Join Windows worker nodes to your cluster

MKE 3.3 supports worker nodes that run on Windows Server 2019. Only worker nodes are supported on Windows, and all manager nodes in the cluster must run on Linux.

Configure the daemon for Windows nodes

To configure the docker daemon and the Windows environment:

  1. Pull the Windows-specific image of ucp-agent, which is named ucp-agent-win.

  2. Run the Windows worker setup script provided with ucp-agent-win.

  3. Join the cluster with the token provided by the MKE web interface or CLI.

Pull the Windows-specific images

On a manager node, run the following command to list the images that are required on Windows nodes.

docker container run --rm
-v /var/run/docker.sock:/var/run/docker.sock \
mirantis/ucp:3.5.0 images \ --list --enable-windows

On a Windows Server node, in a PowerShell terminal running as Administrator, log in to Docker Hub with the docker login command and pull the listed images.

docker image pull mirantis/ucp-agent-win:3.5.0
docker image pull mirantis/ucp-dsinfo-win:3.5.0

If the cluster is deployed in a site that is offline, sideload MKE images onto the Windows Server nodes. For more information, refer to MKE Deployment Guide: Install MKE offline.

Join the Windows node to the cluster

To join the cluster using the docker swarm join command provided by the MKE web interface and CLI:

  1. Log in to the MKE web interface with an administrator account.

  2. Navigate to the Nodes page.

  3. Click Add Node to add a new node.

  4. In the Node Type section, click Windows.

  5. In the Step 2 section, select the check box for “I have followed the instructions and I’m ready to join my Windows node.”

  6. Select the Use a custom listen address option to specify the address and port where new node listens for inbound cluster management traffic.

  7. Select the Use a custom listen address option to specify the IP address that’s advertised to all members of the cluster for API access.

Copy the displayed command. It looks similar to the following:

docker swarm join --token <token> <mke-manager-ip>

You can also use the command line to get the join token. Using your MKE client bundle, run:

docker swarm join-token worker

Run the docker swarm join command on each instance of Windows Server that will be a worker node.

Windows nodes limitations

The following features are not yet supported on Windows Server 2019:

  • Networking

    • Encrypted networks are not supported. If you’ve upgraded from a previous version, you’ll also need to recreate the ucp-hrm network to make it unencrypted.

  • Secrets

    • When using secrets with Windows services, Windows stores temporary secret files on disk. You can use BitLocker on the volume containing the Docker root directory to encrypt the secret data at rest.

    • When creating a service which uses Windows containers, the options to specify UID, GID, and mode are not supported for secrets. Secrets are currently only accessible by administrators and users with system access within the container.

  • Mounts

    • On Windows, Docker can’t listen on a Unix socket. Use TCP or a named pipe instead.