ oc create secret generic cloud-private-key --from-file=private-key.pem=${HOME}/.ssh/<key> \
+    -n openshift-windows-machine-config-operator <1>
+----
+
+<1> You must create the private key in the WMCO namespace, like `openshift-windows-machine-config-operator`.
+
+It is recommended to use a different private key than the one used when installing the cluster.