Using containerd for the container runtime

The container runtime is software that is responsible for managing containers and container images on a Kubernetes node. containerd is a CNCF (Cloud Native Cloud Foundation) graduated container runtime. It supports Kubernetes natively, and is considered more resource efficient and secure than the Docker Engine for Kubernetes. Until Kubernetes 1.20, Docker Engine was the primary container runtime. However, Dockershim, the Docker Engine integration code in Kubernetes, was deprecated in Kubernetes 1.20, and has been removed in Kubernetes 1.24.

Going forward, you should use containerd in your clusters.

Support for containerd in an admin cluster

Anthos clusters on VMware uses containerd for all admin cluster nodes.

Support for containerd in a user cluster

Anthos clusters on VMware supports the following OS image types for user cluster nodes:

OS image typeContainer runtime
ubuntuDocker Engine
ubuntu_containerdcontainerd
coscontainerd
windowsDocker Engine or containerd

Using containerd on Windows nodes is a preview feature in version 1.10.

Restrictions and recommendations

  • Starting in version 1.13.0, Anthos clusters on VMware will no longer support the ubuntu OS image type. All cluster nodes will use the containerd runtime.

  • You will not be able to upgrade a cluster that uses Docker Engine to version 1.13.

  • Starting in version 1.12.0, you will no longer be able to create new clusters that use the ubuntu OS image type. That is, you will no longer be able to create new clusters that use the Docker Engine container runtime.

  • When you upgrade a user cluster from 1.11 to 1.12, you will be able to keep using the Docker Engine runtime in your 1.12 cluster. But we strongly recommend that you update your 1.11 cluster to use the containerd runtime before you upgrade to 1.12.

Determine which node pools are using Docker Engine

Ubuntu

List the Ubuntu node pools that use Docker Engine:

kubectl --kubeconfig USER_CLUSTER_KUBECONFIG get onpremnodepools \
    -o json -A | jq -r '.items[] |select(.spec.osImageType == "ubuntu")|.metadata.name'

Replace USER_CLUSTER_KUBECONFIG with the path of the user cluster kubeconfig file.

Example output:

ubuntu-node-pool-1
ubuntu-node-pool-3

Windows

All Windows node pools in a user cluster use the same container runtime. The runtime for Windows nodes is determined by the value of enableWindowsDataplaneV2, which is a field in the user cluster configuration'file.

If enableWindowsDataplaneV2 is true, all Windows nodes in the user cluster use containerd. If it is false, all Windows nodes use Docker Engine.

Run the following command to determine which user clusters have enableWindowsDataplaneV2 set to false. This tells you which user clusters are configured to use Docker Engine for Windows nodes.

kubectl --kubeconfig ADMIN_CLUSTER_KUBECONFIG get onpremuserclusters \
    -A -o json | jq -r '.items[] |select(.spec.enableWindowsDataplaneV2 == false)|.metadata.name'

The output lists all user clusters that are configured to use Docker Engine for Windows nodes. For example:

user-cluster-1

Regardless of whether a user cluster has any Windows node pools, if the cluster has enableWindowsDataplaneV2 set to false, you will not be able to upgrade it to version 1.13.

Update node pools to use containerd

For each Linux node pool in the user cluster configuration file, set osImageType ubuntu_containerd or cos.

Example:

nodePools
- name: "my-node-pool"
  osImageType: "ubuntu_containerd"

Update the user cluster:

gkectl update cluster --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config USER_CLUSTER_CONFIG

Replace the following:

  • ADMIN_CLUSTER_KUBECONFIG: the path of the admin custer kubeconfig file

  • USER_CLUSTER_CONFIG: the path of the user cluster configuration file

Windows

Verson 1.10 of Anthos clusters on VMware does not support updating the container runtime for Windows nodes from Docker Engine to containerd.