Windows Amazon EKS optimized AMIs are built on top of Windows Server 2019 and Windows Server 2022. They are configured to serve as the base image for Amazon EKS nodes. By default, the AMIs include the following components:
Amazon EKS offers AMIs that are optimized for Windows containers in the following variants:
Amazon EKS-optimized Windows Server 2019 Core AMI
Amazon EKS-optimized Windows Server 2019 Full AMI
Amazon EKS-optimized Windows Server 2022 Core AMI
Amazon EKS-optimized Windows Server 2022 Full AMI
The Amazon EKS-optimized Windows Server 20H2 Core AMI is deprecated. No new versions of this AMI will be released.
To ensure that you have the latest security updates by default, Amazon EKS maintains optimized Windows AMIs for the last 4 months. Each new AMI will be available for 4 months from the time of initial release. After this period, older AMIs are made private and are no longer accessible. We encourage using the latest AMIs to avoid security vulnerabilities and losing access to older AMIs which have reached the end of their supported lifetime. While we canât guarantee that we can provide access to AMIs that have been made private, you can request access by filing a ticket with AWS Support.
The following table lists the release and end of support dates for Windows versions on Amazon EKS. If an end date is blank, itâs because the version is still supported.
Windows version Amazon EKS release Amazon EKS end of supportWindows Server 2022 Core
10/17/2022
Windows Server 2022 Full
10/17/2022
Windows Server 20H2 Core
8/12/2021
8/9/2022
Windows Server 2004 Core
8/19/2020
12/14/2021
Windows Server 2019 Core
10/7/2019
Windows Server 2019 Full
10/7/2019
Windows Server 1909 Core
10/7/2019
12/8/2020
Bootstrap script configuration parametersWhen you create a Windows node, thereâs a script on the node that allows for configuring different parameters. Depending on your setup, this script can be found on the node at a location similar to: C:\Program Files\Amazon\EKS\Start-EKSBootstrap.ps1. You can specify custom parameter values by specifying them as arguments to the bootstrap script. For example, you can update the user data in the launch template. For more information, see Amazon EC2 user data.
The script includes the following command-line parameters:
-EKSClusterName â Specifies the Amazon EKS cluster name for this worker node to join.
-KubeletExtraArgs â Specifies extra arguments for kubelet (optional).
-KubeProxyExtraArgs â Specifies extra arguments for kube-proxy (optional).
-APIServerEndpoint â Specifies the Amazon EKS cluster API server endpoint (optional). Only valid when used with -Base64ClusterCA. Bypasses calling Get-EKSCluster.
-Base64ClusterCA â Specifies the base64 encoded cluster CA content (optional). Only valid when used with -APIServerEndpoint. Bypasses calling Get-EKSCluster.
-DNSClusterIP â Overrides the IP address to use for DNS queries within the cluster (optional). Defaults to 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface.
-ServiceCIDR â Overrides the Kubernetes service IP address range from which cluster services are addressed. Defaults to 172.20.0.0/16 or 10.100.0.0/16 based on the IP address of the primary interface.
-ExcludedSnatCIDRs â A list of IPv4 CIDRs to exclude from Source Network Address Translation (SNAT). This means that the pod private IP which is VPC addressable wouldnât be translated to the IP address of the instance ENIâs primary IPv4 address for outbound traffic. By default, the IPv4 CIDR of the VPC for the Amazon EKS Windows node is added. Specifying CIDRs to this parameter also additionally excludes the specified CIDRs. For more information, see Enable outbound internet access for Pods.
In addition to the command line parameters, you can also specify some environment variable parameters. When specifying a command line parameter, it takes precedence over the respective environment variable. The environment variable(s) should be defined as machine (or system) scoped as the bootstrap script will only read machine-scoped variables.
The script takes into account the following environment variables:
SERVICE_IPV4_CIDR â Refer to the ServiceCIDR command line parameter for the definition.
EXCLUDED_SNAT_CIDRS â Should be a comma separated string. Refer to the ExcludedSnatCIDRs command line parameter for the definition.
Amazon EKS Windows Pods allow different types of group Managed Service Account (gMSA) authentication.
Cached container imagesAmazon EKS Windows optimized AMIs have certain container images cached for the containerd runtime. Container images are cached when building custom AMIs using Amazon-managed build components. For more information, see Using the Amazon-managed build component.
The following cached container images are for the containerd runtime:
amazonaws.com/eks/pause-windows
mcr.microsoft.com/windows/nanoserver
mcr.microsoft.com/windows/servercore
For more information about using Amazon EKS optimized Windows AMIs, see the following sections:
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4