The container runtime is software that is responsible for managing containers and container images on a Kubernetes node. containerd is a CNCF (Cloud Native Cloud Foundation) graduated container runtime. It supports Kubernetes natively, and is considered more resource efficient and secure than the Docker Engine for Kubernetes. Until Kubernetes 1.20, Docker Engine was the primary container runtime. However, Dockershim, the Docker Engine integration code in Kubernetes, was deprecated in Kubernetes 1.20, and has been removed in Kubernetes 1.24.
Going forward, you should use containerd in your clusters.
Support for containerd in an admin cluster
Anthos clusters on VMware uses containerd for all admin cluster nodes.
Support for containerd in a user cluster
Anthos clusters on VMware supports the following OS image types for user cluster nodes:
|OS image type||Container runtime|
|Docker Engine or containerd|
Using containerd on Windows nodes is a preview feature in version 1.10.
Restrictions and recommendations
Starting in version 1.13.0, Anthos clusters on VMware will no longer support the
ubuntuOS image type. All cluster nodes will use the containerd runtime.
You will not be able to upgrade a cluster that uses Docker Engine to version 1.13.
Starting in version 1.12.0, you will no longer be able to create new clusters that use the
ubuntuOS image type. That is, you will no longer be able to create new clusters that use the Docker Engine container runtime.
When you upgrade a user cluster from 1.11 to 1.12, you will be able to keep using the Docker Engine runtime in your 1.12 cluster. But we strongly recommend that you update your 1.11 cluster to use the containerd runtime before you upgrade to 1.12.
Determine which node pools are using Docker Engine
List the Ubuntu node pools that use Docker Engine:
kubectl --kubeconfig USER_CLUSTER_KUBECONFIG get onpremnodepools \ -o json -A | jq -r '.items |select(.spec.osImageType == "ubuntu")|.metadata.name'
Replace USER_CLUSTER_KUBECONFIG with the path of the user cluster kubeconfig file.
All Windows node pools in a user cluster use the same container runtime. The
runtime for Windows nodes is determined by the value of
enableWindowsDataplaneV2, which is a field in the user cluster
true, all Windows nodes in the user cluster
use containerd. If it is
false, all Windows nodes use Docker Engine.
Run the following command to determine which user clusters have
enableWindowsDataplaneV2 set to
false. This tells you which user clusters
are configured to use Docker Engine for Windows nodes.
kubectl --kubeconfig ADMIN_CLUSTER_KUBECONFIG get onpremuserclusters \ -A -o json | jq -r '.items |select(.spec.enableWindowsDataplaneV2 == false)|.metadata.name'
The output lists all user clusters that are configured to use Docker Engine for Windows nodes. For example:
Regardless of whether a user cluster has any Windows node pools, if the cluster
enableWindowsDataplaneV2 set to
false, you will not be able to upgrade
it to version 1.13.
Update node pools to use containerd
For each Linux node pool in the user cluster configuration file, set
nodePools - name: "my-node-pool" osImageType: "ubuntu_containerd"
Update the user cluster:
gkectl update cluster --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config USER_CLUSTER_CONFIG
Replace the following:
ADMIN_CLUSTER_KUBECONFIG: the path of the admin custer kubeconfig file
USER_CLUSTER_CONFIG: the path of the user cluster configuration file
Verson 1.10 of Anthos clusters on VMware does not support updating the container runtime for Windows nodes from Docker Engine to containerd.