Using containerd for the container runtime

The container runtime is software that is responsible for managing containers and container images on a Kubernetes node. containerd is a CNCF (Cloud Native Cloud Foundation) graduated container runtime. It supports Kubernetes natively, and is considered more resource efficient and secure than the Docker Engine for Kubernetes. Until Kubernetes 1.20, Docker Engine was the primary container runtime. However, Dockershim, the Docker Engine integration code in Kubernetes, was deprecated in Kubernetes 1.20, and has been removed in Kubernetes 1.24.

Going forward, you should use containerd in your clusters.

Support for containerd in an admin cluster

Google Distributed Cloud uses containerd for all admin cluster nodes.

Support for containerd in a user cluster

Google Distributed Cloud supports the following OS image types for user cluster nodes:

OS image typeContainer runtime
ubuntuDocker Engine
ubuntu_containerdcontainerd
coscontainerd
windowsDocker Engine or containerd

Restrictions and recommendations

  • Starting in version 1.13.0, Google Distributed Cloud will no longer support the ubuntu OS image type. All cluster nodes will use the containerd runtime.

  • You will not be able to upgrade a cluster that uses Docker Engine to version 1.13.

  • Starting in version 1.12.0, you can no longer create new clusters that use the ubuntu OS image type. That is, you can no longer create new clusters that use the Docker Engine container runtime.

  • If you upgrade a user cluster from 1.11 to 1.12, you can continue using the Docker Engine runtime in your 1.12 cluster. But we strongly recommend that you update your 1.11 cluster to use the containerd runtime before you upgrade to 1.12.

Determine which node pools are using Docker Engine

Ubuntu

List the Ubuntu node pools that use Docker Engine:

kubectl --kubeconfig USER_CLUSTER_KUBECONFIG get onpremnodepools \
    -o json -A | jq -r '.items[] |select(.spec.osImageType == "ubuntu")|.metadata.name'

Replace USER_CLUSTER_KUBECONFIG with the path of the user cluster kubeconfig file.

Example output:

ubuntu-node-pool-1
ubuntu-node-pool-3

Windows

All Windows node pools in a user cluster use the same container runtime. The runtime for Windows nodes is determined by the value of enableWindowsDataplaneV2, which is a field in the user cluster configuration'file.

If enableWindowsDataplaneV2 is true, all Windows nodes in the user cluster use containerd. If it is false, all Windows nodes use Docker Engine.

Run the following command to determine which user clusters have enableWindowsDataplaneV2 set to false. This tells you which user clusters are configured to use Docker Engine for Windows nodes.

kubectl --kubeconfig ADMIN_CLUSTER_KUBECONFIG get onpremuserclusters \
    -A -o json | jq -r '.items[] |select(.spec.enableWindowsDataplaneV2 == false)|.metadata.name'

The output lists all user clusters that are configured to use Docker Engine for Windows nodes. For example:

user-cluster-1

Regardless of whether a user cluster has any Windows node pools, if the cluster has enableWindowsDataplaneV2 set to false, you will not be able to upgrade it to version 1.13.

Update Linux node pools to use containerd

For each node pool in the user cluster configuration file, set osImageType ubuntu_containerd or cos.

Example:

nodePools
- name: "my-node-pool"
  osImageType: "ubuntu_containerd"

Update the user cluster:

gkectl update cluster --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config USER_CLUSTER_CONFIG

Replace the following:

  • ADMIN_CLUSTER_KUBECONFIG: the path of the admin custer kubeconfig file

  • USER_CLUSTER_CONFIG: the path of the user cluster configuration file

Update Windows nodes to use containerd

In the user cluster configuration file, set enableWindowsDataplaneV2 to true.

enableWindowsDataplaneV2: true

Update the user cluster:

gkectl update cluster --kubeconfig ADMIN_CLUSTER_KUBECONFIG --config USER_CLUSTER_CONFIG

The preceding command sets the container runtime to containerd for all Windows nodes in the cluster.