You will see below error while attempting to create Custom ClusterClass for windows cluster. 

The ClusterClass in TKGm 2.5 and later versions has modified the variables. So, update the "cc-win-cacert-overlay.yaml"  file to add the value if it is missing.

• Add the following line to the "cc-win-cacert-overlay.yaml" file before the variables section: #@overlay/match missing_ok=True

Example:


#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")

#@overlay/match by=overlay.subset({"kind":"ClusterClass"}), expects="1+"
---
spec:
patches:
#@overlay/append
- name: windows-cacert
enabledIf: '{{ not (empty .caCertChain) }}'
definitions:
- selector:
apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
kind: KubeadmConfigTemplate
matchResources:
machineDeploymentClass:
names:
- tkg-worker-windows
jsonPatches:
- op: add
path: /spec/template/spec/files/-
valueFrom:
template: |
path: 'C:\k\rootca.pem'
content: |
{{ .caCertChain | indent 2 }}
- op: add
path: /spec/template/spec/files/-
value:
path: 'C:\k\addcert.ps1'
content: |
Import-Certificate -FilePath "c:\k\rootca.pem" -CertStoreLocation cert:\LocalMachine\Root
- op: add
path: /spec/template/spec/preKubeadmCommands/-
value: powershell c:/k/addcert.ps1 -ExecutionPolicy Bypass


#@overlay/match missing_ok=True          ---------------------------------------------------------------------------->  ADD THIS LINE 
variables:
#@overlay/append
- name: caCertChain
required: false
schema:
openAPIV3Schema:
type: string

• Run below command :

ytt -f tkg-vsphere-default-multios-ag-cc.yaml -f cc-win-cacert-overlay.yaml | kubectl apply -f -

• Confirm new Clusterclass shows up when running:

kubectl get cc

# Output should look like this:
# NAME                             AGE
# tkg-vsphere-default-multios-ag   51s