Spread the love


In Part 1 of this blog series, I demonstrated how to deploy a certified Kubernetes cluster on-premises using Docker Enterprise 3.0. I showcased how to install kubectl & install MySQL using Helm. In Part 2 of this blog series, I demonstrated how to build and configure Kubernetes external storage provisioner for iSCSI storage to work with DKS. Under this post, I will show how to add Windows Server 2019 as a worker node and deploy application across the hybrid cluster(both Linux & Windows).

Support of Kubernetes on Windows

Mixed Windows Server and Linux applications are becoming commonplace for both legacy application migration and greenfield development. Combined, these drive a need to enable the use of best-of-breed components within an application, regardless of platform

Docker Enterprise 3.0 supports worker nodes that run on Windows Server 2016 and Windows Server 2019. Only worker nodes are supported on Windows, and all manager nodes in the cluster must run on Linux. Additionally Windows worker nodes can only be used by the Swarm Orchestrator. Your Linux workloads runs on Linux nodes whereas windows workloads runs on Windows nodes.

Below diagram showcases kubelet in terms of hybrid environment like Linux and Windows.

Under this blog post, I will show the simple steps to enable a worker node on Windows.

  1. Install Docker Engine – Enterprise on Windows Server 2019.
  2. Configure the Windows node.
  3. Join the Windows node to the cluster.

Note: Refer to the Docker compatibility matrix for complete Docker compatibility information with Windows Server.


  • A Docker Enterprise 3.0 with 1 manager and 1 worker node
  • Both of these nodes are Linux-based nodes
  • Windows Server 2019 installed on any of bare metal or VM

Preparing Windows Server 2019

I assume that you have already installed Windows Server 2019 on your premises. My Windows OS configuration look something like as shown below:

Installing Docker Engine – Enterprise on Windows

To install the Docker Engine – Enterprise on your hosts, Docker provides a OneGet PowerShell Module.

Open an elevated PowerShell command prompt, and type the following commands.

Install-Module DockerMsftProvider -Force

Installing Docker Engine – Enterprise

PS C:\Users\Administrator> Install-Package Docker -ProviderName DockerMsftProvider -Force
WARNING: A restart is required to enable the containers feature. Please restart your machine.

Name                           Version          Source           Summary
----                           -------          ------           -------
Docker                         19.03.2          DockerDefault    Contains Docker EE for use with Windows Server.

PS C:\Users\Administrator>

Verifying Docker Installables

Changing the default orchestrator type to Kubernetes

Go ahead and choose the right orchestrator as shown below:

Choose the “allow all authenticated users” as shown below:

Verifying if default orchestration is changed to Kubernetes

Choose the below options to make your setup ready to join Windows worker nodes.

Configuring Windows Node

Follow these steps to configure the docker daemon and the Windows environment.

  1. Pull the Windows-specific image of ucp-agent, which is named ucp-agent-win.
  2. Run the Windows worker setup script provided with ucp-agent-win.
  3. Join the cluster with the token provided by the Docker UCP web interface or CLI.

Pulling Windows specific images of ucp-agent

In case you encounter “TLS handshake timeout” error message, then you possibly need to disable firewall.

PS C:\Users\Administrator> docker image pull docker/ucp-agent-win:3.2.1
3.2.1: Pulling from docker/ucp-agent-win
bce2fbc256ea: Already exists
6f2071dcd729: Already exists
0d335bf1e3bd: Pull complete
c8f758ef1a6a: Pull complete
b6fb84b6b28d: Pull complete
8586fb09f5de: Pull complete
0b4b5a3a0ae1: Pull complete
Digest: sha256:7d68eb1e154b6f56ce40aff422b79268920d046c685cee8067fe8b3cdc65a083
Status: Downloaded newer image for docker/ucp-agent-win:3.2.1
PS C:\Users\Administrator> docker image pull docker/ucp-dsinfo-win:3.2.1
3.2.1: Pulling from docker/ucp-dsinfo-win
bce2fbc256ea: Already exists
6f2071dcd729: Already exists
0d335bf1e3bd: Already exists
c8f758ef1a6a: Already exists
613a367d6c82: Pull complete
2dedf3f2d68f: Pull complete
804be9775f1c: Pull complete
Digest: sha256:1675b6929f665fd88dbb94895bb5208e5c9c193f99dfe386a493fe0d91364981
Status: Downloaded newer image for docker/ucp-dsinfo-win:3.2.1

Running the Windows node setup script

We will require to open ports 2376 and 12376, and create certificates for the Docker daemon to communicate securely. Use this command to run the Windows node setup script:

$script = [ScriptBlock]::Create((docker run --rm docker/ucp-agent-win:3.2.1 windows-script | Out-String))
PS C:\Users\Administrator> Invoke-Command $script
Testing for required windows updates
Setting up Docker daemon to listen on port 2376 with TLS
Generating new certs at C:\ProgramData\docker\daemoncerts
Restarting Docker daemon
WARNING: Waiting for service 'Docker Engine (docker)' to stop...
Successfully set up Docker daemon
Opening port 2376 in the Windows firewall for inbound traffic
Opening port 12376 in the Windows firewall for inbound traffic
Opening port 2377 in the Windows firewall for inbound traffic
Opening port 7946 in the Windows firewall for inbound and outbound traffic
Opening UDP port 4789 in the Windows firewall for inbound and outbound traffic
Opening UDP port 7946 in the Windows firewall for inbound and outbound traffic

When you run windows-script, the Docker service is unavailable temporarily. The Windows node is ready to join the cluster. Run the setup script on each instance of Windows Server that will be a worker node.

Joining Windows Worker Node

docker swarm join --token SWMTKN-1-3n4mwkzhy9ajvblqsuqlnhmt83poep86mt2hip0wonqagmjtos-bch9ezkt5kiroz6jncidrz13x
This node joined a swarm as a worker node

Just go to Shared Resources section under Docker Enterprise 3.0 and click on “Nodes” to get list of 1 Manager, 2 worker(1x Linux & 1x Windows Server) nodes.

Hence, you saw that it is super easy to build a hybrid environment with Linux master node and bunch of Windows nodes as worker.


Spread the love
Categories: Docker

Ajeet Raina

My name is Ajeet Singh Raina and I am an author of this blogging site. I am a Docker Captain, ARM Innovator & Docker Bangalore Community Leader. I bagged 2 special awards last year(2019): Firstly, “The Tip of Captain’s Hat Award” at Dockercon 2019, San Francisco, and secondly, “2019 Docker Community Award“. I run Collabnix Community Slack with over 5300+ audience . I have built popular GITHUB repositories like DockerLabs, KubeLabs, Kubetools, RedisPlanet Terraform etc. with the support of Collabnix Community. Currently working as Developer Relations Manager at Redis Labs where I help customers and community members adopt Redis. With over 12,000+ followers over LinkedIn & close to 5100+ twitter followers, I like sharing Docker and Kubernetes related content . You can follow me on Twitter(@ajeetsraina) & GitHub(@ajeetraina)


Leave a Reply

Your email address will not be published. Required fields are marked *