Quickstart

20 MINUTE READ

Big picture

Install Calico for Windows on your Kubernetes cluster in approximately 5 minutes.

Concepts

Calico for Windows is a hybrid implementation that requires a Linux cluster for Calico components and Linux workloads, and Windows nodes for Windows workloads.

Before you begin

Review the Linux requirements and the Calico for Windows requirements.

Before beginning the quickstart, setup a Calico cluster on Linux nodes and provision Windows machines.

How to

Configure strict affinity for clusters using Calico networking

For Linux control nodes using Calico networking, strict affinity must be set to true. This is required to prevent Linux nodes from borrowing IP addresses from Windows nodes:

calicoctl ipam configure --strictaffinity=true

Install Calico for Windows manually

The following steps install a Kubernetes cluster on a single Windows node, with a Linux control node.

  • Kubernetes VXLAN

    The geeky details of what you get by default:

Policy
Calico
IPAM
Calico
CNI
Calico
Overlay
VXLAN
Routing
Calico
Datastore
Kubernetes
?

  • Kubernetes BGP

    The geeky details of what you get by default:

Policy
Calico
IPAM
Calico
CNI
Calico
Overlay
No
Routing
BGP
Datastore
Kubernetes
?

  • EKS

    The geeky details of what you get by default:

Policy
Calico
IPAM
AWS
CNI
AWS
Overlay
No
Routing
VPC Native
Datastore
Kubernetes
?

  • AKS

    The geeky details of what you get by default:

Policy
Calico
IPAM
Azure
CNI
Azure
Overlay
No
Routing
VPC Native
Datastore
Kubernetes
?

  1. Ensure that BGP is disabled since you’re using VXLAN. If you installed Calico using operator, you can do this by:

    kubectl patch installation default --type=merge -p '{"spec": {"calicoNetwork": {"bgp": "Disabled"}}}'

    If you installed Calico using the manifest from https://projectcalico.docs.tigera.io/manifests/calico-vxlan.yaml then BGP is already disabled.

  2. Prepare the directory for Kubernetes files on Windows node.

    mkdir c:\k

  3. Copy the Kubernetes kubeconfig file from the master node (default, Location $HOME/.kube/config), to c:\k\config.

  4. Download the PowerShell script, install-calico-windows.ps1.

    Invoke-WebRequest https://deploy-preview-5864--calico-master.netlify.app/scripts/install-calico-windows.ps1 -OutFile c:\install-calico-windows.ps1

  5. Install Calico for Windows for your datastore with using the default parameters or [customize installation parameters]. (#configure-installation-parameters). The PowerShell script downloads Calico for Windows release binary, Kubernetes binaries, Windows utilities files, configures Calico for Windows, and starts the Calico service.

    Kubernetes datastore (default)

    c:\install-calico-windows.ps1 -KubeVersion <your Kubernetes version (e.g. 1.18.6)> `
                              -ServiceCidr <your service cidr (default 10.96.0.0/12)> `
                              -DNSServerIPs <your DNS service IP (default 10.96.0.10)>

    etcd datastore

    c:\install-calico-windows.ps1 -KubeVersion <your Kubernetes version (e.g. 1.18.6)> `
                              -Datastore etcdv3 `
                              -EtcdEndpoints <your etcd endpoint ip> `
                              -EtcdTlsSecretName <your etcd TLS secret name in calico-system namespace> (default no etcd TLS secret is used) `
                              -EtcdKey <path to key file> (default not using TLS) `
                              -EtcdCert <path to cert file> (default not using TLS) `
                              -EtcdCaCert <path to ca cert file> (default not using TLS) `
                              -ServiceCidr <your service cidr (default 10.96.0.0/12)> `
                              -DNSServerIPs <your DNS server IPs (default 10.96.0.10)>

    Note: You do not need to pass a parameter if the default value of the parameter is correct for your cluster.

    Note: If your Windows nodes have multiple network adapters, you can configure the one used for VXLAN by editing VXLAN_ADAPTER in C:\CalicoWindows\config.ps1, then restarting Calico for Windows.

  6. Verify that the Calico services are running.

    Get-Service -Name CalicoNode
Get-Service -Name CalicoFelix

  7. Install and start kubelet/kube-proxy service. Execute following PowerShell script/commands.

    C:\CalicoWindows\kubernetes\install-kube-services.ps1
Start-Service -Name kubelet
Start-Service -Name kube-proxy

  8. Verify kubelet/kube-proxy services are running.

    Get-Service -Name kubelet
Get-Service -Name kube-proxy

  1. Enable BGP service on Windows node (instead of VXLAN). Install the RemoteAccess service using the following Powershell commands:

    Install-WindowsFeature RemoteAccess
Install-WindowsFeature RSAT-RemoteAccess-PowerShell
Install-WindowsFeature Routing

    Then restart the computer:

    Restart-Computer -Force

    before running:

    Install-RemoteAccess -VpnType RoutingOnly

    Sometimes the remote access service fails to start automatically after install. To make sure it is running, execute the following command:

    Start-Service RemoteAccess

  2. Prepare the directory for Kubernetes files on Windows node.

    mkdir c:\k

  3. Copy the Kubernetes kubeconfig file from the master node (default, Location $HOME/.kube/config), to c:\k\config.

  4. Download the PowerShell script, install-calico-windows.ps1.

    Invoke-WebRequest https://deploy-preview-5864--calico-master.netlify.app/scripts/install-calico-windows.ps1 -OutFile c:\install-calico-windows.ps1

  5. Install Calico for Windows for your datastore with using the default parameters or [customize installation parameters]. (#configure-installation-parameters). The PowerShell script downloads Calico for Windows release binary, Kubernetes binaries, Windows utilities files, configures Calico for Windows, and starts the Calico service.

    You do not need to pass a parameter if the default value of the parameter is correct for your cluster.

    Kubernetes datastore (default)

    c:\install-calico-windows.ps1 -KubeVersion <your Kubernetes version (e.g. 1.18.6)> `
                              -ServiceCidr <your service cidr (default 10.96.0.0/12)> `
                              -DNSServerIPs <your DNS service IP (default 10.96.0.10)>

    etcd datastore

    c:\install-calico-windows.ps1 -KubeVersion <your Kubernetes version (e.g. 1.18.6)> `
                              -Datastore etcdv3 `
                              -EtcdEndpoints <your etcd endpoint ip> `
                              -EtcdTlsSecretName <your etcd TLS secret name in calico-system namespace> (default no etcd TLS secret is used) `
                              -EtcdKey <path to key file> (default not using TLS) `
                              -EtcdCert <path to cert file> (default not using TLS) `
                              -EtcdCaCert <path to ca cert file> (default not using TLS) `
                              -ServiceCidr <your service cidr (default 10.96.0.0/12)> `
                              -DNSServerIPs <your DNS server IPs (default 10.96.0.10)>

    Note: You do not need to pass a parameter if the default value of the parameter is correct for your cluster.

  6. Verify that the Calico services are running.

    Get-Service -Name CalicoNode
Get-Service -Name CalicoFelix

  7. Install and start kubelet/kube-proxy service. Execute following PowerShell script/commands.

    C:\CalicoWindows\kubernetes\install-kube-services.ps1
Start-Service -Name kubelet
Start-Service -Name kube-proxy

  8. Verify kubelet/kube-proxy services are running.

    Get-Service -Name kubelet
Get-Service -Name kube-proxy
  1. Ensure that a Windows instance role has permissions to get namespaces and to get secrets in the calico-system namespace (or kube-system namespace if you are using a non operator-managed Calico installation.) One way to do this is by running the following comands to install the required permissions temporarily. Before running the commands, replace <eks_node_name> with the Kubernetes node name of the EKS Windows node, for example ip-192-168-42-34.us-west-2.compute.internal.

    Note: If you are using a non operator-managed Calico installation, replace the namespace calico-system with kube-system in the commands below.

    kubectl create clusterrole calico-install-ns --verb=get --resource=namespace
kubectl create clusterrolebinding calico-install-ns --clusterrole=calico-install-ns --user=system:node:<eks_node_name>
kubectl create role calico-install-token --verb=get,list --resource=secrets --namespace calico-system
kubectl create rolebinding calico-install-token --role=calico-install-token --user=system:node:<eks_node_name> --namespace calico-system

  2. Prepare the directory for Kubernetes files on the Windows node.

    mkdir c:\k

  3. Install kubectl and move the kubectl binary to c:\k.

  4. Download the PowerShell script, install-calico-windows.ps1.

    Invoke-WebRequest https://deploy-preview-5864--calico-master.netlify.app/scripts/install-calico-windows.ps1 -OutFile c:\install-calico-windows.ps1

  5. Install Calico for Windows for your datastore with using the default parameters or [customize installation parameters]. (#configure-installation-parameters). The PowerShell script downloads Calico for Windows release binary, Kubernetes binaries, Windows utilities files, configures Calico for Windows, and starts the Calico service.

    You do not need to pass a parameter if the default value of the parameter is correct for your cluster.

    Kubernetes datastore (default)

    c:\install-calico-windows.ps1 -ServiceCidr <your service cidr (default 10.96.0.0/12)> `
                              -DNSServerIPs <your DNS service IP (default 10.96.0.10)>

    etcd datastore

    c:\install-calico-windows.ps1 -Datastore etcdv3 `
                              -EtcdEndpoints <your etcd endpoint ip> `
                              -ServiceCidr <your service cidr (default 10.96.0.0/12)> `
                              -DNSServerIPs <your DNS server IPs (default 10.96.0.10)>

    Note: You do not need to pass a parameter if the default value of the parameter is correct for your cluster.

  6. Verify that the Calico services are running.

    Get-Service -Name CalicoNode
Get-Service -Name CalicoFelix

  7. Verify kubelet and kube-proxy services are running.

    Get-Service -Name kubelet
Get-Service -Name kube-proxy
  8. If you installed temporary RBAC in the first step, remove the permissions by running the following commands.

    Note: If you are using a non operator-managed Calico installation, replace the namespace calico-system with kube-system in the commands below.

    kubectl delete clusterrolebinding calico-install-ns
kubectl delete clusterrole calico-install-ns
kubectl delete rolebinding calico-install-token --namespace calico-system
kubectl delete role calico-install-token --namespace calico-system

  1. Register the EnableAKSWindowsCalico feature flag with the following Azure CLI commad.

    az feature register --namespace "Microsoft.ContainerService" --name "EnableAKSWindowsCalico"

  2. Wait until the EnableAKSWindowsCalico feature flag is registered successfully. Execute following CLI command to get current status of the feature.

    az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/EnableAKSWindowsCalico')].{Name:name,State:properties.state}"

    Move to next step if the output from above command matches the following output.

    Name                                               State
-------------------------------------------------  ----------
Microsoft.ContainerService/EnableAKSWindowsCalico  Registered

  3. Refresh the registration of the Microsoft.ContainerService resource provider. Execute the following command.

    az provider register --namespace Microsoft.ContainerService

  4. Create the AKS cluster with these settings: network-plugin to azure, and network-policy to calico. For example,

    az group create -n $your-resource-group -l $your-region
az aks create \
 --resource-group $your-resource-group \
 --name $your-cluster-name \
 --node-count 1 \
 --enable-addons monitoring \
 --windows-admin-username azureuser \
 --windows-admin-password $your-windows-password \
 --kubernetes-version 1.20.2 \
 --vm-set-type VirtualMachineScaleSets \
 --service-principal $your-service-principal \
 --client-secret $your-client-secret \
 --load-balancer-sku standard \
 --node-vm-size Standard_D2s_v3 \
 --network-plugin azure \
 --network-policy calico

  5. Add a Windows node pool. For example,

    az aks nodepool add \
 --resource-group $your-resource-group \
 --cluster-name $your-cluster-name \
 --os-type Windows \
 --name $your-windows-node-pool-name \
 --node-count 1 \
 --kubernetes-version 1.20.2 \
 --node-vm-size Standard_D2s_v3

Congratulations! You now have a Kubernetes cluster with Calico for Windows and a Linux control node.

Install Calico for Windows using HostProcess containers

With Kubernetes v1.22, a new Windows container type called “HostProcess containers” can run directly on the host with access to the host network namespace, storage and devices. With this feature, Calico for Windows can now be installed and managed using Kubernetes resources such as Daemonsets and ConfigMaps, instead of needing to configure and install Calico for Windows manually on each node. Using this installation method, the Calico for Windows services are no longer registered on the host. Instead, the services are run directly within HostProcess containers.

Note: This installation method is a tech preview and should not be used for production clusters. Upgrades from a tech preview version of this installation method to the GA version might not be seamless.

Requirements

In addition to the Calico for Windows requirements, this installation method has additional requirements:

  • Kubernetes v1.22+
  • HostProcess containers support enabled: for v1.22, HostProcess containers support has to be enabled. For Kubernetes v1.23+, HostProcess containers are enabled by default.
  • ContainerD 1.6.0+
  • The Windows nodes have joined the cluster

To install ContainerD on the Windows node and configure the ContainerD service:

Invoke-WebRequest https://deploy-preview-5864--calico-master.netlify.app/scripts/Install-Containerd.ps1 -OutFile c:\Install-Containerd.ps1
c:\Install-Containerd.ps1 -ContainerDVersion 1.6.2 -CNIConfigPath "c:/etc/cni/net.d" -CNIBinPath "c:/opt/cni/bin"

If you have an existing Calico for Windows installation using the manual method, your Windows nodes may have already joined the cluster.

To join a Windows node to a cluster provisioned with kubeadm:

  • Install kubeadm and kubelet binaries and install the kubelet service 
    Invoke-WebRequest https://deploy-preview-5864--calico-master.netlify.app/scripts/PrepareNode.ps1 -OutFile c:\PrepareNode.ps1
c:\PrepareNode.ps1 -KubernetesVersion v1.23.4 -ContainerRuntime ContainerD
  • Run kubeadm on a control plane host and copy the join command 
    kubeadm token create --print-join-command
  • Edit the join command by appending --cri-socket "npipe:////./pipe/containerd-containerd" and update the kubeadm.exe path to c:\k\kubeadm.exe. An example join command: 
    c:\k\kubeadm.exe join 172.16.101.139:6443 --token v8w2jt.jmc45acn85dbll1e --discovery-token-ca-cert-hash sha256:d0b7040a704d8deb805ba1f29f56bbc7cea8af6aafa78137a9338a62831739b4 --cri-socket "npipe:////./pipe/containerd-containerd"
  • Run the join command on the Windows node. Shortly after it completes successfully, the Windows node will appear in kubectl get nodes. The new node’s status will be NotReady since Calico CNI has not yet been installed.
Migrating from Calico for Windows installed manually

If your Windows nodes already have Calico for Windows installed using the manual installation method, you can continue this quickstart guide to migrate to a manifest-based installation. This installation process will uninstall any existing Calico for Windows services and overwrite the Calico for Windows installation files with those included in the calico/windows image. If kubelet and kube-proxy were installed using C:\CalicoWindows\kubernetes\install-kube-services.ps1, those services will updated in-place and remain installed. If those services were running they are restarted so the services run with the updated service files.

Note: Before proceeding, take note of the configuration parameters in C:\CalicoWindows\config.ps1. These configuration parameters will be needed during the install.

Install

  1. Ensure that BGP is disabled since you’re using VXLAN. If you installed Calico using operator, you can do this by:

    kubectl patch installation default --type=merge -p '{"spec": {"calicoNetwork": {"bgp": "Disabled"}}}'

    If you installed Calico using the manifest from https://projectcalico.docs.tigera.io/manifests/calico-vxlan.yaml then BGP is already disabled.

  2. Download the Calico for Windows installation manifest.

    curl https://deploy-preview-5864--calico-master.netlify.app/manifests/calico-windows-vxlan.yaml -o calico-windows.yaml

  3. Get the cluster’s Kubernetes API server host and port, which will be used to update the Calico for Windows config map. The API server host and port is required so that the Calico for Windows installation script can create a kubeconfig file for Calico services. If your Windows nodes already have Calico for Windows installed manually, skip this step. The installation script will use the API server host and port from your node’s existing kubeconfig file if the KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT variables are not provided in the calico-windows-config configmap.

    First, make a note of the address of the API server:

    • If you have a single API server with a static IP address, you can use its IP address and port. The IP can be found by running:

      kubectl get endpoints kubernetes -o wide

      The output should look like the following, with a single IP address and port under “ENDPOINTS”:

      NAME         ENDPOINTS             AGE
kubernetes   172.16.101.157:6443   40m

      If there are multiple entries under “ENDPOINTS” then your cluster must have more than one API server. In that case, you should try to determine the load balancing approach used by your cluster and use the appropriate option below.

    • If using DNS load balancing (as used by kops), use the FQDN and port of the API server api.internal.<clustername>.
    • If you have multiple API servers with a load balancer in front, you should use the IP and port of the load balancer.

    Tip: If your cluster uses a ConfigMap to configure kube-proxy you can find the “right” way to reach the API server by examining the config map. For example:

    $ kubectl get configmap -n kube-system kube-proxy -o yaml | grep server`
    server: https://d881b853ae312e00302a84f1e346a77.gr7.us-west-2.eks.amazonaws.com

    In this case, the server is d881b853aea312e00302a84f1e346a77.gr7.us-west-2.eks.amazonaws.com and the port is 443 (the standard HTTPS port).

  4. Edit the calico-windows-config configmap in the downloaded manifest and ensure the required variables are correct for your cluster:
    • CALICO_NETWORKING_BACKEND: This should be set to vxlan.
    • KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT: The Kubernetes API server host and port (discovered in the previous step) used to create a kubeconfig file for Calico services. If your node already has an existing kubeconfig file, leave these variables blank.
    • K8S_SERVICE_CIDR: The Kubernetes service clusterIP range configured in your cluster. This must match the service-cluster-ip-range used by kube-apiserver.
    • CNI_BIN_DIR: Path where Calico CNI binaries will be installed. This must match the CNI bin value in the ContainerD service configuration. If you used the provided Install-Containerd.ps1 script, you should use the CNI bin path value you provided to that script.
    • CNI_CONF_DIR: Path where Calico CNI configuration will be installed. This must match the CNI conf value in the ContainerD service configuration. If you used the provided Install-Containerd.ps1 script, you should use the CNI conf path value you provided to that script.
    • DNS_NAME_SERVERS: The DNS nameservers that will be used in the CNI configuration.
    • FELIX_HEALTHENABLED: The Felix health check server must be enabled.

  5. Apply the Calico for Windows installation manifest.

    kubectl create -f calico-windows.yaml

  6. Monitor the installation.

    kubectl logs -f -n calico-system -l k8s-app=calico-node-windows -c install

    Once the log Calico for Windows installed appears, installation is complete. Next, the Calico for Windows services are started in separate containers:

    kubectl logs -f -n calico-system -l k8s-app=calico-node-windows -c node
kubectl logs -f -n calico-system -l k8s-app=calico-node-windows -c felix

  7. Install kube-proxy

    Depending on your platform, you may already have kube-proxy running on your Windows nodes. If kube-proxy is already running on your Windows nodes, skip this step. If kube-proxy is not running, you must install and run kube-proxy on each of the Windows nodes in your cluster. Note: the provided manifest depends on the kubeconfig provided by the kube-proxy configmap in the kube-system namespace.

    • Download the kube-proxy manifest: 
      curl https://deploy-preview-5864--calico-master.netlify.app/manifests/windows-kube-proxy.yaml -o windows-kube-proxy.yaml
    • Edit the downloaded manifest
      • Replace VERSION with your Windows nodes’ server version. E.g. 1809.
      • Update the K8S_VERSION env variable value with your Kubernetes cluster version.
    • Apply the manifest 
      kubectl apply -f windows-kube-proxy.yaml
    • Verify the kube-proxy-windows daemonset is running 
      kubectl describe ds -n kube-system kube-proxy-windows

  1. Enable BGP service on the Windows nodes (instead of VXLAN). Install the RemoteAccess service using the following Powershell commands:

    Install-WindowsFeature RemoteAccess
Install-WindowsFeature RSAT-RemoteAccess-PowerShell
Install-WindowsFeature Routing

    Then restart the computer:

    Restart-Computer -Force

    before running:

    Install-RemoteAccess -VpnType RoutingOnly

    Sometimes the remote access service fails to start automatically after install. To make sure it is running, execute the following command:

    Start-Service RemoteAccess

  2. Download the Calico for Windows installation manifest.

    curl https://deploy-preview-5864--calico-master.netlify.app/manifests/calico-windows-bgp.yaml -o calico-windows.yaml

  3. Get the cluster’s Kubernetes API server host and port, which will be used to update the Calico for Windows config map. The API server host and port is required so that the Calico for Windows installation script can create a kubeconfig file for Calico services. If your Windows nodes already have Calico for Windows installed manually, skip this step. The installation script will use the API server host and port from your node’s existing kubeconfig file if the KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT variables are not provided in the calico-windows-config configmap.

    First, make a note of the address of the API server:

    • If you have a single API server with a static IP address, you can use its IP address and port. The IP can be found by running:

      kubectl get endpoints kubernetes -o wide

      The output should look like the following, with a single IP address and port under “ENDPOINTS”:

      NAME         ENDPOINTS             AGE
kubernetes   172.16.101.157:6443   40m

      If there are multiple entries under “ENDPOINTS” then your cluster must have more than one API server. In that case, you should try to determine the load balancing approach used by your cluster and use the appropriate option below.

    • If using DNS load balancing (as used by kops), use the FQDN and port of the API server api.internal.<clustername>.
    • If you have multiple API servers with a load balancer in front, you should use the IP and port of the load balancer.

    Tip: If your cluster uses a ConfigMap to configure kube-proxy you can find the “right” way to reach the API server by examining the config map. For example:

    $ kubectl get configmap -n kube-system kube-proxy -o yaml | grep server`
    server: https://d881b853ae312e00302a84f1e346a77.gr7.us-west-2.eks.amazonaws.com

    In this case, the server is d881b853aea312e00302a84f1e346a77.gr7.us-west-2.eks.amazonaws.com and the port is 443 (the standard HTTPS port).

  4. Edit the calico-windows-config configmap in the downloaded manifest and ensure the required variables are correct for your cluster:
    • CALICO_NETWORKING_BACKEND: This should be set to windows-bgp.
    • KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT: The Kubernetes API server host and port (discovered in the previous step) used to create a kubeconfig file for Calico services. If your node already has an existing kubeconfig file, leave these variables blank.
    • K8S_SERVICE_CIDR: The Kubernetes service clusterIP range configured in your cluster. This must match the service-cluster-ip-range used by kube-apiserver.
    • CNI_BIN_DIR: Path where Calico CNI binaries will be installed. This must match the CNI bin value in the ContainerD service configuration. If you used the provided Install-Containerd.ps1 script, you should use the CNI bin path value you provided to that script.
    • CNI_CONF_DIR: Path where Calico CNI configuration will be installed. This must match the CNI conf value in the ContainerD service configuration. If you used the provided Install-Containerd.ps1 script, you should use the CNI conf path value you provided to that script.
    • DNS_NAME_SERVERS: The DNS nameservers that will be used in the CNI configuration.
    • FELIX_HEALTHENABLED: The Felix health check server must be enabled.

  5. Apply the Calico for Windows installation manifest.

    kubectl create -f calico-windows.yaml

  6. Monitor the installation.

    kubectl logs -f -n calico-system -l k8s-app=calico-node-windows -c install

    Once the log Calico for Windows installed appears, installation is complete. Next, the Calico for Windows services are started in separate containers:

    kubectl logs -f -n calico-system -l k8s-app=calico-node-windows -c node
kubectl logs -f -n calico-system -l k8s-app=calico-node-windows -c felix
kubectl logs -f -n calico-system -l k8s-app=calico-node-windows -c confd

  7. Install kube-proxy

    Depending on your platform, you may already have kube-proxy running on your Windows nodes. If kube-proxy is already running on your Windows nodes, skip this step. If kube-proxy is not running, you must install and run kube-proxy on each of the Windows nodes in your cluster. Note: the provided manifest depends on the kubeconfig provided by the kube-proxy configmap in the kube-system namespace.

    • Download the kube-proxy manifest: 
      curl https://deploy-preview-5864--calico-master.netlify.app/manifests/windows-kube-proxy.yaml -o windows-kube-proxy.yaml
    • Edit the downloaded manifest
      • Replace VERSION with your Windows nodes’ server version. E.g. 1809.
      • Update the K8S_VERSION env variable value with your Kubernetes cluster version.
    • Apply the manifest 
      kubectl apply -f windows-kube-proxy.yaml
    • Verify the kube-proxy-windows daemonset is running 
      kubectl describe ds -n kube-system kube-proxy-windows

Congratulations! You now have a Kubernetes cluster with Calico for Windows and a Linux control node.

Configure installation parameters

Parameter Name Description Default
KubeVersion Version of Kubernetes binaries to use. If the value is an empty string (default), the Calico for Windows installation script does not download Kubernetes binaries and run Kubernetes service. Use the default for managed public cloud. ””
DownloadOnly Download without installing Calico for Windows. Set to yes to manually install and configure Calico for Windows. For example, Calico for Windows the hard way. no
Datastore Calico for Windows datastore type [kubernetes or etcdv3] for reading endpoints and policy information. kubernetes
EtcdEndpoints Comma-delimited list of etcd connection endpoints. Example: http://127.0.0.1:2379,http://127.0.0.2:2379. Valid only if Datastore is set to etcdv3. ””
EtcdTlsSecretName Name of a secret in calico-system namespace which contains etcd-key, etcd-cert, etcd-ca for automatically configuring TLS. Either use this or parameters EtcdKey, EtcdCert, EtcdCaCert below. Note: If you are not using operator-based installation, use namespace kube-system. ””
EtcdKey Path to key file for etcd TLS connection. ””
EtcdCert Path to certificate file for etcd TLS connection. ””
EtcdCaCert Path to CA certificate file for etcd TLS connection. ””
ServiceCidr Service IP range of the Kubernetes cluster. Not required for most managed Kubernetes clusters. Note: EKS has non-default value. 10.96.0.0/12
DNSServerIPs Comma-delimited list of DNS service IPs used by Windows pod. Not required for most managed Kubernetes clusters. Note: EKS has a non-default value. 10.96.0.10
CalicoBackend Calico backend network type (vxlan or bgp). If the value is an empty string (default), backend network type is auto detected. ””

Next steps

You can now use the Calico Linux-based docs site for your documentation. Before you continue, review the Limitations and known issues to understand the features (and sections of documentation) that do not apply to Windows.