Update kubeadm for Windows (#19217)

* Start updates for DaemonSet approach

* Rough first draft

* Remove old image assets

* Document how to fetch the correct version of kube-proxy

* Remove InstallNSSM script

It was merged into the PrepareNode script

* Update links to sig-windows-tools release files

Using the latest tag so we can continue to update things as needed
without needing to keep updating the docs

* Add upgrade tutorial for Windows kubeadm nodes

* Clarify which machine each command should be run from

* Add link from main tutorial, small edits

- Rename file / title
- Remove reviewers

* Remove IP management section

User can just rely on the defaults from kube-proxy and flannel now, or
change them in the same manner as on Linux

* Apply suggestions from code review

Co-Authored-By: Tim Bannister <tim@scalefactory.com>

* More review updates

* Switch to task template

* Apply suggestions from code review

Co-Authored-By: Tim Bannister <tim@scalefactory.com>

* More review feedback

* Adjust upgrading title

* Additional edits

* Move to kubeadm directory

* Remove stale link

This guide never had any real content about the pause image

* Add redirect from old url

* Fix weights

* Update Windows intro

* Apply suggestions from code review

Co-Authored-By: Tim Bannister <tim@scalefactory.com>

* Fix typo

* Add beta markers

Co-authored-by: Tim Bannister <tim@scalefactory.com>

content/en/docs/setup/production-environment/windows/intro-windows-in-kubernetes.md

@@ -427,7 +427,6 @@ Your main source of help for troubleshooting your Kubernetes cluster should star
 
         # Register kubelet.exe
         # Microsoft releases the pause infrastructure container at mcr.microsoft.com/k8s/core/pause:1.2.0
-        # For more info search for "pause" in the "Guide for adding Windows Nodes in Kubernetes"
         nssm install kubelet C:\k\kubelet.exe
         nssm set kubelet AppParameters --hostname-override=<hostname> --v=6 --pod-infra-container-image=mcr.microsoft.com/k8s/core/pause:1.2.0 --resolv-conf="" --allow-privileged=true --enable-debugging-handlers --cluster-dns=<DNS-service-IP> --cluster-domain=cluster.local --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge --image-pull-progress-deadline=20m --cgroups-per-qos=false  --log-dir=<log directory> --logtostderr=false --enforce-node-allocatable="" --network-plugin=cni --cni-bin-dir=c:\k\cni --cni-conf-dir=c:\k\cni\config
         nssm set kubelet AppDirectory C:\k
@@ -539,7 +538,7 @@ Your main source of help for troubleshooting your Kubernetes cluster should star
 
     Check that your pause image is compatible with your OS version. The [instructions](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/deploying-resources) assume that both the OS and the containers are version 1803. If you have a later version of Windows, such as an Insider build, you need to adjust the images accordingly. Please refer to the Microsoft's [Docker repository](https://hub.docker.com/u/microsoft/) for images. Regardless, both the pause image Dockerfile and the sample service expect the image to be tagged as :latest.
 
-    Starting with Kubernetes v1.14, Microsoft releases the pause infrastructure container at `mcr.microsoft.com/k8s/core/pause:1.2.0`. For more information search for "pause" in the [Guide for adding Windows Nodes in Kubernetes](../user-guide-windows-nodes).
+    Starting with Kubernetes v1.14, Microsoft releases the pause infrastructure container at `mcr.microsoft.com/k8s/core/pause:1.2.0`.
 
 1. DNS resolution is not properly working
 
@@ -628,7 +627,11 @@ spec:
 
 ### Deployment with kubeadm and cluster API
 
-Kubeadm is becoming the de facto standard for users to deploy a Kubernetes cluster. Windows node support in kubeadm will come in a future release. We are also making investments in cluster API to ensure Windows nodes are properly provisioned.
+Kubeadm is becoming the de facto standard for users to deploy a Kubernetes
+cluster. Windows node support in kubeadm is currently a work-in-progress but a
+guide is available [here](/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/).
+We are also making investments in cluster API to ensure Windows nodes are
+properly provisioned.
 
 ### A few other key features
 * Beta support for Group Managed Service Accounts

content/en/docs/setup/production-environment/windows/user-guide-windows-containers.md

@@ -22,7 +22,7 @@ Windows applications constitute a large portion of the services and applications
 
 ## Before you begin
 
-* Create a Kubernetes cluster that includes a [master and a worker node running Windows Server](../user-guide-windows-nodes)
+* Create a Kubernetes cluster that includes a [master and a worker node running Windows Server](/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes)
 * It is important to note that creating and deploying services and workloads on Kubernetes behaves in much the same way for Linux and Windows containers. [Kubectl commands](/docs/reference/kubectl/overview/) to interface with the cluster are identical. The example in the section below is provided simply to jumpstart your experience with Windows containers.
 
 ## Getting Started: Deploying a Windows container

content/en/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes.md

@@ -0,0 +1,169 @@
+---
+reviewers:
+- michmike
+- patricklang
+title: Adding Windows nodes
+min-kubernetes-server-version: 1.17
+content_template: templates/tutorial
+weight: 30
+---
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.18" state="beta" >}}
+
+You can use Kubernetes to run a mixture of Linux and Windows nodes, so you can mix Pods that run on Linux on with Pods that run on Windows. This page shows how to register Windows nodes to your cluster.
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}} {{< version-check >}}
+
+* Obtain a [Windows Server 2019 license](https://www.microsoft.com/en-us/cloud-platform/windows-server-pricing)
+(or higher) in order to configure the Windows node that hosts Windows containers.
+If you are using VXLAN/Overlay networking you must have also have [KB4489899](https://support.microsoft.com/help/4489899) installed.
+
+* A Linux-based Kubernetes kubeadm cluster in which you have access to the control plane (see [Creating a single control-plane cluster with kubeadm](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/)).
+
+{{% /capture %}}
+
+
+{{% capture objectives %}}
+
+* Register a Windows node to the cluster
+* Configure networking so Pods and Services on Linux and Windows can communicate with each other
+
+{{% /capture %}}
+
+
+{{% capture lessoncontent %}}
+
+## Getting Started: Adding a Windows Node to Your Cluster
+
+### Networking Configuration
+
+Once you have a Linux-based Kubernetes control-plane node you are ready to choose a networking solution. This guide illustrates using Flannel in VXLAN mode for simplicity.
+
+#### Configuring Flannel
+
+1. Prepare Kubernetes control plane for Flannel
+
+    Some minor preparation is recommended on the Kubernetes control plane in our cluster. It is recommended to enable bridged IPv4 traffic to iptables chains when using Flannel. This can be done using the following command:
+
+    ```bash
+    sudo sysctl net.bridge.bridge-nf-call-iptables=1
+    ```
+
+1. Download & configure Flannel for Linux
+
+    Download the most recent Flannel manifest:
+
+    ```bash
+    wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
+    ```
+
+    Modify the `net-conf.json` section of the flannel manifest in order to set the VNI to 4096 and the Port to 4789. It should look as follows:
+
+    ```json
+    net-conf.json: |
+        {
+          "Network": "10.244.0.0/16",
+          "Backend": {
+            "Type": "vxlan",
+            "VNI" : 4096,
+            "Port": 4789
+          }
+        }
+    ```
+
+    {{< note >}}The VNI must be set to 4096 and port 4789 for Flannel on Linux to interoperate with Flannel on Windows. See the [VXLAN documentation](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#vxlan).
+    for an explanation of these fields.{{< /note >}}
+
+    {{< note >}}To use L2Bridge/Host-gateway mode instead change the value of `Type` to `"host-gw"` and omit `VNI` and `Port`.{{< /note >}}
+
+1. Apply the Flannel manifest and validate
+
+    Let's apply the Flannel configuration:
+
+    ```bash
+    kubectl apply -f kube-flannel.yml
+    ```
+
+    After a few minutes, you should see all the pods as running if the Flannel pod network was deployed.
+
+    ```bash
+    kubectl get pods -n kube-system
+    ```
+
+    The output should include the Linux flannel DaemonSet as running:
+
+    ```
+    NAMESPACE     NAME                                      READY        STATUS    RESTARTS   AGE
+    ...
+    kube-system   kube-flannel-ds-54954                     1/1          Running   0          1m
+    ```
+
+1. Add Windows Flannel and kube-proxy DaemonSets
+
+    Now you can add Windows-compatible versions of Flannel and kube-proxy. In order
+    to ensure that you get a compatible version of kube-proxy, you'll need to substitute
+    the tag of the image. The following example shows usage for Kubernetes {{< param "fullversion" >}},
+    but you should adjust the version for your own deployment.
+
+    ```bash
+    curl -L https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/kube-proxy.yml | sed 's/VERSION/{{< param "fullversion" >}}/g' | kubectl apply -f -
+    kubectl apply -f https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/flannel-overlay.yml
+    ```
+
+    {{< note >}}
+    If you're using host-gateway use https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/flannel-host-gw.yml instead
+    {{< /note >}}
+
+### Joining a Windows worker node
+{{< note >}}
+You must install the `Containers` feature and install Docker. Instructions
+to do so are available at [Install Docker Engine - Enterprise on Windows Servers](https://docs.docker.com/ee/docker-ee/windows/docker-ee/#install-docker-engine---enterprise).
+{{< /note >}}
+
+{{< note >}}
+All code snippets in Windows sections are to be run in a PowerShell environment
+with elevated permissions (Administrator) on the Windows worker node.
+{{< /note >}}
+
+1. Install wins, kubelet, and kubeadm.
+
+   ```PowerShell
+   curl.exe -LO https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/PrepareNode.ps1
+   .\PrepareNode.ps1 -KubernetesVersion {{< param "fullversion" >}}
+   ```
+
+1. Run `kubeadm` to join the node
+
+    Use the command that was given to you when you ran `kubeadm init` on a control plane host.
+    If you no longer have this command, or the token has expired, you can run `kubeadm token create --print-join-command`
+    (on a control plane host) to generate a new token and join command.
+
+
+#### Verifying your installation
+You should now be able to view the Windows node in your cluster by running:
+
+```bash
+kubectl get nodes -o wide
+```
+
+If your new node is in the `NotReady` state it is likely because the flannel image is still downloading.
+You can check the progress as before by checking on the flannel pods in the `kube-system` namespace:
+
+```shell
+kubectl -n kube-system get pods -l app=flannel
+```
+
+Once the flannel Pod is running, your node should enter the `Ready` state and then be available to handle workloads.
+
+{{% /capture %}}
+
+{{% capture whatsnext %}}
+
+- [Upgrading Windows kubeadm nodes](/docs/tasks/administer-cluster/kubeadm/upgrading-windows-nodes)
+
+{{% /capture %}}

content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md

@@ -3,6 +3,7 @@ reviewers:
 - sig-cluster-lifecycle
 title: Certificate Management with kubeadm
 content_template: templates/task
+weight: 10
 ---
 
 {{% capture overview %}}

content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md

@@ -3,6 +3,7 @@ reviewers:
 - sig-cluster-lifecycle
 title: Upgrading kubeadm clusters
 content_template: templates/task
+weight: 20
 ---
 
 {{% capture overview %}}

content/en/docs/tasks/administer-cluster/kubeadm/upgrading-windows-nodes.md

@@ -0,0 +1,93 @@
+---
+title: Upgrading Windows nodes
+min-kubernetes-server-version: 1.17
+content_template: templates/task
+weight: 40
+---
+
+{{% capture overview %}}
+
+{{< feature-state for_k8s_version="v1.18" state="beta" >}}
+
+This page explains how to upgrade a Windows node [created with kubeadm](/docs/tasks/administer-cluster/kubeadm/adding-windows-nodes).
+
+{{% /capture %}}
+
+
+{{% capture prerequisites %}} 
+{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
+* Familiarize yourself with [the process for upgrading the rest of your kubeadm
+cluster](/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade). You will want to
+upgrade the control plane nodes before upgrading your Windows nodes.
+
+{{% /capture %}}
+
+
+{{% capture steps %}}
+
+## Upgrading worker nodes
+
+### Upgrade kubeadm
+
+1.  From the Windows node, upgrade kubeadm:
+
+    ```powershell
+    # replace {{< param "fullversion" >}} with your desired version
+    curl.exe -Lo C:\k\kubeadm.exe https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubeadm.exe
+    ```
+
+### Drain the node
+
+1.  From a machine with access to the Kubernetes API,
+    prepare the node for maintenance by marking it unschedulable and evicting the workloads:
+
+    ```shell
+    # replace <node-to-drain> with the name of your node you are draining
+    kubectl drain <node-to-drain> --ignore-daemonsets
+    ```
+
+    You should see output similar to this:
+
+    ```
+    node/ip-172-31-85-18 cordoned
+    node/ip-172-31-85-18 drained
+    ```
+
+### Upgrade the kubelet configuration
+
+1.  From the Windows node, call the following command to sync new kubelet configuration:
+
+    ```powershell
+    kubeadm upgrade node
+    ```
+
+### Upgrade kubelet
+
+1.  From the Windows node, upgrade and restart the kubelet:
+
+    ```powershell
+    stop-service kubelet
+    curl.exe -Lo C:\k\kubelet.exe https://dl.k8s.io/{{< param "fullversion" >}}/bin/windows/amd64/kubelet.exe
+    restart-service kubelet
+    ```
+
+### Uncordon the node
+
+1.  From a machine with access to the Kubernetes API,
+bring the node back online by marking it schedulable:
+
+    ```shell
+    # replace <node-to-drain> with the name of your node
+    kubectl uncordon <node-to-drain>
+    ```
+### Upgrade kube-proxy
+
+1. From a machine with access to the Kubernetes API, run the following,
+again replacing {{< param "fullversion" >}} with your desired version:
+
+    ```shell
+    curl -L https://github.com/kubernetes-sigs/sig-windows-tools/releases/latest/download/kube-proxy.yml | sed 's/VERSION/{{< param "fullversion" >}}/g' | kubectl apply -f -
+    ```
+
+
+{{% /capture %}}

static/_redirects

@@ -550,7 +550,8 @@ https://kubernetes-io-v1-7.netlify.com/*    https://v1-7.docs.kubernetes.io/:spl
 /docs/setup/on-premises-vm/dcos/     /docs/setup/production-environment/on-premises-vm/dcos/   301
 /docs/setup/on-premises-vm/ovirt/     /docs/setup/production-environment/on-premises-vm/ovirt/   301
 /docs/setup/windows/intro-windows-in-kubernetes/     /docs/setup/production-environment/windows/intro-windows-in-kubernetes/   301
-/docs/setup/windows/user-guide-windows-nodes/     /docs/setup/production-environment/windows/user-guide-windows-nodes/   301
+/docs/setup/windows/user-guide-windows-nodes/     /docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/   301
+/docs/setup/production-environment/windows/user-guide-windows-nodes/     /docs/tasks/administer-cluster/kubeadm/adding-windows-nodes/   301
 /docs/setup/windows/user-guide-windows-containers/     /docs/setup/production-environment/windows/user-guide-windows-containers/   301
 /docs/setup/multiple-zones/     /docs/setup/best-practices/multiple-zones/   301
 /docs/setup/cluster-large/     /docs/setup/best-practices/cluster-large/   301