Kubernetes on Windows & Linux

Kubernetes was originally Linux-only, but now supports Windows worker nodes, enabling hybrid clusters.

Why Windows Containers?

Legacy Apps: Lift-and-shift .NET Framework applications.
Unified Management: Manage Windows and Linux apps with the same tool (Kubernetes).
Modernization: Slowly refactor monoliths into microservices.

Architecture: Hybrid Cluster

A Kubernetes cluster can contain both Linux and Windows nodes.

Control Plane: MUST run on Linux.
Worker Nodes: Can be Linux or Windows.

Scheduling Workloads

You must ensure Windows Pods land on Windows Nodes and Linux Pods land on Linux Nodes.

Using `nodeSelector`

# Windows Pod
apiVersion: v1
kind: Pod
metadata:
  name: iis-web
spec:
  containers:
  - name: iis
    image: mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019
  nodeSelector:
    kubernetes.io/os: windows

# Linux Pod
apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:latest
  nodeSelector:
    kubernetes.io/os: linux

Using Taints and Tolerations

To prevent Linux pods from accidentally landing on Windows nodes (and vice-versa).

Taint the Windows Node:

kubectl taint nodes win-node1 os=windows:NoSchedule

Add Toleration to Windows Pod:

spec:
  tolerations:
  - key: "os"
    operator: "Equal"
    value: "windows"
    effect: "NoSchedule"

Key Differences & Limitations

Feature	Linux	Windows
Container Base Image	Small (Alpine ~5MB)	Large (Server Core ~3GB)
Startup Time	Seconds	Seconds to Minutes
Networking	Bridge, Overlay	Host Networking not supported
Privileged Containers	Supported	Not Supported
Filesystem	Case-sensitive	Case-insensitive
Active Directory	Via LDAP/Kerberos	GMSA (Group Managed Service Accounts)

Best Practices

Use Taints and Tolerations

Always taint Windows nodes to prevent Linux pods (like DaemonSets) from failing to start on them.

Image Management

Windows images are large. Use a local registry or caching to speed up pulls. Match the container OS version with the host OS version (Process Isolation).

GMSA for Auth

Use Group Managed Service Accounts (GMSA) for Windows pods that need to authenticate with Active Directory.

🎉 Congratulations! You’ve completed the Kubernetes Crash Course and the entire DevOps Tools Mastery course! Next: Back to Overview →

Testing & Code Quality

Crash Courses

AI Engineering

Math for ML - Understanding Linear Algebra

Probability & Statistics for ML

Math for ML - Understanding Calculus

ML Mastery

Deep Learning Mastery

NestJS Mastery

Microservices Mastery

Low Level Design

OOP Concepts

SOLID Principles

Design Patterns

LLD Case Studies

System Design (HLD)

Senior Level (L5+/Staff)

HLD Case Studies

Engineering Fundamentals

DevOps & Operations

AWS Cloud

AWS Monitoring & Observability

AWS Security Services

AWS Serverless

AWS Operations

AWS Advanced

AWS Case Studies

DevOps Tools

Database Engineering

HIPAA Compliance Mastery

Operating Systems

Linux Internals

Distributed Systems

Networking Mastery

Build Your Own X

Go Lang Mastery

C Programming

Distributed System Tools

​Kubernetes on Windows & Linux

​Why Windows Containers?

​Architecture: Hybrid Cluster

​Scheduling Workloads

​Using nodeSelector

​Using Taints and Tolerations

​Key Differences & Limitations

​Best Practices