Create a Windows node pool in ACK to run Windows-based workloads alongside Linux nodes in the same cluster. Windows node pools support independent kubelet, container runtime, and OS image upgrades at the pool level.
Prerequisites
Before you begin, ensure that you have:
-
An ACK managed cluster. Windows node pools are supported only in ACK managed clusters and must be created after cluster creation — not during it.
-
Cluster version 1.20.4 or later. To upgrade, see Manually upgrade a cluster.
-
Flannel as the cluster network type, with kube-flannel-ds-windows v0.15.2-aliyun or later.
-
containerd 1.6 or later as the container runtime. To upgrade, see Upgrade a node pool.
Limitations
| Category | Limitation |
|---|---|
| Node pool type | Only non-managed node pools can be Windows node pools. The default node pool (default-nodepool) cannot be converted to a Windows node pool. |
| Instance type | At least 4 vCPUs and 8 GB of memory. Elastic GPU Service instance types are not supported. Not all instance types support Windows — ecs.g6.xlarge is a known-compatible example. |
| Operating system | Windows Server 2019, Windows Server 2022, and Windows Server Core, Version 2022. For Windows Server Core, Version 2004, select the latest image ID from the ECS 2023 public image release records. |
| Cluster node limit | 100 nodes per cluster by default. To raise the limit, submit a ticket in Quota Center. |
| Existing ECS instances | ECS instances must have elastic IP addresses (EIPs) or be in a virtual private cloud (VPC) with a NAT Gateway configured, so nodes can reach the internet. For details, see Add existing nodes. |
Resource reservation
Since May 2021, Windows nodes in ACK clusters version 1.16 or later automatically reserve the following resources at startup:
-
1.5 vCPUs
-
2.5 GB of RAM
-
3 GB of disk space
This reservation keeps the Windows OS, kubelet, and container runtime stable. Windows containers are not subject to out-of-memory (OOM) kill when memory usage exceeds the configured limit — but a memory leak in a container application can still cause the node to crash. For more information, see Node resource reservation policy and Memory requirements for Windows containers.
Create a Windows node pool
Console
-
Log on to the ACK console. In the left navigation pane, click Clusters.
-
On the Clusters page, click the name of the target cluster, then choose Nodes > Node Pools in the left navigation pane.
-
On the Node Pools page, click Create Node Pool and configure the following parameters. For a full parameter reference, see Create and manage node pools.
Parameter Setting Configure Managed Node Pool Select Disable Container Runtime Select containerd Instance Type Select an instance type with at least 4 vCPUs and 8 GB of memory — for example, ecs.g6.xlarge. Do not select Elastic GPU Service instance types. For a full list, see Instance families.Expected Number of Nodes The number of nodes the pool maintains. The pool scales in or out automatically to match this value. Operating System Select a Windows Server image ECS Tags (Optional) Tags to apply to the underlying ECS instances Node Labels (Optional) Kubernetes labels to apply to the nodes -
Complete the remaining steps and submit.
The node pool is ready when its Status changes to Active on the Node Pools page.
API
Use the CreateClusterNodePool operation to create a Windows node pool programmatically. The example below shows the key parameters.
{
"ClusterId": "ca8ed83XXXXXXXXXXXX5ec197",
"body": {
"nodepool_info": {
"name": "nodepool-fXXXXXx",
"resource_group_id": "rg-acfmXXXXXXXXsjpq"
},
"scaling_group": {
"vswitch_ids": [
"vsw-bp1XXXXXXXXXXXXX1xm84",
"vsw-bp1XXXXXXXXXXXX2v6x0a",
"vsw-bp1XXXXXXXXXXXXXjkxbo"
],
"data_disks": [
{
"category": "cloud_essd",
"size": 120,
"encrypted": "false",
"performance_level": "PL0"
}
],
"vpc_id": "vpc-bpXXXXXXXXXXXXXXXmgb6",
"instance_charge_type": "PostPaid",
"internet_max_bandwidth_out": 1,
"soc_enabled": false,
"security_hardening_os": false,
"instance_types": [
"ecs.g6.xlarge"
],
"instance_patterns": [
{
"Cores": 4,
"Memory": 16,
"burst_performance_option": "Exclude",
"excluded_instance_types": [
"ecs.c6t.*"
],
"instance_type_families": [
"ecs.g6"
]
}
],
"login_password": "XXXXXX",
"login_as_non_root": false,
"system_disk_category": "cloud_essd",
"system_disk_size": 40,
"system_disk_performance_level": "PL0",
"system_disk_encrypted": false,
"multi_az_policy": "BALANCE",
"platform": "WindowsServer2022",
"image_id": "win2022_21H2_x64_dtc_en-us_40G_container_alibase_20240220.vhd",
"image_type": "WindowsServer2022",
"desired_size": 1
},
"kubernetes_config": {
"cms_enabled": true,
"unschedulable": false,
"runtime": "containerd",
"runtime_version": "2.1.1"
},
"auto_scaling": {
"enable": false
},
"tee_config": {
"tee_enable": false
},
"node_config": {
"image_acceleration_config": {
"enable_image_acceleration": false
}
}
}
}Key parameters:
| Parameter | Description |
|---|---|
scaling_group.instance_types |
Instance types for the node pool. Must meet the minimum spec (4 vCPUs, 8 GB memory). |
scaling_group.platform |
The Windows version. Valid values: WindowsServer2019, WindowsServer2022. |
scaling_group.image_type |
Must match platform. |
scaling_group.instance_charge_type |
Billing method. PostPaid (pay-as-you-go) or PrePaid (subscription). Default value: PostPaid. |
kubernetes_config.runtime |
Must be containerd. |
kubernetes_config.runtime_version |
containerd 1.6 or later (for example, 2.1.1). |
kubernetes_config.cms_enabled |
When set to true, installs the CloudMonitor agent on nodes so you can view instance metrics in the CloudMonitor console. |
tee_config.tee_enable |
Enable confidential computing. Set to false for standard Windows node pools. |
soc_enabled |
Enable Multi-Level Protection Scheme (MLPS) 2.0 security hardening. |
Terraform
Use the alicloud_cs_kubernetes_node_pool resource to create a Windows node pool. For an overview, see Terraform overview.
provider "alicloud" {
region = "cn-beijing"
}
resource "alicloud_cs_kubernetes_node_pool" "pool" {
cluster_id = "c1f801474ea46417d8e83cc482******"
data_disks {
category = "cloud_essd"
encrypted = "false"
performance_level = "PL0"
size = 120
}
desired_size = 1
image_id = "win2019_1809_x64_dtc_en-us_40G_container_alibase_20240220.vhd"
image_type = "Windows"
install_cloud_monitor = true
instance_charge_type = "PostPaid"
instance_types = ["ecs.g8i.xlarge"]
internet_max_bandwidth_out = 0
login_as_non_root = false
multi_az_policy = "BALANCE"
node_pool_name = "nodepool-8liYZX"
password = "**********"
platform = "WindowsServer2019"
resource_group_id = "rg-acfmvnjn2*****"
runtime_name = "containerd"
runtime_version = "2.1.5"
scaling_config {
enable = false
is_bond_eip = false
}
security_hardening_os = false
soc_enabled = false
system_disk_category = "cloud_essd"
system_disk_encrypted = false
system_disk_performance_level = "PL0"
system_disk_size = 40
tee_config {
tee_enable = false
}
unschedulable = false
vswitch_ids = [
"vsw-2ze9k65q3wn23wy*****",
"vsw-2zekovpspoxgn44*****",
"vsw-2ze54z91jw267e1*****"
]
}Upgrade a Windows node pool
Upgrading a Windows node pool covers two components:
-
Kubelet: upgrades the kubelet on all nodes to match the control plane version.
-
Container runtime: upgrades containerd to the latest supported version.
Before upgrading, upgrade the control plane to the target version first.
When configuring the upgrade, you must select the option to upgrade by replacing the system disks of the nodes. For the full procedure and related notes, see Upgrade a node pool.
Upgrade the OS image of a Windows node pool
To get the latest features, performance improvements, and bug fixes, upgrade the OS image of the node pool. See Replace the operating system for the procedure.
For the latest available image versions, see Operating systems.
What's next
-
Deploy a Windows application on the node pool: Create a Windows application.
-
Handle unpredictable traffic spikes without provisioning fixed nodes: (Invitational preview) Schedule pods to Windows virtual nodes.