# Windows worker node in k8s fails to connect to external network
## Environment
1. A k8s cluster deploy on a Linux machine: we use [microk8s+calico](https://microk8s.io/docs) (channel=1.20/stable)
2. [Add Windows as a worker node](https://microk8s.io/docs/add-a-windows-worker-node-to-microk8s)
## Problem
- Windows pod has no ability to connect external network
## Solution
1. Reconfig the CNI config
Edit the cni config (`C:\CalicoWindows\cni.conf.template`)
```
{
"name": "Calico",
"windows_use_single_network": true,
"cniVersion": "0.3.1",
"type": "calico",
"mode": "__MODE__",
"vxlan_mac_prefix": "__MAC_PREFIX__",
"vxlan_vni": __VNI__,
"policy": {
"type": "k8s"
},
"log_level": "info",
"capabilities": {"dns": true},
"DNS": {
"Nameservers": [__DNS_NAME_SERVERS__],
"Search": [
"svc.cluster.local"
]
},
"nodename_file": "__NODENAME_FILE__",
"datastore_type": "__DATASTORE_TYPE__",
"etcd_endpoints": "__ETCD_ENDPOINTS__",
"etcd_key_file": "__ETCD_KEY_FILE__",
"etcd_cert_file": "__ETCD_CERT_FILE__",
"etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
"kubernetes": {
"kubeconfig": "__KUBECONFIG__"
},
"ipam": {
"type": "__IPAM_TYPE__",
"subnet": "usePodCidr"
},
"policies": [
{
"Name": "EndpointPolicy",
"Value": {
"Type": "OutBoundNAT",
"ExceptionList": [
"__K8S_SERVICE_CIDR__",
"10.244.0.0/16",
"10.127.130.0/24"
]
}
},
{
"Name": "EndpointPolicy",
"Value": {
"Type": "__ROUTE_TYPE__",
"DestinationPrefix": "__K8S_SERVICE_CIDR__",
"NeedEncap": true
}
},
{
"Name": "EndpointPolicy",
"Value": {
"Type": "__ROUTE_TYPE__",
"DestinationPrefix": "10.127.130.0/24",
"NeedEncap": true
}
}
]
}
```
3. Re-install Calico to apply new `cni.conf`
1. Drain the node of all pods
2. Delete the Calico HNS network:
```powershell
Import-Module C:\CalicoWindows\libs\hns\hns.psm1
Get-HNSNetwork | ? Name -EQ "Calico" | Remove-HNSNetwork
```
3. uninstall
```powershell
C:\CalicoWindows\uninstall-calico.ps1
```
4. install
```powershell
C:\CalicoWindows\install-calico.ps1
```
## Referece
- https://kubernetes.io/docs/setup/production-environment/windows/intro-windows-in-kubernetes/#troubleshooting
- https://docs.projectcalico.org/getting-started/windows-calico/limitations
Sign in with Wallet
Connect another wallet