Active Directory setup in Windows 2022 node in aks Node Pool
Support of Widows 2022 in Azure Kubernetes Service is in Public Preview. See more details here: https://docs.microsoft.com/en-us/azure/aks/learn/quick-windows-container-deploy-cli#add-a-windows-server-2022-node-pool-preview
In this article, I am describing the complete steps on:
- Setup a Windows 2022 node pool in AKS
- Connect the Windows 2022 node in the Windows 2022 node pool through remote desktop
- Setup the domain services and Active Directory in the node
Login azure cli: az login
Create an Azure ResourceGroup: az group create –name win2k22 –location eastus
Create a username/password for Windows Server nodes:
Set a variable for windows username: $WINDOWS_USERNAME = “manuphilip”
Create aks cluster: By default, a Linux node pool will be created in the cluster. This node can’t be deleted from the cluster
az aks create –resource-group win2k22 –name win2k22 –node-count 1 –enable-addons monitoring –generate-ssh-keys –windows-admin-username $WINDOWS_USERNAME –vm-set-type VirtualMachineScaleSets –kubernetes-version 1.24.0 –network-plugin azure
The following screenshot shows how the cli works in creating aks. Enter the password when asked
After a few minutes, the command completes and returns JSON-formatted information about the cluster.
As the feature is still in preview, we need to configure and update some requirement as below:
Install the aks-preview extension: az extension add –name aks-preview
Update the extension to make sure you have the latest version installed: az extension update –name aks-preview
Register the AKSWindows2022Preview preview feature: az feature register –namespace “Microsoft.ContainerService” –name “AKSWindows2022Preview”
Refresh the registration of the Microsoft.ContainerService resource provider: az provider register –namespace Microsoft.ContainerService
Add a Windows Server 2019 node pool in the aks cluster: az aks nodepool add –resource-group win2k22 –cluster-name win2k22 –os-type Windows –os-sku Windows2022 –name w2022 –node-count 1
Once the command finishes successfully, you can see the following node pools in azure console, shell
The Windows Server nodes of your AKS cluster don’t have externally accessible IP addresses. To make an RDP connection, you can deploy a virtual machine with a publicly accessible IP address to the same subnet as your Windows Server nodes. So, in-order to connect the node in aks, you need to deploy a virtual machine to the same subnet as your cluster.
Once the VM is ready, allow the aks node to be accessed from the virtual machine. AKS node pool subnets are protected with NSGs (Network Security Groups) by default. To get access to the virtual machine, you’ll have to enabled access in the NSG by the following commands. First two commands will get the cluster resource group and NSG name
$CLUSTER_RG=$(az aks show -g win2k22 -n win2k22 –query nodeResourceGroup -o tsv)
$NSG_NAME=$(az network nsg list -g $CLUSTER_RG –query .name -o tsv)
az network nsg rule create –name RDPAccess –resource-group $CLUSTER_RG –nsg-name $NSG_NAME –priority 100 –destination-port-range 3389 –protocol Tcp –description “RDP access to Windows nodes”
Connect the VM by it’s public ip address. Now, the Windows 2022 node in aks node pool can be accessed through the VM by the internal IP address of the node. Since Windows Server nodes use Windows Server Core, there’s not a full GUI or other GUI tools when you connect to a Windows Server node over RDP.
Install domain controller Windows Server Core 2022: install-windowsfeature AD-Domain-Services -IncludemanagementTools
Above screenshot indicates the successful installation of Active directory domain services.
Configure Active Directory Windows Server 2022 Core:
Once installation is done the server will restart automatically. After the restart completed successfully, you can see that the domain setup completed successfully as below: