Amazon EKS optimized Windows AMIs - Amazon EKS

Amazon EKS optimized Windows AMIs

Windows Amazon EKS optimized AMIs are built on top of Windows Server 2019 and Windows Server 20H2. They are configured to serve as the base image for Amazon EKS nodes. By default, the AMIs include the following components:

  • kubelet

  • kube-proxy

  • AWS IAM Authenticator

  • CSI proxy

  • Docker

  • Containerd (Amazon EKS v1.21 or greater)

Note

You can track security or privacy events for Windows Server with the Microsoft security update guide.

The AMI IDs for the latest Amazon EKS optimized AMI are in the following tables. You can also retrieve the IDs with an AWS Systems Manager parameter using different tools. For more information, see Retrieving Amazon EKS optimized Windows AMI IDs.

Windows Server 2019 is a Long-Term Servicing Channel (LTSC) release, whereas Versions 20H2 is a Semi-Annual Channel (SAC) release. For more information, see Windows Server servicing channels in the Microsoft documentation. Windows Server 20H2 support was added to Kubernetes in version 1.21. For more information about Windows OS version support, see Intro to Windows support in Kubernetes.

1.22
Kubernetes version 1.22
AWS Region Windows Server 2019 Core Windows Server 2019 Full Windows Server 20H2 Core
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
1.21
Kubernetes version 1.21
AWS Region Windows Server 2019 Core Windows Server 2019 Full Windows Server 20H2 Core
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
1.20
Kubernetes version 1.20
AWS Region Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID
1.19
Kubernetes version 1.19
AWS Region Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID

Amazon EKS Windows AMI release calendar

The following table lists the release and end of support dates for Windows versions on Amazon EKS. If an end date is blank, it's because the version is still supported.

Windows version Amazon EKS release Amazon EKS end of support
Windows Server 20H2 Core 8/12/2021 8/9/2022
Windows Server 2004 Core 8/19/2020 12/14/2021
Windows Server 2019 Core 10/7/2019
Windows Server 2019 Full 10/7/2019
Windows Server 1909 Core 10/7/2019 12/8/2020

Bootstrap script configuration parameters

When you create a Windows node, there's a script on the node that allows for configuring different parameters. Depending on your setup, this script can be found on the node at a location similar to: C:\Program Files\Amazon\EKS\Start-EKSBootstrap.ps1. The script includes the following parameters:

  • -EKSClusterName – Specifies the Amazon EKS cluster name for this worker node to join.

  • -KubeletExtraArgs – Specifies extra arguments for kubelet (optional).

  • -KubeProxyExtraArgs – Specifies extra arguments for kube-proxy (optional).

  • -APIServerEndpoint – Specifies the Amazon EKS cluster API server endpoint (optional). Only valid when used with -Base64ClusterCA. Bypasses calling Get-EKSCluster.

  • -Base64ClusterCA – Specifies the base64 encoded cluster CA content (optional). Only valid when used with -APIServerEndpoint. Bypasses calling Get-EKSCluster.

  • -DNSClusterIP – Overrides the IP address to use for DNS queries within the cluster (optional). Defaults to 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface.

  • -ContainerRuntime – Specifies the container runtime to be used on the node.

Enable the containerd runtime bootstrap flag

The Amazon EKS optimized Windows AMI contains an optional bootstrap flag to enable the containerd runtime. This feature gives you a clear path to migrate to containerd. Amazon EKS is ending support for Docker starting with the Kubernetes version 1.23 launch. For more information, see Amazon EKS is ending support for Dockershim.

Until Kubernetes version 1.23, the supported values for the container runtime are docker and containerd, specified when launching the Windows nodes using either eksctl or the AWS Management Console.

  • If the specified value is docker, then Docker is used as the runtime on the node.

  • If the specified value is containerd and the Amazon EKS version is greater than 1.20, then containerd is selected as the runtime. If the Amazon EKS version is less than 1.21, then the bootstrap fails and nodes are unable to join the cluster.

  • If any other value is specified, then the bootstrap fails and the node isn't able to join the cluster.

  • If this flag itself isn't specified, then the default value of the container runtime is selected. For Amazon EKS version 1.21 and lower, this would be Docker.

When launching Windows nodes in your Amazon EKS cluster, follow the steps in Launching self-managed Windows nodes. Windows self-managed nodes with the containerd runtime can be launched using eksctl or the AWS Management Console.

eksctl

To enable the containerd runtime with eksctl

For Windows self-managed nodes, the container runtime can be specified in the configuration while creating new node groups. You can use the following test-windows-with-containerd.yaml as reference.

Note

You must use eksctl version 0.95.0 or later to use the containerRuntime setting in the configuration file.

apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: windows-containerd-cluster region: us-west-2 version: '1.21' nodeGroups: - name: windows-ng instanceType: m5.2xlarge amiFamily: WindowsServer2019FullContainer volumeSize: 100 minSize: 2 maxSize: 3 containerRuntime: containerd - name: linux-ng amiFamily: AmazonLinux2 minSize: 2 maxSize: 3

The node groups can then be created using the following command.

eksctl create cluster -f test-windows-with-containerd.yaml

Alternatively, you can also specify the EKS_CONTAINER_RUNTIME environment variable as a pre-bootstrap command in the eksctl configuration file.

preBootstrapCommands: - Invoke-Expression -Command '[Environment]::SetEnvironmentVariable("EKS_CONTAINER_RUNTIME", "containerd", [System.EnvironmentVariableTarget]::Machine)'

For more information, see Creating a nodegroup from a config file, defining containerd runtime, and Config file schema in the eksctl documentation.

AWS Management Console

To enable the containerd runtime with the AWS Management Console

In the AWS CloudFormation template, there's a parameter named BootstrapArguments which can be used to pass in additional arguments to the bootstrap script. A parameter named ContainerRuntime can be used to select a particular runtime on the node.

Specify the following in BootstrapArguments to enable the containerd runtime:

-ContainerRuntime containerd