Edit

Purpose: For operators, shows how to rejoin a Windows worker node when ContainerD is already installed but the node needs to re-register with the cluster.

Task summary

When a Windows node loses its cluster membership (expired certificates, cluster rebuild, manual reset), you can skip the ContainerD installation and run only the win-kubeadm role with the join tag.

Prerequisites

  • ContainerD is installed and running on the Windows node

  • The control plane is accessible and healthy

  • The previous node object has been deleted from the cluster (if it still exists)

Steps

  1. If the old node object still exists, remove it from the control plane:

kubectl delete node <windows-node-name>

  1. On the Windows node, reset the previous kubeadm state:

C:\k\kubeadm.exe reset -f --cri-socket "npipe:////./pipe/containerd-containerd"

  1. Run the playbook with only the join tag:

ansible-playbook -i inventory.ini windows-workers.yml --tags join

This skips ContainerD installation, binary downloads, and service configuration. It generates a fresh join token on the control plane and executes kubeadm join on the Windows node.

Verification

kubectl get nodes -o wide

The Windows node should appear with status Ready within a minute.

Troubleshooting

If the join fails with a "port 10250 already in use" error, stop the kubelet service first:

Stop-Service kubelet

Then re-run the playbook with --tags join.