Using containerd for the container runtime

The container runtime is software that is responsible for managing containers and container images on a Kubernetes node. Containerd is a CNCF (Cloud Native Cloud Foundation) graduated container runtime. It supports Kubernetes natively, and is considered more resource efficient and secure than the Docker Engine for Kubernetes. Until Kubernetes 1.20, Docker Engine was the primary container runtime. However, Dockershim, the Docker Engine integration code in Kubernetes, was deprecated in Kubernetes 1.20, and will be removed in Kubernetes 1.24. Thus, GKE on VMware users should plan to use containerd for their container runtime as soon as possible.

Support for Containerd in GKE on VMware admin cluster nodes

In GKE on VMware 1.8, the admin cluster uses containerd on all nodes: the admin master node, admin addon nodes and user master nodes. This applies to both new admin clusters and existing admin clusters upgraded from 1.7.x.

Support for Containerd in GKE on VMware user cluster nodes

GKE on VMware 1.8 introduces a new ubuntu_containerd OS image type. The ubuntu_containerd OS image type uses the identical OS image as ubuntu, but the node is configured to use containerd as the container runtime instead of Docker Engine.

In version 1.8, the ubuntu_containerd OS image type is used for a new node pool by default if osImageType if not specified. However, if you upgrade an existing node pool from v1.7.x, the node pools will continue to use the Docker Engine after the upgrade.

If you want to continue using the Docker Engine for a new node pool, starting with version 1.8, you must explicitly specify ubuntu as the osImageType. As Docker Engine support will be removed in Kubernetes 1.24, you should plan to convert your node pools to use the ubuntu_containerd OS image type.

Update osImageType used by a node pool

See Update the osImageType of a node pool.

Migration from Docker Engine to containerd

These resources provide general information about migrating from Docker Engine to containerd.

Checking the node image type

You can check which image type is used for existing nodes.

To check with kubectl:

kubectl get nodes -o wide --kubeconfig ADMIN_CLUSTER_KUBECONFIG

where:

  • ADMIN_CLUSTER_KUBECONFIG is the path of the kubeconfig file for your admin cluster.

The output is similar to the following:

NAME ...  OS-IMAGE ...         CONTAINER-RUNTIME
node-1    Ubuntu 18.04.5 LTS   containerd://1.4.3
node-2    Ubuntu 18.04.5 LTS   containerd://1.4.3
node-3    Ubuntu 18.04.5 LTS   containerd://1.4.3

The column CONTAINER-RUNTIME outputs the runtime and its version.

To check within the node, run:

sudo crictl version

The output is similar to the following:

Version:  0.1.0
RuntimeName:  containerd
RuntimeVersion:  1.4.3-0ubuntu0~18.04.1
RuntimeApiVersion:  v1alpha2