Provide Windows container image

[dbaid]

Question

I am testing this case for migrating old .net application.
https://github.com/michael-chi/migrate-for-anthos-aspnet
But the GKE windows container got connection issue with Cloud SQL Server.
I can't find cloud auth proxy container image for windows to be the sidecar.
Would you mind helping me this issue ???

Regards,
Steven

[enocom]

We provide three containers based on distroless, alpine, and buster. There is no Windows image presently. So I'm going to mark this as a feature request.

Do you have any thoughts on what an ideal Windows image might look like, e.g., containerd vs Docker, LTSC vs SAC, etc?

Some docs here: https://cloud.google.com/kubernetes-engine/docs/concepts/node-images.

[dbaid]

I tried to build a container image by myself and deploy iis 3.5 and the proxy image.
I am not sure if some thing wrong with my image,because application seems even not connect to the proxy.
My Dockerfile:

FROM mcr.microsoft.com/windows/servercore:ltsc2019
RUN mkdir C:\test
WORKDIR /test
COPY cloud_sql_proxy_x64.exe .
COPY key.json .
COPY cloudsql.ps1 .
ENTRYPOINT powershell -Command c:\test\cloudsql.ps1

MyPod Info :

kubectl get pods

NAME                          READY   STATUS    RESTARTS   AGE
myworkload-6dfdf99b6f-m24bd   2/2     Running   0          15h

The Pod Details:

kubectl describe pod  myworkload-6dfdf99b6f-m24bd

Name:         myworkload-6dfdf99b6f-m24bd
Namespace:    default
Priority:     0
Node:         gke-0331a2-sxs7/10.140.0.9
Start Time:   Thu, 30 Sep 2021 09:15:55 +0000
Labels:       app=myworkload
              pod-template-hash=6dfdf99b6f
Annotations:  <none>
Status:       Running
IP:           10.8.1.5
IPs:
  IP:           10.8.1.5
Controlled By:  ReplicaSet/myworkload-6dfdf99b6f
Containers:
  myworkload-container:
    Container ID:   docker://642d928afa5be6bc787c9cb8e86a3b3011861c8ccd00019791e785eb282eb7f0
    Image:          gcr.io/mytest9999/myimagename:v1.0.0
    Image ID:       docker-pullable://gcr.io/mytest9999/myimagename@sha256:3384badbc0695cc53ebd4812b7580de4d3fe7f3a6d1467b8b0b7b6c8ab12a667
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 30 Sep 2021 09:23:14 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-98htb (ro)
  cloudsql-proxy:
    Container ID:   docker://1a4d1ae6f81eff818f7ea9be6528f1ee2f9f74295c49529c86b8f88f95cbcd4d
    Image:          gcr.io/mytest9999/cloudsql-proxy:latest
    Image ID:       docker-pullable://gcr.io/mytest9999/cloudsql-proxy@sha256:9126f6145758b0db5ebb0e4d387240cf98f68f4642e5dec3ea2030a9878dc080
    Port:           1433/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 30 Sep 2021 09:23:27 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-98htb (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  default-token-98htb:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-98htb
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  kubernetes.io/os=windows
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/os=windows:NoSchedule
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:          <none>

This issue may not an issue with proxy image , maybe anthos , or others....
Do you have any advices ??

This image (IIS in compute engine) shows proxy received request

But in container env, proxy seems not receive anything.

[enocom]

Here are some ideas:

1. Verify that you can make a successful connection to the Cloud SQL instance using a Compute Engine VM or from a local machine. Right now, I see The instance or operation is not in an appropriate state....
2. Deploy a simple application to the cluster that uses the proxy as a sidecar, and check the application logs -- the logs you posted above indicate the application is failing to connect to the proxy, which suggests an application config error.

[dbaid]

hello, The error was because of not starting cloud sql instance. For saving my cost, I have to stop the service. That's what the first image shows. It's IIS running on computer engine with proxy. The second image is the state of IIS + proxy POD running on GKE cluster with one Linux master and one windows worker. When fetching db data through web, sidecar proxy log showed no data except those startup records. Regards, Steven Eno Compton ***@***.***> 於 2021年10月2日 週六 02:46 寫道：

…

Here are some ideas: 1. Verify that you can make a successful connection to the Cloud SQL instance using a Compute Engine VM or from a local machine. Right now, I see The instance or operation is not in an appropriate state.... 2. Deploy a simple application to the cluster that uses the proxy as a sidecar, and check the application logs -- the logs you posted above indicate the application is failing to connect to the proxy, which suggests an application config error. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#957 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALMFLOVS2Z5GMHZIWFP7JOLUEX6XRANCNFSM5FBVC7EQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[dbaid]

Hello ,
I am studying "Architecting with Google Kubernetes " on googlecourses to know more about GKE .
Therefore, close this issue first.
Thank you for your support.

Regards,
Steven

[enocom]

I suspect it's a common enough use case to run the proxy on a Windows VM. So I'm going to re-open this as a feature request for providing a Windows container.

[dbaid]

Thanks! Eno Compton ***@***.***> 於 2021年10月6日 週三 22:54 寫道：

…

I suspect it's a common enough use case to run the proxy on a Windows VM. So I'm going to re-open this as a feature request for providing a Windows container. — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#957 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALMFLOVQG3K2MNZMZFYG2ADUFRPIZANCNFSM5FBVC7EQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[enocom]

Bumping up the priority as there's significant interest in this.

[enocom]

We'll probably use mcr.microsoft.com/windows/servercore:ltsc2022 as the base image based on what I see here: https://github.com/MicrosoftDocs/Virtualization-Documentation/tree/main/windows-container-samples.

[enocom]

This also seems useful: https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/manage-windows-dockerfile.

[enocom]

Here's a rough take on what we might do. I'm not sure what the licensing details would be of distributing this.

FROM --platform=windows/amd64 golang:1 as build

WORKDIR /go/src/cloud-sql-proxy
COPY . .

RUN go get ./...
RUN GOOS=windows GOARCH=amd64 \
    go build -ldflags "-X main.metadataString=container.windows"

# Final stage
FROM --platform=windows/amd64 mcr.microsoft.com/windows/servercore:ltsc2022

COPY --from=build /go/src/cloud-sql-proxy/cloud-sql-proxy /cloud-sql-proxy
ENTRYPOINT ["/cloud-sql-proxy"]

[enocom]

And bumping it back down after some further discussion. Feel free to thumbs-up this issue if it's interesting for you.

[balys]

hi @enocom, we currently have a project where not having a windows based cloudsql-proxy image is a blocker. Would it be possible to add this?

[enocom]

Is there any reason why you can't build your own container image using the example from #957 (comment)?