You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16-4Lines changed: 16 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -274,13 +274,25 @@ See install options in the [EC2LaunchV2 documentation](https://docs.aws.amazon.c
274
274
275
275
In order to run Windows workloads on Nodes, the image `mcr.microsoft.com/oss/kubernetes/pause:3.9` must be mirrored.
276
276
See [Image configuration resources](https://docs.openshift.com/container-platform/latest/openshift_images/image-configuration.html) for general information on image mirroring.
277
+
Using ImageDigestMirrorSets and ImageTagMirrorSets to mirror container images results in different behavior than Linux Nodes.
278
+
Please account for the following differences when reading the above documentation.
277
279
278
-
Windows images mirrored through ImageDigestMirrorSet and ImageTagMirrorSet have specific naming requirements.
280
+
Mirroring on Linux nodes acts on the image level, while on Windows nodes we are only able to mirror on the registry level.
281
+
For example, if the cluster has an ImageTagMirrorSet (ITMS) specifying that `quay.io/remote-org/image` should use the mirror `quay.io/my-org/image`
282
+
any container that uses `quay.io/remote-org/image:tag` will instead use the image `quay.io/my-org/image:tag`.
283
+
284
+
This behavior differs for Windows Nodes, which will take the ITMS and use it to configure registry wide mirrors. Following the previous example,
285
+
by specifying a mirror of `quay.io/remote-org/image` to `quay.io/my-org/image`, Windows Nodes now use that mirror for all images from `quay.io/remote-org`.
286
+
In practice this means that `quay.io/remote-org/image:tag` will use the image `quay.io/my-org/image:tag` as expected, but another container using `quay.io/remote-org/different-image:tag`
287
+
will also try to use the mirror `quay.io/remote-org/different-image:tag`. This can cause unintended behavior if it is not accounted for.
288
+
For this reason it is recommended to specify container images using a digest, and to use ImageDigestMirrorSets instead of ImageTagMirrorSets.
289
+
This can prevent the wrong container image from being used, by ensuring the image the container specifies and the image being pulled have the same digest.
290
+
291
+
Additionally, Windows images mirrored through ImageDigestMirrorSet and ImageTagMirrorSet have specific naming requirements.
279
292
The mirrored image's suffix (final portion of namespaces and the image name) must match that of the source image.
280
293
For example, when mirroring the image `mcr.microsoft.com/oss/kubernetes/pause:3.9`, the mirror must have the format
281
-
`$mirrorRegistry/[$optionalNamespaces/]oss/kubernetes/pause:3.9`where `$optionalNamespaces` can be any number of
282
-
leading namespaces. Some valid values could be: `$mirrorRegistry/oss/kubernetes/pause:3.9`,
`$mirrorRegistry/[$org/]oss/kubernetes/pause:3.9`where `$org` can be any org name, or excluded completely.
295
+
Some valid values could be: `$mirrorRegistry/oss/kubernetes/pause:3.9`, `$mirrorRegistry/custom/oss/kubernetes/pause:3.9`, `$mirrorRegistry/x/y/z/oss/kubernetes/pause:3.9`.
284
296
285
297
### Horizontal Pod Autoscaling
286
298
Horizontal Pod autoscaling is available for Windows workloads.
0 commit comments