AKS Cluster with Windows Containers, Custom Virtual Network (VNet) with CNI

deploy.sh

# get list of nodes
kubectl get nodes

# beta.kubernetes.io/os=windows

# taint
nodes=$(kubectl get no \
  -o jsonpath="{.items[*].metadata.name}" \
  -l=beta.kubernetes.io/os=windows)

# taint windows nodes
for n in $nodes; do
  kubectl taint nodes $n os=win:NoSchedule
done

#Deploy the service and watch for pod updates:
kubectl apply -f sample.yaml
kubectl get pods -o wide -w

sample.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sample
  labels:
    app: sample
spec:
  replicas: 1
  template:
    metadata:
      name: sample
      labels:
        app: sample
    spec:
      nodeSelector:
        "beta.kubernetes.io/os": windows
      tolerations:
      - key: "os"
        operator: "Equal"
        value: "win"
        effect: "NoSchedule"
      containers:
      - name: sample
        image: mcr.microsoft.com/dotnet/framework/samples:aspnetapp
        resources:
          limits:
            cpu: 1
            memory: 800m
          requests:
            cpu: .1
            memory: 300m
        ports:
          - containerPort: 80
  selector:
    matchLabels:
      app: sample
---
apiVersion: v1
kind: Service
metadata:
  name: sample
spec:
  type: LoadBalancer
  ports:
  - protocol: TCP
    port: 80
  selector:
    app: sample

setup.sh

resource_group=win-aks
vnet=sandbox-vnet

# create resource group
az group create --name $resource_group --location eastus

echo "creating AKS vnet with CIDR 10.0.0.0/16"
az network vnet create --name $vnet --resource-group $resource_group \
  --subnet-name default \
  --address-prefixes 10.0.0.0/16

echo "creating AKS subnet"
az network vnet subnet create -g $resource_group --vnet-name $vnet \
    --name aks-subnet \
    --address-prefixes 10.0.1.0/24 

echo "creating edge subnet"
az network vnet subnet create -g $resource_group --vnet-name $vnet \
    --name edge-subnet \
    --address-prefixes 10.0.2.0/24 

# windows server containers setup
echo "Setting up windows server containers setup"

az feature register --name WindowsPreview --namespace Microsoft.ContainerService
az feature register --name MultiAgentpoolPreview --namespace Microsoft.ContainerService
az feature register --name VMSSPreview --namespace Microsoft.ContainerService

# ensure the feature is registered before proceeding

feature_state=""
echo -n "Registering windows preview feature."
while [[ $feature_state != "Registered" ]]; do
    feature_state=$(az feature list -o tsv --query "[?contains(name, 'Microsoft.ContainerService/WindowsPreview')].{State:properties.state}")
    if [[ $feature_state != "Registered" ]]; then
        echo -n '.'
        sleep 5
    fi
done
echo "\nFeature registration done."

echo "Refreshing container services provider."
az provider register --namespace Microsoft.ContainerService


# get existing subnet for AKS cluster
# https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni#deployment-parameters
subnet_id=$(az network vnet subnet list --resource-group $resource_group --vnet-name $vnet --query '[].id' --output tsv | grep aks-subnet)
cluster_name=aks-cluster 
PASSWORD_WIN="P@ssw0rd1234"

echo "creating AKS cluster with CNI into the existing vnet"
az aks create \
    --resource-group $resource_group \
    --name $cluster_name \
    --node-count 1 \
    --kubernetes-version 1.14.0 \
    --enable-addons monitoring \
    --network-plugin azure \
    --enable-vmss \
    --vnet-subnet-id $subnet_id \
    --docker-bridge-address 172.17.0.1/16 \
    --dns-service-ip 10.2.0.10 \
    --service-cidr 10.2.0.0/24 \
    --generate-ssh-keys \
    --windows-admin-password $PASSWORD_WIN \
    --windows-admin-username azureuser \

echo "creating windows server node pool."
az aks nodepool add \
    --resource-group $resource_group \
    --cluster-name  $cluster_name \
    --os-type Windows \
    --name npwin \
    --node-count 1 \
    --kubernetes-version 1.14.0

    # with the network configured and AKS deployed, simulate UDRs that force traffic