Deploy a Linux workload to a target cluster

After you have migrated a workload from your source platform, you can use the deployment artifacts generated by that process to deploy the migrated workload container to another cluster.

Skaffold cab handle the workflow for building, pushing and deploying your application. For more information, see Build and deploy multiple images using Skaffold.

Before you begin

Before deploying your workload, you should have first:

• Migrated the workload using Migrate to Containers tools.
• Reviewed the generate deployment files.

• Before you run your migrated workloads, you must install migctl with runtime support for Container-Optimized OS nodes on your cluster:

  migctl setup install --runtime

Deploy workloads on the processing cluster

You can deploy the migrated workload on the same cluster as you used to perform the migration, referred to as the Migrate to Containers processing cluster. In most situations you do not have to perform any additional configuration on the processing cluster because the cluster already requires read/write access to the Docker registry to perform a migration.

Deploy on a target cluster using GCR as the Docker registry

To ensure that a target cluster has access to the Google Container Registry (GCR), create a Kubernetes secret that contains the credentials required to access GCR:

1. Create a service account for deploying a migration as described in Creating a service account for accessing Container Registry and Cloud Storage.

   This process has you download a JSON key file named m4a-install.json.

2. Create a Kubernetes secret that contains the credentials required to access GCR:

   kubectl create secret docker-registry gcr-json-key \
    --docker-server=gcr.io --docker-username=_json_key --docker-password="$(cat ~/m4a-install.json)" \
    --docker-email=account@project.iam.gserviceaccount.com

   where:

   • docker-registry specifies the name of the Kubernetes secret, gcr-json-key in this example.
   • docker-server=gcr.io specifies GCR as the server.
   • docker-username=_json_key specifies that the username is contained in the JSON key file.
   • docker-password specifies to use a password from the JSON key file.
   • docker-email specifies the email address of the service account.

3. Set the Kubernetes secret by either:

   • Changing the default imagePullSecrets value:

     kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'

   • Editing the deployment_spec.yaml file to add the imagePullSecrets value to the spec.template.spec definition, as shown below:

     spec:
       containers:
       - image: gcr.io/PROJECT_ID/mycontainer-instance:v1.0.0
         name: mycontainer-instance
         ...
       volumes:
       - hostPath:
           path: /sys/fs/cgroup
           type: Directory
         name: cgroups
       imagePullSecrets:
       - name: gcr-json-key

Deploy on a target cluster using a Docker registry with basic authentication

If you use a Docker registry to store for migration images, then the registry must support basic authentication using a username and password. Because there are many ways to configure a read-only connection to a Docker registry, you should use the method appropriate for your cluster platform and Docker registry.

Apply generated deployment YAML file

Use kubectl to apply the deployment spec to your target cluster, such as a production cluster.

Delete a migration

After you validate and test the migrated workload to ensure that it is functioning correctly, you should delete the migration. Deleting the migration frees up any resources used by the migration.

What's next