(DEPRECATED) Deploy Kubernetes cluster for Windows containers


The Azure Container Service (ACS) is being deprecated. No new features or functionality are being added to ACS. All of the APIs, portal experience, CLI commands and documentation are marked as deprecated.

In 2017, we introduced Azure Kubernetes Service (AKS) for simplifying Kubernetes management, deployment, and operations. If you use the Kubernetes orchestrator, please migrate to AKS by January 31, 2020. To get started, see migrate to Azure Kubernetes Service.

For more information, see the Azure Container Service deprecation announcement on Azure.com.

The Azure CLI is used to create and manage Azure resources from the command line or in scripts. This guide details using the Azure CLI to deploy a Kubernetes cluster in Azure Container Service. Once the cluster is deployed, you connect to it with the Kubernetes kubectl command-line tool, and you deploy your first Windows container.

If you don't have an Azure subscription, create a free account before you begin.

Use Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.

To start Azure Cloud Shell:

Option Example/Link
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell. Example of Try It for Azure Cloud Shell
Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. Launch Cloud Shell in a new window
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. Cloud Shell button in the Azure portal

To run the code in this article in Azure Cloud Shell:

  1. Start Cloud Shell.

  2. Select the Copy button on a code block to copy the code.

  3. Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.

  4. Select Enter to run the code.

If you choose to install and use the CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.4 or later. Run az --version to find the version. If you need to install or upgrade, see Install the Azure CLI.


Support for Windows containers on Kubernetes in Azure Container Service is in preview.

Create a resource group

Create a resource group with the az group create command. An Azure resource group is a logical group in which Azure resources are deployed and managed.

The following example creates a resource group named myResourceGroup in the eastus location.

az group create --name myResourceGroup --location eastus

Create Kubernetes cluster

Create a Kubernetes cluster in Azure Container Service with the az acs create command.

The following example creates a cluster named myK8sCluster with one Linux master node and two Windows agent nodes. This example creates SSH keys needed to connect to the Linux master. This example uses azureuser for an administrative user name and myPassword12 as the password on the Windows nodes. Update these values to something appropriate to your environment.

az acs create --orchestrator-type=kubernetes \
    --resource-group myResourceGroup \
    --name=myK8sCluster \
    --agent-count=2 \
    --generate-ssh-keys \
    --windows --admin-username azureuser \
    --admin-password myPassword12

After several minutes, the command completes, and shows you information about your deployment.

Install kubectl

To connect to the Kubernetes cluster from your client computer, use kubectl, the Kubernetes command-line client.

If you're using Azure CloudShell, kubectl is already installed. If you want to install it locally, you can use the az acs kubernetes install-cli command.

The following Azure CLI example installs kubectl to your system. On Windows, run this command as an administrator.

az acs kubernetes install-cli

Connect with kubectl

To configure kubectl to connect to your Kubernetes cluster, run the az acs kubernetes get-credentials command. The following example downloads the cluster configuration for your Kubernetes cluster.

az acs kubernetes get-credentials --resource-group=myResourceGroup --name=myK8sCluster

To verify the connection to your cluster from your machine, try running:

kubectl get nodes

kubectl lists the master and agent nodes.

NAME                    STATUS                     AGE       VERSION
k8s-agent-98dc3136-0    Ready                      5m        v1.5.3
k8s-agent-98dc3136-1    Ready                      5m        v1.5.3
k8s-master-98dc3136-0   Ready,SchedulingDisabled   5m        v1.5.3

Deploy a Windows IIS container

You can run a Docker container inside a Kubernetes pod, which contains one or more containers.

This basic example uses a JSON file to specify a Microsoft Internet Information Server (IIS) container, and then creates the pod using the kubctl apply command.

Create a local file named iis.json and copy the following text. This file tells Kubernetes to run IIS on Windows Server 2016 Nano Server, using a public container image from Docker Hub. The container uses port 80, but initially is only accessible within the cluster network.

 "apiVersion": "v1",
 "kind": "Pod",
 "metadata": {
   "name": "iis",
   "labels": {
     "name": "iis"
 "spec": {
   "containers": [
       "name": "iis",
       "image": "microsoft/iis:nanoserver",
       "ports": [
         "containerPort": 80
   "nodeSelector": {
    "beta.kubernetes.io/os": "windows"

To start the pod, type:

kubectl apply -f iis.json

To track the deployment, type:

kubectl get pods

While the pod is deploying, the status is ContainerCreating. It can take a few minutes for the container to enter the Running state.

iis      1/1          Running       0           32s

View the IIS welcome page

To expose the pod to the world with a public IP address, type the following command:

kubectl expose pods iis --port=80 --type=LoadBalancer

With this command, Kubernetes creates a service and an Azure load balancer rule with a public IP address for the service.

Run the following command to see the status of the service.

kubectl get svc

Initially the IP address appears as pending. After a few minutes, the external IP address of the iis pod is set:

NAME         CLUSTER-IP     EXTERNAL-IP     PORT(S)        AGE       
kubernetes       <none>          443/TCP        21h       
iis   80/TCP         22m

You can use a web browser of your choice to see the default IIS welcome page at the external IP address:

Image of browsing to IIS

Delete cluster

When the cluster is no longer needed, you can use the az group delete command to remove the resource group, container service, and all related resources.

az group delete --name myResourceGroup

Next steps

In this quick start, you deployed a Kubernetes cluster, connected with kubectl, and deployed a pod with an IIS container. To learn more about Azure Container Service, continue to the Kubernetes tutorial.