From 8bdaa6bd225cd1bd1dcee9cbd8872ec28d510a22 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 27 Oct 2025 19:54:24 +0000 Subject: [PATCH 1/2] Update kubelet restart script in Windows templates --- .../cluster-template-machinepool-windows.yaml | 17 ++++++++++++++++- ...luster-template-windows-apiserver-ilb.yaml | 17 ++++++++++++++++- templates/cluster-template-windows.yaml | 17 ++++++++++++++++- .../machine-pool-deployment-windows.yaml | 17 ++++++++++++++++- .../machine-deployment-windows.yaml | 17 ++++++++++++++++- .../windows/machine-deployment-windows.yaml | 19 +++++++++++++++++-- ...ster-template-prow-ci-version-windows.yaml | 17 ++++++++++++++++- ...template-prow-clusterclass-ci-default.yaml | 17 ++++++++++++++++- ...-prow-machine-pool-ci-version-windows.yaml | 17 ++++++++++++++++- ...er-template-prow-machine-pool-windows.yaml | 17 ++++++++++++++++- .../ci/cluster-template-prow-windows.yaml | 17 ++++++++++++++++- .../prow-clusterclass-ci-default/windows.yaml | 19 +++++++++++++++++-- ...te-custom-builds-machine-pool-windows.yaml | 17 ++++++++++++++++- ...luster-template-custom-builds-windows.yaml | 17 ++++++++++++++++- 14 files changed, 226 insertions(+), 16 deletions(-) diff --git a/templates/cluster-template-machinepool-windows.yaml b/templates/cluster-template-machinepool-windows.yaml index f5e8ce9fe5c..f44c3c24698 100644 --- a/templates/cluster-template-machinepool-windows.yaml +++ b/templates/cluster-template-machinepool-windows.yaml @@ -266,6 +266,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe path: C:/defender-exclude-calico.ps1 permissions: "0744" @@ -276,7 +291,7 @@ spec: cloud-provider: external name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell c:/create-external-network.ps1 diff --git a/templates/cluster-template-windows-apiserver-ilb.yaml b/templates/cluster-template-windows-apiserver-ilb.yaml index 2613ab07ad8..6741e201ec1 100644 --- a/templates/cluster-template-windows-apiserver-ilb.yaml +++ b/templates/cluster-template-windows-apiserver-ilb.yaml @@ -288,6 +288,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: |- Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe @@ -302,7 +317,7 @@ spec: windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell -Command "Add-Content -Path 'C:\\Windows\\System32\\drivers\\etc\\hosts' diff --git a/templates/cluster-template-windows.yaml b/templates/cluster-template-windows.yaml index a704c6040af..8584112a422 100644 --- a/templates/cluster-template-windows.yaml +++ b/templates/cluster-template-windows.yaml @@ -272,6 +272,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: |- Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe @@ -286,7 +301,7 @@ spec: windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: [] users: diff --git a/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml b/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml index 93ce0d8b990..3e348032415 100644 --- a/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml +++ b/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml @@ -51,7 +51,7 @@ spec: preKubeadmCommands: - powershell c:/create-external-network.ps1 postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 joinConfiguration: nodeRegistration: @@ -67,6 +67,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - path: C:/defender-exclude-calico.ps1 permissions: "0744" content: |- diff --git a/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml b/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml index c3152480838..4b20b559aec 100644 --- a/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml +++ b/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml @@ -59,7 +59,7 @@ spec: - ${AZURE_SSH_PUBLIC_KEY:=""} preKubeadmCommands: [] postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 joinConfiguration: nodeRegistration: @@ -77,6 +77,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - path: C:/defender-exclude-calico.ps1 permissions: "0744" content: |- diff --git a/templates/flavors/windows/machine-deployment-windows.yaml b/templates/flavors/windows/machine-deployment-windows.yaml index c3152480838..a21450909e1 100644 --- a/templates/flavors/windows/machine-deployment-windows.yaml +++ b/templates/flavors/windows/machine-deployment-windows.yaml @@ -59,7 +59,7 @@ spec: - ${AZURE_SSH_PUBLIC_KEY:=""} preKubeadmCommands: [] postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 joinConfiguration: nodeRegistration: @@ -68,7 +68,7 @@ spec: kubeletExtraArgs: cloud-provider: external v: "2" - windows-priorityclass: "ABOVE_NORMAL_PRIORITY_CLASS" + windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS files: - contentFrom: secret: @@ -77,6 +77,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - path: C:/defender-exclude-calico.ps1 permissions: "0744" content: |- diff --git a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml index 0934ee78f6a..28de6a1b4ac 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml @@ -497,6 +497,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: |- Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe @@ -600,7 +615,7 @@ spec: windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell C:/create-temp-folder.ps1 diff --git a/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml b/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml index 0db9729ca45..6a50009722f 100644 --- a/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml +++ b/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml @@ -529,6 +529,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: |- Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe @@ -543,7 +558,7 @@ spec: windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: [] --- diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml index 6c629a749eb..1015d22e029 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml @@ -504,6 +504,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe path: C:/defender-exclude-calico.ps1 permissions: "0744" @@ -564,7 +579,7 @@ spec: image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell c:/create-external-network.ps1 diff --git a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml index fad34c0b614..0d5e3a7dfe3 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml @@ -286,6 +286,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe path: C:/defender-exclude-calico.ps1 permissions: "0744" @@ -296,7 +311,7 @@ spec: cloud-provider: external name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell c:/create-external-network.ps1 diff --git a/templates/test/ci/cluster-template-prow-windows.yaml b/templates/test/ci/cluster-template-prow-windows.yaml index 85d8e32f4bb..85e94480a3f 100644 --- a/templates/test/ci/cluster-template-prow-windows.yaml +++ b/templates/test/ci/cluster-template-prow-windows.yaml @@ -285,6 +285,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: |- Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe @@ -337,7 +352,7 @@ spec: windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell C:/create-temp-folder.ps1 diff --git a/templates/test/ci/prow-clusterclass-ci-default/windows.yaml b/templates/test/ci/prow-clusterclass-ci-default/windows.yaml index 43060236823..0145998a458 100644 --- a/templates/test/ci/prow-clusterclass-ci-default/windows.yaml +++ b/templates/test/ci/prow-clusterclass-ci-default/windows.yaml @@ -20,7 +20,7 @@ spec: spec: preKubeadmCommands: [] postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 joinConfiguration: nodeRegistration: @@ -38,6 +38,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - path: C:/defender-exclude-calico.ps1 permissions: "0744" content: |- @@ -59,4 +74,4 @@ spec: managedDisk: storageAccountType: "Premium_LRS" sshPublicKey: "" - vmSize: replace_me \ No newline at end of file + vmSize: replace_me diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml index d9e9315b424..17d487ec1fb 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml @@ -457,6 +457,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe path: C:/defender-exclude-calico.ps1 permissions: "0744" @@ -518,7 +533,7 @@ spec: image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell c:/create-external-network.ps1 diff --git a/templates/test/dev/cluster-template-custom-builds-windows.yaml b/templates/test/dev/cluster-template-custom-builds-windows.yaml index 04f47b12501..4df590b9e95 100644 --- a/templates/test/dev/cluster-template-custom-builds-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-windows.yaml @@ -446,6 +446,21 @@ spec: owner: root:root path: c:/k/azure.json permissions: "0644" + - content: | + # This script restarts the kubelet service. + # It supports both nssm and Windows service configurations, + # ensuring a smooth transition between service managers without interruption. + # This script will eventually be removed once nssm is no longer used. + $scriptPath = "$env:SYSTEMDRIVE/k/RestartKubelet.ps1" + if (Test-Path $scriptPath) { + Write-Host "Found RestartKubelet.ps1, executing..." + & $scriptPath + } else { + Write-Host "RestartKubelet.ps1 not found. Running fallback command..." + & "$env:SYSTEMDRIVE\k\nssm.exe" set kubelet start SERVICE_AUTO_START + } + path: C:/KubeletRestart_nssm_sc.ps1 + permissions: "0744" - content: |- Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico-ipam.exe @@ -565,7 +580,7 @@ spec: windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - - nssm set kubelet start SERVICE_AUTO_START + - powershell C:/KubeletRestart_nssm_sc.ps1 - powershell C:/defender-exclude-calico.ps1 preKubeadmCommands: - powershell C:/create-temp-folder.ps1 From fdafdd059739d3b2af597f65a56f9b267cd81e28 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 20 Nov 2025 16:18:04 -0700 Subject: [PATCH 2/2] Add register-with-taints kubelet arg --- templates/cluster-template-machinepool-windows.yaml | 1 + templates/cluster-template-windows-apiserver-ilb.yaml | 1 + templates/cluster-template-windows.yaml | 1 + .../machinepool-windows/machine-pool-deployment-windows.yaml | 1 + .../windows-apiserver-ilb/machine-deployment-windows.yaml | 1 + templates/flavors/windows/machine-deployment-windows.yaml | 1 + templates/test/ci/cluster-template-prow-ci-version-windows.yaml | 1 + .../test/ci/cluster-template-prow-clusterclass-ci-default.yaml | 1 + .../cluster-template-prow-machine-pool-ci-version-windows.yaml | 1 + .../test/ci/cluster-template-prow-machine-pool-windows.yaml | 1 + templates/test/ci/cluster-template-prow-windows.yaml | 1 + templates/test/ci/prow-clusterclass-ci-default/windows.yaml | 1 + .../dev/cluster-template-custom-builds-machine-pool-windows.yaml | 1 + templates/test/dev/cluster-template-custom-builds-windows.yaml | 1 + 14 files changed, 14 insertions(+) diff --git a/templates/cluster-template-machinepool-windows.yaml b/templates/cluster-template-machinepool-windows.yaml index f44c3c24698..dce9307d850 100644 --- a/templates/cluster-template-machinepool-windows.yaml +++ b/templates/cluster-template-machinepool-windows.yaml @@ -289,6 +289,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - powershell C:/KubeletRestart_nssm_sc.ps1 diff --git a/templates/cluster-template-windows-apiserver-ilb.yaml b/templates/cluster-template-windows-apiserver-ilb.yaml index 6741e201ec1..54dac7a7244 100644 --- a/templates/cluster-template-windows-apiserver-ilb.yaml +++ b/templates/cluster-template-windows-apiserver-ilb.yaml @@ -313,6 +313,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/cluster-template-windows.yaml b/templates/cluster-template-windows.yaml index 8584112a422..5165d9e0fe8 100644 --- a/templates/cluster-template-windows.yaml +++ b/templates/cluster-template-windows.yaml @@ -297,6 +297,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml b/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml index 3e348032415..6c84d65b563 100644 --- a/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml +++ b/templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml @@ -59,6 +59,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule files: - contentFrom: secret: diff --git a/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml b/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml index 4b20b559aec..f8e368f0d44 100644 --- a/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml +++ b/templates/flavors/windows-apiserver-ilb/machine-deployment-windows.yaml @@ -67,6 +67,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: "ABOVE_NORMAL_PRIORITY_CLASS" files: diff --git a/templates/flavors/windows/machine-deployment-windows.yaml b/templates/flavors/windows/machine-deployment-windows.yaml index a21450909e1..03495c37b4a 100644 --- a/templates/flavors/windows/machine-deployment-windows.yaml +++ b/templates/flavors/windows/machine-deployment-windows.yaml @@ -67,6 +67,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS files: diff --git a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml index 28de6a1b4ac..98f29b22c36 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml @@ -611,6 +611,7 @@ spec: feature-gates: ${NODE_FEATURE_GATES:-""} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml b/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml index 6a50009722f..077cef648b8 100644 --- a/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml +++ b/templates/test/ci/cluster-template-prow-clusterclass-ci-default.yaml @@ -554,6 +554,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml index 1015d22e029..b512506d906 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml @@ -577,6 +577,7 @@ spec: cloud-provider: external image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - powershell C:/KubeletRestart_nssm_sc.ps1 diff --git a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml index 0d5e3a7dfe3..83bfae61ca5 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml @@ -309,6 +309,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - powershell C:/KubeletRestart_nssm_sc.ps1 diff --git a/templates/test/ci/cluster-template-prow-windows.yaml b/templates/test/ci/cluster-template-prow-windows.yaml index 85e94480a3f..bb51290ef10 100644 --- a/templates/test/ci/cluster-template-prow-windows.yaml +++ b/templates/test/ci/cluster-template-prow-windows.yaml @@ -348,6 +348,7 @@ spec: kubeletExtraArgs: cloud-provider: external feature-gates: ${NODE_FEATURE_GATES:-""} + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/test/ci/prow-clusterclass-ci-default/windows.yaml b/templates/test/ci/prow-clusterclass-ci-default/windows.yaml index 0145998a458..41dc1093c51 100644 --- a/templates/test/ci/prow-clusterclass-ci-default/windows.yaml +++ b/templates/test/ci/prow-clusterclass-ci-default/windows.yaml @@ -28,6 +28,7 @@ spec: criSocket: npipe:////./pipe/containerd-containerd kubeletExtraArgs: cloud-provider: external + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: "ABOVE_NORMAL_PRIORITY_CLASS" files: diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml index 17d487ec1fb..a86710f6c85 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml @@ -531,6 +531,7 @@ spec: cloud-provider: external image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule name: '{{ ds.meta_data["local_hostname"] }}' postKubeadmCommands: - powershell C:/KubeletRestart_nssm_sc.ps1 diff --git a/templates/test/dev/cluster-template-custom-builds-windows.yaml b/templates/test/dev/cluster-template-custom-builds-windows.yaml index 4df590b9e95..7fa53ebad2e 100644 --- a/templates/test/dev/cluster-template-custom-builds-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-windows.yaml @@ -576,6 +576,7 @@ spec: feature-gates: ${NODE_FEATURE_GATES:-""} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + register-with-taints: node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule v: "2" windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS name: '{{ ds.meta_data["local_hostname"] }}'