Windows 容器未在 GKE 集群上调度

Question

I am trying to schedule windows container on GKE node. I have added a separate windows node pool with image type Windows long term servicing channel with containerd (windows_ltsc_containerd) . When I try to deploy the windows container on this node pool, I am getting this error. Can someone please guide me what I am missing here. Any assistance would be appreciated.

Error Message:

`message: >-
        admission webhook "windows.common-webhooks.networking.gke.io" denied the
        request: [spec.volumes[3].volumeSource.emptyDir.medium: Unsupported
        value: "Memory": supported values: "\"\" (empty string indicates disk
        for Windows)", spec.initContainers[0].securityContext: Invalid value:
        v1.SecurityContext{Capabilities:(*v1.Capabilities)(0xc00096ad80),
        Privileged:(*bool)(0xc000bdfc13),
        SELinuxOptions:(*v1.SELinuxOptions)(nil),
        WindowsOptions:(*v1.WindowsSecurityContextOptions)(nil),
        RunAsUser:(*int64)(0xc000bdfc18), RunAsGroup:(*int64)(0xc000bdfc20),
        RunAsNonRoot:(*bool)(0xc000bdfc28),
        ReadOnlyRootFilesystem:(*bool)(0xc000bdfc29),
        AllowPrivilegeEscalation:(*bool)(0xc000bdfc2a),
        ProcMount:(*v1.ProcMountType)(nil),
        SeccompProfile:(*v1.SeccompProfile)(nil)}: Windows does not support this
        field. Note that defaults may be allowed for compatibility.,
        spec.containers[1].securityContext: Invalid value:
        v1.SecurityContext{Capabilities:(*v1.Capabilities)(0xc00096ae10),
        Privileged:(*bool)(0xc000bdfe7f),
        SELinuxOptions:(*v1.SELinuxOptions)(nil),
        WindowsOptions:(*v1.WindowsSecurityContextOptions)(nil),
        RunAsUser:(*int64)(0xc000bdfe90), RunAsGroup:(*int64)(0xc000bdfea0),
        RunAsNonRoot:(*bool)(0xc000bdfeac),
        ReadOnlyRootFilesystem:(*bool)(0xc000bdfead),
        AllowPrivilegeEscalation:(*bool)(0xc000bdfeae),
        ProcMount:(*v1.ProcMountType)(nil),
        SeccompProfile:(*v1.SeccompProfile)(nil)}: Windows does not support this
        field. Note that defaults may be allowed for compatibility.]`

Dockerfile:

`FROM mcr.microsoft.com/dotnet/framework/sdk:4.8 AS build
# set the working directory inside compilation container to c:\app
WORKDIR /app
 
# copy everything from solution dir into the c:\app
COPY . .
# restore nuget packages
RUN nuget restore -PackagesDirectory "Mycompany.InvoiceCloud.Web/"

RUN msbuild "Mycompany.InvoiceCloud.Web/Mycompany.InvoiceCloud.Web.csproj" /v:diag
 
# start with new base image for running asp.net apps (which contains IIS)
FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8 AS runtime

WORKDIR /inetpub/wwwroot

COPY --from=build /app/Mycompany.InvoiceCloud.Web/bin .`

Deployment File:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: dev-invoicecloud-web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: dev-invoicecloud-web
  template:
    metadata:
      labels:
        app: dev-invoicecloud-web
    spec:
      nodeSelector:
        kubernetes.io/os: windows
      containers:
        - name: dev-invoicecloud-web
          image: gcr.io/invoicecloudweb:latest
          ports:
            - containerPort: 80

Windows containers are not being scheduled on GKE Cluster

Answer 1

Is there something else being deployed with this? Where does the error message comes from? It seems there's something wrong with the volume mount for Windows, but I'm not sure where that is coming from as it is on your spec.