About Calico for Windows
Because the Kubernetes and Calico control components do not run on Windows yet, a hybrid Linux/Windows cluster is required. Calico for Windows standard installation is distributed as a .zip archive.
What’s supported in this release
✓ Install: Manifest install for Kubernetes clusters
✓ Platforms: Kubernetes, EKS
✓ Networking: Calico CNI with VXLAN, or other supported CNI
CNI and networking options
The following table summarizes the networking options and considerations.
|Calico VXLAN||Windows CNI plugin:
Linux: Calico for policy and networking
|Calico’s VXLAN overlay, supports:
- VXLAN overlay, which can traverse most networks.
- Auto-configured node-to-node routing
- Calico IPAM and IP aggregation (with some limitations)
- Both etcd and Kubernetes API datastore drivers
Note: VXLAN runs on UDP port 4789 (this is the only port supported by Windows), remember to open that port between your Calico hosts in any firewalls / security groups.
|Cloud provider||Windows CNI plugin: win-bridge.exe
Linux: Calico policy-only
|A useful fallback, particularly if you have a Kubernetes cloud provider that automatically installs inter-host routes. Calico has been tested with the standard win-bridge.exe CNI plugin so it should work with any networking provider that ultimately uses win-bridge.exe to network the pod (such as the Azure CNI plugin and cloud provider).|
Whether you use etcd or Kubernetes datastore (kdd), the datastore for the Windows node/Kubernetes cluster must be the same as the datastore for the Linux control node. (You cannot mix datastores in a Calico for Windows implementation.)
- Versions 1.18, 1.17, 1.16
Earlier versions may work, but we do not actively test Calico for Windows against them, and they may have known issues and incompatibilities.
- At least one Linux Kubernetes worker node to run Calico’s cluster-wide components that meets Linux system requirements, and is installed with Calico v3.12.0+
- Windows versions:
- Windows Server 1903 (AKA 19H1) build 18317 or greater
- Windows Server 2019 / 1809 (RS5) or greater, with some limitations
- Powershell for the installer
- Windows nodes support only a single IP pool type (so, if using a VXLAN pool, you should only use VXLAN throughout the cluster).
- TLS v1.2 enabled. For example:
PS C:\> [Net.ServicePointManager]::SecurityProtocol = ` [Net.SecurityProtocolType]::Tls12