You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
May 06, 2024
The Migrate to Containers UI in the Google Cloud console, migctl
, and CRDs that used processing clusters to migrate workloads to Google Cloud are no longer available.
To perform migrations, use the Migrate to Containers CLI on your local machine. For more information, see Migrate to Containers overview.
If you have any questions or require additional support, then reach out to m2c-external-feedback@google.com.
January 03, 2024
The Migrate to Containers UI in the Google Cloud console, migctl
, and CRDs that use processing clusters to migrate workloads to Google Cloud are now deprecated. They are supported for existing users until May 2024, after which they will no longer be available. If you're new to Migrate to Containers, then use the Migrate to Containers CLI to perform migrations on your local machine. For more information, see Migrate to Containers CLI architecture.
November 29, 2023
On November 29, 2023 we released version 1.4.0 of the Migrate to Containers modernization plugins.
Learn how to Upgrade Migrate to Containers plugins.
The following changes have been made to the migration plan format for Tomcat workloads:
A new field
baseImage
of typeobject
has been added that lets you do the following:Specify the Docker community image or provide your own Docker image to use as the base image for the migration using the
baseImage.name
property of typestring
.Specify a custom Tomcat installation path using the
baseImage.catalinaHome
property of typestring
.
The
fromImage
field of typestring
has been replaced by thebaseImage.name
property.Two new fields
userName
andgroupName
of typestring
have been added that let you specify a custom user and group under which you want the application to run.
Support for IBM WebSphere Application Server migrations has been enhanced. The websphere-container
plugin now supports WebSphere Application Server traditional as a source and as a target.
The websphere-traditional
plugin is now deprecated. For
existing customers, it is still supported till December 2023, after which it
will no longer be available. If you're new to WebSphere workload modernization,
then use the websphere-container
plugin with the Migrate to Containers CLI instead.
October 30, 2023
On October 30, 2023 we released version 1.3.1 of the Migrate to Containers modernization plugins.
Learn how to Upgrade Migrate to Containers plugins.
The plugins for migrating Apache, JBoss, WordPress, and IBM WebSphere traditional applications to containers are now generally available. These plugins provide a streamlined and simplified experience for migrating applications based on these frameworks.
August 22, 2023
On August 22, 2023 we released version 1.3.0 of the Migrate to Containers modernization plugins.
Learn how to Upgrade Migrate to Containers plugins.
The following changes have been made to the IBM WebSphere Application Server migration:
Renamed the plugin from
websphere-container
towebsphere-traditional-container
. This plugin now supports WebSphere Application Server Traditional as a migration source.Added support for WebSphere Application Server Liberty as a target.
The
was-home
parameter is now mandatory.
The following changes have been made to the discovery parameters for the Tomcat plugin:
- The
java-version
parameter is now added as input to Tomcat migrations. - The
catalina-base
parameter can now include multiple directories delimited with colons (:
). - The
java-version
,catalina-base
andcatalina-home
parameters are now mandatory.
Linux system service endpoints are no longer automatically discovered and must be manually specified while customizing the Linux migration plan.
June 27, 2023
On June 27, 2023 we released version 1.2.0 of the Migrate to Containers modernization plugins.
Learn how to Upgrade Migrate to Containers plugins.
The following issues were fixed:
- Unsupported Apache module caused the migration to get stuck in the generate artifacts phase.
- Duplicate migration warnings appeared for JBoss Wildfly workloads.
- Duplicate
sensitiveDataPath
entries found in JBoss Wildfly migration plan.
May 22, 2023
On May 22, 2023 we released Migrate to Containers 1.15.0.
The use of migration sources based on Migrate to Virtual Machines v4 is no longer supported.
To migrate application components from VMs running on VMWare clusters, you can use Migrate to Virtual Machines v5 integration. For more information, see Adding Migrate to Virtual Machines as a migration source.
To migrate application components from AWS or Azure use Migrate to Virtual Machines v5 to migrate VMs to Compute Engine, and then use Migrate to Containers to perform a migration from the created Compute Engine instance. For more information, see the Migrate to Virtual Machines version 5.0 documentation.
In-place processing on Anthos on AWS is no longer supported. You cannot install new versions of Migrate to Containers on Anthos on AWS clusters. To migrate application components of VMs on AWS, you can migrate VMs from AWS to Compute Engine using Migrate to Virtual Machines v5, and then use Migrate to Containers to perform a migration from the created Compute Engine instance. For more information, see the Migrate to Virtual Machines version 5.0 documentation.
In-place processing on Anthos on VMware is no longer supported. You cannot install new versions of Migrate to Containers on Anthos on VMWare clusters. Instead, you can migrate application components to GKE or Anthos clusters on bare metal using Migrate to Virtual Machines v5 or the local VMWare source respectively.
The legacy Linux runtime is now deprecated. The generated migration plan now uses the enhanced Linux runtime by default. You can choose to use the legacy Linux runtime, which is planned to be supported until August 2023, by setting the value of the v2kServiceManager
flag in the migration plan to false.
To see how to convert existing migrations to the new Linux runtime, see Upgrade container workloads for enhanced runtime.
If you have migrated applications using the legacy runtime, you can install the legacy runtime support using the following command:
migctl setup install --runtime
For more information, see Before you begin deploying a Linux workload to a target cluster.
Enhanced the Windows features filtering to only allow features supported by Windows Docker images to work.
March 28, 2023
On March 27, 2023 we released version 1.1.0 of the Migrate to Containers modernization plugins.
Learn how to Upgrade Migrate to Containers plugins.
Preview: Added support for refactoring WordPress Servers running on Apache2 Linux to containers, which lets you deploy WordPress sites as containers on GKE, GKE Autopilot clusters, Anthos clusters, and Cloud Run.
For more information, see Migrate a WordPress site.
Introduced the following features for JBoss migration:
- Support for JBoss versions has been extended and Migrate to Containers now supports migration of JBoss EAP versions 7.0 - 7.4 to equivalent Wildfly community based container images, besides migrations of Wildfly versions 8.1.0 - 26.1.1.
- Secrets are now automatically created from extracted security realms configuration and key-stores. This new feature fixes potential security risks and lets you update secrets without having to recreate images.
- The
targetImageHome
property has been added to the migration plan to allow users to specify an alternative container image with a differentJBOSS_HOME
location. - The
ExcludeFiles
property has been added to the migration plan, which lets you explicitly exclude files and directories from the container image. - The data migration feature now automates the creation and mounting of a Persistent Volume Claim (PVC) for the
$JBOSS_HOME/standalone/data
directory. This directory is available for use by services that require storing content in the file system.
Filtering out files located at /tmp
when discovering Tomcat application dependencies.
Docker images may contain broken symlinks. Ensure that the tar archive artifacts added to dockerfile don't contain symlinks that don't resolve to another file in the archive. If they do, either retrieve the files from the source VM and add them to the dockerfile manually, or replace the symlinks in the source VM and perform extraction again.
March 20, 2023
On March 20, 2023 we released Migrate to Containers 1.14.1.
Migrate to Containers now supports Workforce identity federation.
Documentation restructured to provide better visibility of high-level tasks.
Using Anthos for VMware processing clusters for containerisation of VMware sources is now deprecated and is planned to be supported till July 2023.
The following issues were fixed:
migctl setup uninstall failure - source snapshot is not deleted
. This is happening when the corresponding source provider was already deleted.- Starting a migration from the UI page "Sources & Candidates" might get stuck on a "retrying" step.
The following are open issues:
migctl migration status
sometimes prints an error message before the migration table. This message does not indicate a concrete problem and can be ignored.- The UI fails when performing "Processing Cluster Add" having Resource Location Org Policy. To overcome that the processing cluster installation should be done using migctl and the target region should be provided using
--gcp-region
. - Creation of multiple source providers at the same time might cause timeouts. If this happens, delete and recreate source provider objects that failed to be created.
- Replicated VM deletion might hang depending on other object deletion. To prevent this from happening, delete the Migrate to Virtual Machines (M2VM) source after deleting the corresponding Migration objects. Otherwise, if this happens, delete the M2VM replications manually.
- Generated Kubernetes deployment specifications might contain invalid (non-DNS1123 compliant) container names when such names appear in the source VM. To prevent this from happening, go over the migration plan before generating artifacts and change the names to be DNS1123 compliant.
December 06, 2022
On Dec 6, 2022 we released Migrate to Containers 1.14.0.
Support for refactoring applications running on JBoss Enterprise Application Platform or WildFly application platform to containers, which lets you deploy the application as containers on GKE, GKE Autopilot clusters, Anthos clusters, and Cloud Run, released for Public Preview. See Migrate JBoss Servers.
Support for refactoring Apache 2 Linux based applications to containers, which lets you deploy Apache 2 application components as containers on GKE, GKE Autopilot clusters, Anthos clusters, and Cloud Run, released for Public Preview. See Migrate Apache 2 Servers.
Enhanced control on the verbosity of backend logs. You can now use the migctl logging set-verbosity <verbosity>
command, where verbosity 0
corresponds to info logs only and verbosity 1
shows debug logs. See migctl reference.
Containerization from AWS and Azure sources and local processing in AWS cluster are now deprecated and planned to be supported until April 2023.
The following issues were fixed:
- Windows IIS modernization - In case IIS files are not accessible to BUILTIN/Administrators, the discovery phase of IIS modernization will fail.
- Support migration of Windows IIS sites where Administrator user has no permissions to access the IIS configuration files.
- On Linux migrations, if the migration plan YAML is missing the Image section, the task will fail with a panic instead of an indicative message.
The following are open issues:
- migctl migration status sometimes prints an error message before the migration table. This message does not indicate a concrete problem and can be ignored.
- UI fails when performing "Processing Cluster Add" having Resource Location Org Policy. To overcome that, the processing cluster installation should be done using migctl and the target region should be provided using
--gcp-region
. - Two migrations from different M2VM sources on the same VM can affect each other. When using M2VM sources, users should avoid creating multiple Migration objects from different sources at the same time for the same VM.
- Creation of multiple source providers at the same time may cause timeouts. If this happens users should delete and recreate source provider objects that failed to be created.
- Replicated VM deletion can hang depending on other object deletion. To prevent this from happening users should delete M2VM source after deleting the corresponding Migration objects. Otherwise, if this happens users should delete the M2VM replications manually.
- migctl setup uninstall failure - source snapshot is not deleted. This is happening when the corresponding source provider was already deleted. If this happens users should recreate the corresponding source provider and after migrations are removed to proceed with uninstalling.
- Starting a migration from the UI page "Sources & Candidates" might get stuck on a "retrying" step. If this happens users should create a Migration using the VM name as input.
September 20, 2022
Support for refactoring Tomcat applications to containers, which lets you deploy Tomcat application components as containers on GKE, GKE Autopilot clusters, Anthos clusters and Cloud Run, has moved from the Public Preview stage to General Availability.
Added Kubevirt UEFI support. Virtual machines with UEFI firmware can now be migrated without user interaction. Migrations to Anthos VM Runtime that previously failed due to this limitation will need to be recreated.
Windows IIS Application modernization:
Added support for Windows services. This allows you to specify Windows services that should be part of the migrated Windows IIS application. With this new capability you can migrate Windows IIS applications that are dependent on other windows services.
Added support for generation of Kubernetes health probes. Health probe monitoring can help reduce the downtime of your application and provide better service monitoring. Migrate for Containers creates the required probes section in the deployment YAML. The Windows IIS health probes are enabled by default and can be disabled or modified while customizing the migration plan.
Added support for automated COM object registration. Windows DLLs that contain COM objects are copied to the target image and are automatically registered as a COM object.
New progress indication to Migrate to Containers CLI tool - Running migctl migration status
displays the progress of snapshot creation stage, upload progress of generate artifact stage, and for Linux migration, the progress of packing the image file.
Added periodic health checks for migration sources to assure migration source availability and health. Migrate for Containers periodically checks the status of the source providers to reflect potential problems such as missing service accounts or lack of permissions. This enhancement helps ensure smooth operation and alerts you of failure cases.
The following issues were fixed:
Removed support for Windows SAC images following Microsoft announcement concerning Windows Server Semi-Annual Channel end of servicing.
Propagate discovery failures into the migration status.
Don't show the warning
skipping setup of default image and artifact repositories because either --json-key, --gcp-project or --gcp-region weren't specified
when all parameters are given on Anthos on Bare Metal installations.The v2k-websphere image is now up-to-date (the promoted one).
Separated the logic of creating a source and validating its status. When creating an unhealthy source, the create command would succeed with an indication that there is a problem in the source.
The following are open issues:
If IIS files are not accessible to BUILTIN/Administrators, the discovery phase of IIS modernization will fail.
Support migration of Windows IIS sites where Administrator user has no permissions to access the IIS configuration files.
On Linux migrations, if the migration plan YAML is missing the Image section, the task will fail with a panic instead of an indicative message.
On Migrate for Compute Engine, source creation can fail because it's unable to find a secret caused by a race issue of the reconciler and the secret creation. Workaround: reconciler should be updated of the new secret after a few minutes.
Error: Source mysrc was created with an error: Secret <some_secret> not found
On Tomcat, if path X is defined on excludeFiles, and its ancestor directory is defined on additionalFIles, we will migrate X instead of excluding it.
When using Migrate for Compute Engine 5 as a migration source, if two Migrate To Container sources were created referring to the same Migrate for Compute Engine source, migrations created from both sources may interfere with each other. Workaround: delete one of the sources.
July 26, 2022
Modernize VMs to run Anthos for VMs (A4VM)
Migrate to Containers has added a new modernization feature, which enables traditional VMs to run on Anthos for VMs. Anthos for VMs extends Anthos on bare metal (now known as Google Distributed Cloud Virtual) to let you run and manage containers and VMs on a unified, Google Cloud-connected platform in your data center or at the edge. For more information on this feature, see About Anthos for VMs.
Support for local-ovf sources
Migrate to Containers has added support for creating Anthos VM runtimes from local OVF files. This enables users to modernize VMs to the Anthos VM Runtime by importing their OVF file into their local Anthos bare metal cluster using Migrate to Containers.
Improved migration flow and task APIs
A new structured method for generalizing the Migrate to Containers containerization process is available. The new structure provides more flexibility and more granular control of the automated containerization process. The new structure enables users to customize the process and enables support for additional software framework modernization. The following containerization tasks elements are available:
- AppXGenerateArtifactsTask
- AppXGenerateArtifactsFlow
The following migration types are now deprecated and planned to be removed in version 1.13. The corresponding AppX objects and parameters can be used to perform migration for these workload types:
system
- Legacy linux migrationsiis
- Legacy windows IIS migrations
The following APIs (CRDs) have been deprecated since version 1.11 and are planned to be removed in version 1.13:
June 21, 2022
Inventory retrieval for Local VMWare, Google Compute Engine, and Migrate for Compute Engine v5 source providers
A VM inventory is now available for local VMWare, Google Computer Engine, and Migrate 4 Computer Engine v5 source providers and is accessible through both Cloud Console and migctl
. Using this feature, the list of candidate VMs for migration can be viewed for a given source, including the VM ID required to start a new migration.
To access the inventory through Cloud Console: go to your sources page, and select a source from the dropdown.
To access the inventory through migctl run the
migctl source list-vms <my-source>
command.
Tomcat health probes
Tomcat deployments will use Kubernetes readiness and liveness probes by default. Users can disable or modify those probes while editing the migration plan. Use health probes to provide better pod management and reduce down time during scaling and rolling updates. To learn more about the available probes, see Set Tomcat health probes.
Linux Service Manager health probes
Linux Service Manager deployments will use Kubernetes readiness and liveness probes by default. Users can select which services are probed while editing the migration plan. Use health probes to provide better pod management and reduce down time during scaling and rolling updates. To learn more about the available probes, see Set Linux v2kServiceManager health probes.
Migration fit assessment
Migrate to Containers offers a fit assessment tool that runs on a VM workload to determine the workload's fit for migration to a container. To learn more about the tool see, Using the fit assessment tool.
Windows features
The following functions were added to the Windows IIS migration flow:
- MSVC Runtime support - The migration flow will discover Microsoft Visual C++ runtime libraries installed on the source VM and will allow installing these runtimes on the migrated container.
- PATH environment variable extraction - The migration flow will discover additional PATH variable entries and will add them to the PATH variable in the migrated container.
Wrong default value was set for serverautostart in Windows IIS migration. sites were not started in some cases.
migctl
fails to get artifacts getting EOF from storage provider.
Prevent concurrent migrations on the same migrating VM. In rare cases, when doing two m4ce migrations on the same source VM, both migrations could fail due to interfering with each other's operations.
In some cases where strict network policies were applied, GKE failed to apply AppArmor profiles which are needed for M2C and failed to upgrade, causing the cluster to be in an usable state.
May 17, 2022
v1 API
Migrate to Containers API has graduated to v1 in 1.11.1 release. The v1beta2 Migration API is deprecated and will be supported until May 2023.
Building and deploying Windows containers with Skaffold
Skaffold yamls generated as part of the migration artifacts for Windows flow now help operators to accelerate container image build and deploy to GKE and Anthos clusters or Cloud Run platform.
Artifact Repository Health Checks
When creating a new artifacts repository, or updating an existing one, migctl will wait for health information and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket. To skip the synchronous health checks, –async can be passed to the migctl command.
When creating a new migration, migctl will query the migration's specified artifact repository (or the default if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.
When generating artifacts for the migration, migctl will query the migration's specified artifact repository (or the default one if it was not specified), and produce a warning in case the provided service account does not have permissions to upload artifacts to the specified bucket.
Tomcat Workloads Migration Enhancements
On the migration plan
fromImage
field, in case the tool did not automatically discover the Tomcat version used on original VM, a placeholder text (example:tomcat:<TomcatVersion>-jre11-openjdk
) was added that would need to be populated by the user. If the information is not populated a blocking warning will be surfaced on Artifacts generation step, requiring the user to provide the Tomcat version details.Renaming
catalinaHome.tar.gz
artifact totomcatServer.tar.gz
.bin
andlib
directories are filtered from thetomcatServer.tar.gz
file.Users can now choose to upload certificates into the repository by setting on the migration plan the
includeSensitiveData
parameter to true.
227137961: Prevent concurrent migration on the same migrating VM when using M4CE5.X source.
224485583: null value of serverautostart
for some Windows migration plans.
224545749: Linux system container extraction step getting stuck in some scenarios.
225638684: OpenLiberty containers may fail to run web applications deployed as WAR archives.
220853359: ABM can be installed without specifying all of –gcp-project
, –gcp-region
and –json-sa
. In this case the default repositories are simply not created.
Uninstall might be stuck when a sourcesnapshot CRD cannot be deleted. To workaround please run kubectl edit sourcesnapshot -n v2k-system
and remove all finalizers
204879458: If image repository permissions are invalid, migration will get stuck in ExtractImage instead of UploadImage step
218855996: Windows global path variables and short folders names are not migrated
223553376: Secrets created by migctl (for example when creating a source provider) may not always be cleaned up when the objects that depend on them are deleted (for example when issuing migctl source delete …
).
216537540: migctl cannot be used to upgrade the Migrate to Containers installation newer than the migctl version. For example, if migctl is 1.9.0, it cannot upgrade a cluster to have 1.11.0.
208361449: Artifact repository Health checks are not implemented for S3 repositories. Migctl commands that query the health state of the repository will warn that health checks cannot be performed.
March 28, 2022
Splitting IIS sites into individual containers
Previously to break down N discovered IIS sites into individual containers, you had to manually edit the migration plan to include one site at a time and generate containers artifacts N times. This new feature enables automatic breakdown of N discovered sites into N individual containers in one iteration through a parameter on the migration plan. For more information, see Split a single VM into multiple containers.
Replatform Tomcat applications to containers enhancements
The Tomcat application replatforming flow now enables you to manually specify a Tomcat server installation directory before the migration. This allows you to override the related automatic discovery in cases where you know and would like to provide an exact location. For more information see, Adding a target project.
Building and deploying containers with Skaffold
Skaffold yamls generated as part of the migration artifacts for Tomcat, WebSphere and Linux system container flows now help you to accelerate container image builds and deployments to GKE and Anthos clusters
Migrate for Compute Engine v5.0 as a migration support (Public Preview)
Currently, Migrate for Anthos and GKE uses Migrate for Compute Engine 4.X to enable workload migration from VMWare on-premise, AWS EC2, and Azure VM environments to GCP. To simplify setup and elevate the operator experience migrating from inventories in these environments, we now offer using the new Migrate for Compute Engine v5.X managed service. This new integration is now in public preview. For more information, see Enabling Google services and configuring service accounts.
In-place migration on Anthos bare metal clusters (Public Preview)
This public preview serves customers who would like to deploy on-premises workloads on Anthos bare metal clusters, so they can process the migration to containers in-place on the target environment. For more information see, Configuring a processing cluster on Anthos on Bare Metal.
Replatform Websphere applications to containers (Public Preview)
Migrate for Anthos and GKE introduces a new public offering for replatforming VMs based WebSphere applications into containers using tWAS (traditional WebSphere Server) container image or Open Liberty community images. Migrate for Anthos and GKE now enables:
- Detecting VMs that host WebSphere servers.
- Discovering WebSphere applications using the IBM binary scanner tool.
- Splitting the applications into individual containers to increase agility in deployment and operation management.
- Generating docker file, deployment spec and other artifacts that support deployment to Google modern application platforms and Day2 operations.
208040681: Resolved operating system field 'disappearing' after running guest level discovery.
194186514: Resolved migrations done in Anthos on AWS might succeed even though the files were not uploaded.
Uninstall might be stuck when a sourcesnapshot CRD cannot be deleted. To workaround this please run kubectl edit sourcesnapshot -n v2k-system
and remove all finalizers
204879458: If image repository permissions are invalid, the migration will get stuck in the ExtractImage
step instead of the UploadImage
step
225638684: OpenLiberty containers may fail to run web applications deployed as WAR archives.
218855996: Windows global path variables and short folders names are not migrated.
223553376: Secrets created by migctl, for example when creating a source provider, may not always be cleaned up when the objects that depend on them are deleted. For example when issuing migctl source delete
.
216537540: migctl
cannot be used to upgrade the Migrate installation newer than the migctl
version. For example, if migctl
is version 1.9.0, it cannot upgrade a cluster to 1.11.0.
January 11, 2022
Windows connection strings
Migrate for Anthos and GKE supports connection strings at the site and global scopes. See Setting connection strings for a data provider for more information.
Reducing system container image size
Large folders over 1GB, which may cause a Linux system container image to hang, will now be detected in the migration plan. This allows users to decide whether these should be excluded from the migration or moved to persistent data. This helps the user to produce a lighter weight image on the first migration iteration. See Specifying content to exclude from the migration for more information.
211625398: Customers using GKE 1.22 with Migrate for Anthos and GKE versions earlier than 1.10.2 may experiences issues running their migration. For upgrade instructions see, Upgrading Migrate for Anthos and GKE to 1.10.2.
December 22, 2021
Security updates
1.10.1 Security updates available. See Upgrading Migrate for Anthos and GKE for upgrade instructions.
December 08, 2021
Replatform Tomcat applications to containers
Version 1.10 introduces a new public offering for replatforming VMs based Tomcat applications into containers using Apache Tomcat OSS community images. Migrate for Anthos and GKE now enables:
- Detect VMs that host Tomcat web servers and indicate their fit level for containerization.
- Discover Tomcat applications as part of the migration processing and their breakdown into individual containers over the Tomcat community images.
Fit assessment for Tomcat application servers workloads
The fit assessment tool now supports assessments of Linux workloads running Tomcat application servers. The new assessment capability allows users to inspect their Tomcat applications for automated containerization to GKE, GKE Autopilot, or Cloud Run
Migrate to GKE Autopilot clusters and Cloud Run now in GA
Simplified Linux service manager, which lets you deploy containers to GKE Autopilot clusters and to Cloud Run, is now the default service manager for any migrations performed with Migrate for Anthos and GKE.
See Migrating to Autopilot clusters and Cloud Run for more on these new features.
Assessment of workloads for Shift to Google Compute Engine
Added support for assessing Lift & Shift migrations to Google Google Compute Engine. The fit assessment tool is enhanced with additional assessment capabilities which can indicate a VM's fit score toward a Lift & Shift migration using Migrate for Compute Engine. The fit assessment report provides users recommended actions based on conditions that can impact automated migration. With the advanced details users can choose the best workloads for migration and fix issues before they impact the automated migration process.
Fit assessment of AWS EC2 workloads
The fit assessment tool now supports assessments of AWS EC2 workloads by running the collection scripts directly on the assessed AWS EC2 VM, or through a remote SSH from the CLI. The new assessment feature enables users to inspect their workload for automated containerization to GKE, GKE AutoPilot and Cloud Run using Migrate for Anthos and GKE.
Fit assessment of Google Compute Engine VM workloads
The fit assessment tool now supports assessment of Google Compute Engine VM workloads by running the collection scripts directly on the assessed Google Compute Engine VM, or through a remote SSH from the CLI. The new assessment feature enables users to inspect their workload for automated containerization to GKE, GKE AutoPilot and Cloud Run using Migrate for Anthos and GKE.
Source platform indication and VM path on Fit Assessment reports
The fit assessment reports in HTML and Cloud Console include information on the source platform of the assessed VM, and a unique ID per platform. This allows users to compare and view information on their assessed workloads from various platforms.
Assessment for containerization on Cloud Run
The fit assessment tool now supports assessments of workloads for containerization to Google Cloud Run - A Google cloud fully managed serverless platform. The new assessment allows users to inspect their workloads for automated containerization using Migrate for Anthos and GKE.
Assessment for containerization on GKE Auto Pilot
The fit assessment tool now supports assessments of workloads for containerization to GKE Auto Pilot - A new mode of operation in Google Kubernetes Engine (GKE) that is designed to reduce the operational cost of GKE clusters. The new assessment capability allows users to inspect their workloads for automated containerization to GKE Auto Pilot using Migrate for Anthos and GKE.
Using RVTools output as a data source for fit assessment
The fit assessment tool now supports analyzing the RVTools .xlsx report file from a single VMware vCenter by running $./mfit discover rvtools name.xlsx
. RVTools utilities are used to retrieve VMWare VSphere management data. With the RVTools data source users can easily generate detailed fit assessment reports based on their existing RVTools export.
Fit assessment automatic version checks
The fit assessment tool now checks for the availability of a new version by probing a version check Google Cloud Storage resource.
190704603: Change to mFIT CLI Help text - 'Import collector script artifacts'.
190575888: Design updates to mFIT HTML report, fonts changes, layout bugs and graphs position on report.
206772515: Fixed a bug where ** in a v2kServiceManager log path was not supported.
205159324: Fixed a bug where services-config.yaml
was not created even when the migration completed successfully in the new Linux system container runtime.
199382909: Data migration plans will not have comments when using the UI.
205159086: On newer Ubuntu versions migrated workloads will fail.
208040681: Operating system field 'disappears' after running guest level discovery.
194186514: Migration done in Anthos on AWS might succeed even though the files were not uploaded.
Uninstall might be stuck when a sourcesnapshot CRD cannot be deleted. To workaround please run kubectl edit sourcesnapshot -n v2k-system
and remove all finalizers
204879458: If your image repository permissions are invalid, migration will get stuck in ExtractImage instead of the UploadImage step.
October 5, 2021
Migrate to GKE Autopilot clusters and Cloud Run now in GA
Support for the simplified Linux service manager, which lets you deploy containers to GKE Autopilot clusters and to Cloud Run, has moved from the Public Preview stage to General Availability.
Fit assessment tool now in GA
The migration fit assessment tool has moved from the Public Preview to General Availability.
vSphere/vCenter inventory discovery can now be scoped to a vSphere inventory path using the new --path
flag, instead of collecting info about all VMs managed by the vCenter being assessed.
A quick assessment command has been added to generate a report using a single command. The command uses the result file(s) generated by manually running the Linux and/or Windows collection script on assessed VMs.
194605214 Use controller storage by default for pod log collection for logging migration tasks. Setup max log file size and file rotation.
187922406 Fixed LVM mount failure caused from broken device mapper devices.
198092293 [MFIT] vSphere level <-> guest level data correlation failure with certain NIC configurations.
197432816 [MFIT] More granular assessment of supported Windows versions.
197206783 [MFIT] Fixed failure to run guest collect script via SSH with a non-root remote user.
196712456, 201610944 [MFIT] Minor html report UI improvements.
August 17, 2021
On August 17, 2021, we released Migrate to Containers 1.8.1.
See Upgrading Migrate for Anthos to 1.8.1 for upgrade instructions.Version 1.8 added the initial support for the preview release of the enhanced runtime, which lets you deploy containers to GKE Autopilot clusters and to Cloud Run. This release adds the following new features to the preview:
- You no longer set an annotation in the migration plan to enable the enhanced runtime. Instead, you now set
v2kServiceManager
. - The
prestart
andpoststart
entries in theconfig.yaml
file now automatically populated. - Added support to the
config.yaml
file that lets you specify environment variables at the global level or at the application level. - Added logging support that lets you customize log data written to Cloud Logging.
See Enhanced runtime for more on these new features
Version 1.8 added the initial support for the preview release of the fit assessment tool. The fit assessment tool for version 1.8.1 adds new functionality, including:
- Ability to collect data for a Windows VM
- Ability to remotely collect data for Linux and Windows VMs using VMware tools
- Ability to remotely collect data over SSH
See Using the fit assessment tool for more.
When you generate the migration artifacts, Migrate to Containers now generates the new
logs.yaml
file from the migration plan. This file contains the list of log files detected on the source VM.
You can now edit the logs.yaml
file to configure logging and the data written to Cloud Logging.
See Customizing log data written to Cloud Logging for more.
Added support for specifying connection strings when migrating a Windows workload. Connection strings define a connection from the migrated container workload to a .NET Framework data provider.
See Setting connection strings for a data provider for more.
The cos-runtime
option to the migctl setup install command has been renamed to runtime
.
179171930: A migrated container workload can now be deployed to a cluster running GKE 1.20 and later.
Before you run your migrated workloads, you must install migctl
with runtime support for Container-Optimized OS nodes on your cluster:
migctl setup install --runtime
See Deploying a Linux workload to a target cluster for more information.
166014117 : The documentation has been updated to describe how to delete the migration to free up the source VM after a successful migration. See Deleting a migration for more.
183082390: The collection script used by the Linux discovery tool uses service --status-all
to query system V services. This call no longer takes an arbitrary amount of time to return.
183564181: When you call migctl setup upgrade
on Anthos clusters on VMware
or Anthos clusters on AWS without the necessary platform argument (--gkeop
or --gke-on-aws
),
migctl
no longer uninstalls Migrate for Anthos and GKE.
179028669: migctl doctor
no longer crashes if a GKE cluster is currently repairing.
171686793: The migctl setup upgrade --gkeop
command no longer creates
a new ImageRepositiry or ArtifactRepository object that lacked Google Cloud access credentials.
194186514: When using Anthos clusters on AWS as the processing cluster to perform migrations of AWS workloads, if you have insufficient credentials to create an ECR repository, sometimes the migration succeeds. However, the ECR repository is not created.
Workaround: Update your credentials, then recreate and retry the migration.
197206783: The user credentials passed to the mfit discover ssh ...
command
must be the credentials of the root user on the VM. Running the command as a non-root user executes
the command successfully, but only collects a small part of the data required for a full assessment.
June 29, 2021
On June 29, 2021, we released Migrate to Containers 1.8.
See Upgrading Migrate for Anthos to 1.8 for upgrade instructions.Enhanced runtime support added which lets you deploy containers to GKE Autopilot clusters and to Cloud Run, and simplifies the process of deploying containers to GKE on AWS that use workload identity. This feature is in preview. See Enhanced runtime for more.
Added support for the preview release of the fit assessment tool that is intended to eventually replace the existing Linux discovery tool. The new fit assessment tool provides you with:
- Ability to get the inventory information about VMware VMs through direct connection to vCenter.
- Enhanced HTML output that makes it easier to view the assessment results.
- New collection script,
mfit_linux_collect.sh
, and new assessment tool,mfit
.
See Using the fit assessment tool for more.
179976237: You can now create a Docker image file registry configuration with the name of a previously deleted configuration.
187922406: A migration might fail due to a LVM (Logical Volume Manager) failure.
Workaround: Recreate and retry the migration.
166014117 : If you are using Migrate to Virtual Machines with Migrate to Containers to migrate Linux workloads, after you complete a successful migration, delete the migration to free up the source VM.
195341095: Migrate for Anthos and GKE does not support software RAID disks.
179171930: A migrated container workload cannot be deployed to a cluster running GKE 1.20 and later.
May 19, 2021
On May 19, 2021, we released Migrate to Containers 1.7.5.
See Upgrading Migrate for Anthos to 1.7.5 for upgrade instructions.New rule added to the Linux discovery tool to display information when multiple NICs are detected because multiple NICs can increase the effort required to migrate the workload. For a complete list of updates and information on using the new tool, see Using the Linux discovery tool.
A generated migration plan now contains entries for Service endpoints and NFS mounts discovered on the source VM. You can now edit the migration plan to add, remove, or delete these entries. See Customizing a migration plan for more.
Following the Microsoft decision to end support for the Windows 10, version 1909 architecture, the Google Kubernetes Engine (GKE) team removed support for this architecture on its GKE and GKE Enterprise clusters. This change means that you must update all Windows containers built for this architecture.
When migrating Windows workloads, you have to perform the following:
- If you have existing Windows containers that you created using Migrate for Anthos version 1.7 or earlier, then you have to rebuild the containers to create containers capable of running on supported Windows architectures.
- If you are currently using Migrate for Anthos to migrate Windows workloads, you must update your Migrate for Anthos processing clusters to use version 1.7.5 and update the node pools to use the supported Windows architecture.
Rebuild deployed Windows containers
If you have existing Windows containers created using Migrate for Anthos version 1.7 or earlier, rebuild the container to use a supported Windows architecture. You require the generated artifacts folder generated for the container to make this change:At the top of the Dockerfile in the generated artifacts folder, edit the
FROM
command to update the image.For example, for the following
FROM
command:FROM mcr.microsoft.com/windows/servercore/iis:windowsservercore:1909
Replace the image as shown below:
FROM mcr.microsoft.com/windows/servercore/iis:latest
The following table shows the existing image and the image used to replace it:
Existing image name New image name mcr.microsoft.com/windows/servercore:1909 mcr.microsoft.com/windows/servercore/iis:latest mcr.microsoft.com/windows/servercore/iis:windowsservercore-1909 mcr.microsoft.com/windows/servercore/iis:latest mcr.microsoft.com/dotnet/framework/aspnet:3.5-windowsservercore-1909 mcr.microsoft.com/dotnet/framework/aspnet:3.5 mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-1909 mcr.microsoft.com/dotnet/framework/aspnet:4.8 mcr.microsoft.com/dotnet/framework/wcf:4.8-windowsservercore-1909 mcr.microsoft.com/dotnet/framework/wcf:latest - Rebuild the container images as described at Building the container image.
Update your Migrate for Anthos processing clusters
If you are currently using Migrate for Anthos to migrate new Windows workloads, you must update your
version of Migrate for Anthos to 1.7.5 and update your processing cluster to use a node pool of
type WINDOWS_LTSC
. Node pools of type WINDOWS_SAC
are no longer supported.
- Update your version of Migrate for Anthos to 1.7.5.
On your processing cluster, replace the
WINDOWS_SAC
node pool withWINDOWS_LTSC
.Add the
WINDOWS_LTSC
new pool:gcloud container node-pools create ltsc-pool-name \ --project=project-name --zone=gcp-zone --cluster=cluster-name \ --image-type=WINDOWS_LTSC --num-nodes=1 --scopes="cloud-platform" \ --machine-type=n1-standard-4
Delete the
WINDOWS_SAC
node pool:gcloud container node-pools delete sac-pool-name \ --project=project-name --zone=gcp-zone --cluster=cluster-name
Removed from the legacy PV-based Migrate for Anthos versions a Webhook that was simplifying the definition of Migrate for Anthos pods. This Webhook was not being used in any subsequent versions, including the latest 1.6 and 1.7 releases.
186512095: When building a Windows container, you no longer have to edit the generated Dockerfile to change the image tag to latest
.
185975192: Webhook certificates no longer expire after one month.
162275866: When generating migration artifacts, you no longer see the following error:
Error: failed to update vgenerateartifactsflow.kb.io
April 6, 2021
On April 6, 2021, we released Migrate to Containers 1.7.0.
See Upgrading Migrate for Anthos to 1.7 for upgrade instructions.This release updates the Linux discovery tool to replace the CSV output with an HTML and JSON output. Also, the fit score of 0-10 has been replaced with a fit assessment value, new rules have been added, and more information about the source VM has been added to the report. For a complete list of updates and information on using the new tool see Using the Linux discovery tool.
By default, Migrate for Anthos automatically disables unneeded services on a VM when you migrate it to a container. You can now edit the migration plan to optionally disable additional services on the container, either services discovered by Migrate for Anthos or your own list of services. See Customizing a migration plan for more.
175000470: The issue caused by adding a source when using a service account without the compute.disks.create
permission has been fixed.
178469863: Running migctl setup install with either the --node-selector or --tolerations flag no longer returns an error.
183321483: If you are using a CRD file to create a migration source, and you include a secret in the CRD, then deleting the migration source might also delete the secret.
Workaround: Recreate the secret after deleting the migration source.
162275866: When generating migration artifacts, you might see the following error:
Error: failed to update vgenerateartifactsflow.kb.io:
Post https://controllers-webhook-service.v2k-system.svc:443/validate-anthos-migrate-cloud-google-com-v1beta2-generateartifactsflow?timeout=30s:
no endpoints available for service "controllers-webhook-service"
Workaround: Try generating artifacts again. If not, check the manager status.
Get the pod:
kubectl get pod -n v2k-system
Look for a pod with name that starts with
controllers-controller-manager-
and describe it to see its status and event.
179028669: migctl doctor
crashes if a GKE cluster is currently repairing.
Workaround: If migctl
crashes, then validate that any kubectl
command can run on the cluster before retrying the command.
183564181: When you call migctl setup upgrade
on Anthos clusters on VMware or Anthos clusters on AWS without the necessary platform argument (--gkeop
or --gke-on-aws
), migctl
uninstalls Migrate for Anthos and fails on the install.
Workaround: Rerun migctl setup upgrade
with the correct argument.
179860971: The status error returned when you enter an incorrect VM ID in the console is not helpful:
googleapi: got HTTP response code 404 with body:
Workaround: View the error in the Events tab in the console for more information:
Click the Migrations tab to display a table containing the available migrations.
In the row for the desired migration, select the migration Name to open the Details tab.
Select the Events tab.
182208300: When building a Docker image for a Windows container, examine the logs. Sometimes an internal step can fail, even when the build command shows that the build was successful.
156207267: When using Anthos clusters on VMware for your processing cluster, the migration might get stuck at the image extraction step, and the relevant migration pod shows volume attachment errors similar to the following:
Warning FailedAttachVolume 5s (x10 over 4m15s)
attachdetach-controller AttachVolume.Attach failed for volume migration-b849e1-dd:
Invalid configuration for device 0.
The issue is triggered by a Kubernetes in-tree vsphere driver that is unable to cleanup leftovers from previous migration operations on the same node.
Workaround: Either:
Cordon the affected node by:
Running the following command:
kubectl cordon [node_id]
- Restarting the migration.
Restart the affected node.
182450827: If you installed Migrate for Compute Engine on your processing cluster to work with Migrate for Anthos, and want to perform four or more concurrent migrations, you cannot use GKE 1.18.
Workaround: Use GKE 1.16 on your processing cluster.
179171930: This release of Migrate for Anthos does not support GKE 1.20.
Workaround: Use GKE 1.19 or earlier.
183082390: The collection script used by the Linux discovery tool uses service --status-all
to query system V services. Depending on the services installed on the VM, service --status-all
might call custom routines.
In some cases, this call might take an arbitrary amount of time depending on the services installed.
186512095: When building a Windows container, you must edit the generated Dockerfile
to change the image tag to latest
, or to any tag for the image that supports LTSC 1809.
For Server Core, replace servercore:1909
with servercore:1809
.
For example:
from image_name:latest
After completing the installation of Migrate for Anthos, run the following command to apply a required patch:
kubectl patch mutatingwebhookconfigurations.admissionregistration.k8s.io controllers-mutating-webhook-configuration --type json --patch '[{"op": "remove", path: "/webhooks/9"}]'
February 23, 2021
On February 23, 2021, we released Migrate to Containers 1.6.2.
180576558: Fixed an issue where the Linux discovery tool calculated an incorrect score.
Fixed an issue where using an Envoy proxy sidecar, not as part of Istio or Cloud Service Mesh, created networking issues with the migrated workload.
February 01, 2021
On February 01, 2021, we released Migrate to Containers 1.6.1.
Released a fix, rolling out gradually and taking full effect 2/5/2021, for a migctl
setup
installation that fails on a GKE cluster when the automatically created bucket
already exists.
Released a fix, rolling out gradually and taking full effect 2/5/2021, for a
migctl
crash when kubectl
is not in PATH
.
January 25, 2021
On January 25, 2021 we released Migrate to Containers 1.6.0.
See Upgrading Migrate to Containers to 1.6 for upgrade instructions.Previous releases of Migrate for GKE Enterprise required that you used Google Container Registry (GCR) and Google Cloud Storage for data repositories. This release adds support for additional repositories, including ECR, S3, and Docker registries that support basic authentication. See Defining data repositories for more.
In many on-prem environments, outbound internet access is tightly controlled through the use of an HTTPS proxy server. If your environment uses a proxy server to control outbound internet access, then you can now configure Migrate for GKE Enterprise to use that proxy server. See Configuring an HTTPS proxy for more.
Migrate for GKE Enterprise now includes the deployment_spec.yaml
file in artifacts.zip
for Windows migrations. You can use the deployment_spec.yaml
file to deploy your migrated
Windows workloads.
See Deploying a Windows workload to a target cluster for more.
Support added for using GKE Enterprise clusters on AWS as processing clusters to perform migrations of AWS workloads. This feature is in preview. See Prerequisites for migrating Linux VMs on AWS for more.
Removed support for the --password
option to the migctl
command when
creating a migration source on GKE Enterprise clusters on VMware:
migctl source create local-vmware local-vmware-src --vc '1.2.3.4' --username 'admin' --password 'pass1'
You are now prompted to enter the password. See Adding a migration source for more.
172414359: Exporting multiple cloned VMs simultaneously from the same source might fail.
Workaround: Re-run the migctl migration generate-artifacts
command again.
174655315: A migration might stop responding when generating artifacts and remain in the retrying state. You might also see this error in the logs or in the verbose migration status:
D 2020-12-01T18:43:53Z SHELL ERROR: '2020/12/01 18:43:53 appending [/tarlayer/layer.tar.gz]: reading tar "/tarlayer/layer.tar.gz": flate: corrupt input before offset 681999708'
Workaround: Re-run migctl migration generate-artifacts
.
175000470: When adding a source when using a service account without the compute.disks.create
permission,
the source becomes ready but the migration will fail to create disks.
Workaround: Make sure that service account has the compute.disks.create
permission.
174299021: When creating a migration source or executing a migration, you might see this error:
"Error: Internal error occurred: failed calling webhook "vmigration.kb.io": Post https://controllers-webhook-service.v2k-system.svc:443/validate-anthos-migrate-cloud-google-com-v1beta2-migration?timeout=30s: unexpected EOF"
Workaround: Recreate the source or migration.
171686793: The migctl setup upgrade --gkeop
command might create
a new ImageRepositiry or ArtifactRepository object that lacked Google Cloud access credentials.
Workaround: Use the following command to upgrade the cluster:
migctl setup upgrade --json-key key
Where key is the JSON key for the service account required for migctl
installation.
See Configuring service accounts.
If you try to mount a secret on a deployed pod you will not be able to access it in /run/secrets
.
This is typically an issue when giving workload identity permissions to the pod (where a secret is added by
Kubernetes to hold the workload identity credentials).
The contents of the secrets directory are in /kubernetes-info/secrets
.
Workaround: Run the following command on the deployed pod:
ln -s /kubernetes-info/secrets /run/secrets
If the /run
mount gets deleted (by a process in the pod, or by a pod reset),
you might have to run the command again.
178469863: Running migctl setup install
with either the
--node-selector
or --tolerations
flag returns an error.
Note: Running the migctl setup install
command with both flags succeeds.
This error only occurs when using one flag.
Workaround: Run migctl setup install
without the flag,
and then manually add the nodeSelectors or tolerations to CSI and Controller pods.
See Creating and managing cluster labels
and Controlling scheduling with node taints for more.
If you delete the configuration for a Docker image file registry, create a new one with a different configuration name. You cannot recreate a configuration with the name of a previously deleted configuration.
This issue affects Docker image file registries implemented by using GCR or by using Docker registries using basic auth. It does not affect ECR. See Defining data repositories for more information.
Workaround: Use the migctl docker-registry update
command to modify
an existing configuration rather than deleting it and recreating it.
185975192: Webhook certificates can expire after one month, causing API requests to fail.
November 17, 2020
On November 17, 2020 we released Migrate to Containers 1.5.1.
You must upgrade your installation to install 1.5.1, even if you are currently running version 1.5. We strongly recommend that you always upgrade to the latest release.170604382: Running migctl
when not connected to a cluster
no longer results in a panic
error, but instead returns an error message describing
the issue.
169919740: When using a custom services blocklist to disable a service in a workload, if the service was already disabled by default, the migrated container no longer can crash when deployed.
171173082: Mistakenly creating a local VMware source on a Cloud-based cluster,
normally used only in an on-prem migration, no longer
results in the source being in PROCESSING
state forever but instead returns an error.
170566991: For Windows migrations, only HTTP and HTTPS site bindings are supported. See WindowsGenerateArtifacts CRD.
170618192: Similarly to Linux migrations, Windows migrations now add to the generate artifacts object an annotation containing the migration spec and comments.
When creating a migration source for Compute Engine workload, Migrate for GKE Enterprise now tests that the GCP specified project exists. Source creation fails when either the project does not exist or the user has no read permissions to the project. An error message is shown indicating that the required project could not be found.
October 21, 2020
On October 21, 2020 we released Migrate to Containers 1.5.
Support for migrating Windows VM workloads has moved from the Beta stage to general availability. This release also extends the Google Cloud console to support migrations of Windows workloads using Migrate to Containers. See Migrating a Windows VM for more.
Migrate to Containers offers new tools that you run on a Linux or Windows VMs to determine the workload's fit for migration to a container. See Using the Linux discovery tool and Using the Windows discovery tool for more.
Custom Services Blocklist is a new feature that lets you modify the default set of services to disable in a migrated container. See Custom Services Blocklist for more.
The image
field value of the GenerateArtifactsFlow CRD defines the names and locations of two images created from a migrated VM. In previous releases, the names contained a predefined tag.
To ensure that the tag value is unique, the format of the tag has changed for this release to specify the timestamp of the migration.
You can also explicitly set the tag if you prefer to another value. See Setting the name of the container image for more.
When you deploy your migrated Windows containers to a cluster, you can now use a Group Managed Service Account (gMSA) to execute the container under a specific service account identity. See Configuring gMSA for more.
Changed the default settings on the Cloud processing cluster for migrating Linux workloads:
You no longer have to specify the
--scopes "cloud-platform"
option when creating Cloud processing clusters for migrating Linux workloads.You now must create a service account, with the necessary permissions, to:
Accessing Container Registry and Cloud Storage
Use Compute Engine as the migration source
If you currently have a processing cluster that uses the --scopes "cloud-platform"
option,
your cluster will continue to work. However, for new processing clusters, you should use the new procedure.
See Enabling Google services and configuring service accounts for more.
171123825: In some cases, migration process might fail, and Cloud Logging indicate errors such as:
"failed to load map, error 6"
or:
"failed in domap for addition of new path sdd"
Workaround: Delete the migration and restart it. In rare cases, a re-installation of the product is required.
170706786: The Linux Discovery Tool might return exit code 0 even when not all information was collected successfully.
Workaround: Make sure you run the tool as a 'root' user or as a user with full sudo access.
167656057: Installation on a GKE cluster with ACM might fail. Indication of the error can be seen in the Migrate to Containers upgrade job, in the v2k-system
namespace.
For example:
kubectl logs -n v2k-system controllers-upgrade-fzlmz
Shows this error:
failed to validate admission controller - admission webhook "validation.gatekeeper.sh" does not support dry run
Workaround:
gatekeeper
is an ACM component.
Manually deleting the upgrader job fixes the issue.
For example:
kubectl delete job -n v2k-system controllers-upgrade
157062328: In some cases, adding a service to the blocklist using a configmap will not actually stop that service from running on the deployed workload.
Workaround: Disable the service using the Dockerfile (rather than a config-map), and rebuild the image.
163800225: kubectl port-forward might not work properly for a deployed workload.
Please contact support for more information.
171173082: Mistakenly creating a local VMware source on a Cloud-based cluster,
normally used only in an on-prem migration,
results in the source being in PROCESSING
state forever.
For example, you use migctl
to check the source status:
migctl source status local-vmw-src
The State
displays as:
PROCESSING
Message: Post "https://1.2.3.4/sdk": context deadline exceeded
Workaround: Delete the local VMware source, and create a remote/streaming VMware source.
170604382: Running migctl
when not connected to a cluster
results in a panic
error such as the one below, followed by a stack-trace:
migctl setup install panic: Cannot create kubernetes client
Workaround: Connect a cluster, and re-run migctl
.
171714535: In a GKE on-prem environment configured to use an egress HTTP/HTTPS proxy, the migration process might get stuck.
Workaround: Please contact support for more information.
170566991: For Windows migrations, only HTTP and HTTPS site bindings are supported.
Example of unsupported bindings:
<site name="Default Web Site" id="1"> <application path="/"> <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" /> </application> <bindings> <binding protocol="http" bindingInformation="*:80:" /> <binding protocol="net.tcp" bindingInformation="808:*" /> <binding protocol="net.pipe" bindingInformation="*" /> <binding protocol="net.msmq" bindingInformation="localhost" /> <binding protocol="msmq.formatname" bindingInformation="localhost" /> </bindings> </site>
Workaround: Edit the migration-plan to remove the unsupported binding.
169919740: When using a custom services blocklist to disable a service in a workload, ensure that the service is not already disabled by default. See Services disabled by Migrate for GKE Enterprise for a list of services disabled by default. If the service was already disabled by default, the migrated container might crash when deployed. Error information about the crash is written to the logs.
Workaround: Remove the already disabled service from your custom services blocklist.
170627229: Migrated workload of a JBoss application might fail at startup. Cloud Logging indicates an error in the form:
ERROR [org.jboss.as.server] (Controller Boot Thread) ...:
Caught exception during boot: java.lang.IllegalStateException: ...:
Could not rename /opt/jboss-7.1.1/standalone/configuration/.../standalone_xml_history/current to
/opt/jboss-7.1.1/standalone/configuration/.../standalone_xml_history/...
Workaround: Update your Dockerfile to remove the directory by adding a line in the form:
RUN rm -rf jboss-path/standalone/configuration/standalone_xml_history/current
Where jboss-path is a path such as /usr/local/share/jboss
or /opt/jboss-7.1.1
.
144896313: Migrated workloads do not support SELinux. However, if the source VM had SELinux enabled at the time of migration, and you then check the status of SELinux on the migrated workload, SELinux will appear to be enabled. This issue has no affect on migrated workloads.
September 24, 2020
On September 24, 2020 we updated Migrate to Containers 1.4.
Changed the default settings on the Cloud processing cluster for migrating Linux workloads:
You no longer have to specify the
--scopes "cloud-platform"
option when creating Cloud processing clusters for migrating Linux workloads.You now must create a service account, with the necessary permissions, to:
Accessing Container Registry and Cloud Storage
Use Compute Engine as the migration source
If you currently have a processing cluster that uses the --scopes "cloud-platform"
option,
your cluster will continue to work. However, for new processing clusters, you should use the new procedure.
See Enabling Google services and configuring service accounts for more.
You can now use the Google Cloud Console to:
- Install Migrate for GKE Enterprise on a processing cluster
- Create a migration source for a Compute Engine VM
See Installing Migrate for GKE Enterprise and Adding a migration source for more.
July 28, 2020
On July 28, 2020 we released Migrate to Containers 1.4.
For instructions on upgrading from version 1.3, see Upgrading Migrate to Containers to 1.4.
Added support for GKE Enterprise GKE on-prem clusters running on VMware. On-prem support lets you migrate source VM workloads in a vCenter/vSphere environment to a GKE on-prem cluster running in the same vCenter/vSphere environment. See Prerequisites for migrating Linux VMs on-prem for the requirements for on-prem migration.
The Google Cloud console provides a web-based, graphical user interface that you can use to manage your Google Cloud console(GCP) projects and resources. Migrate to Containers now supports the migration of workloads by using the Google Cloud console. See Migrate for GKE Enterprise management interfaces.
In this release, the Migrate to Containers Google Cloud console does not support migrations for Windows or for on-prem, including monitoring Windows or on-prem migrations.
You can use Migrate to Containers to migrate Windows VMs to workloads on GKE. This process clones your Compute Engine VM disks and uses the clone to generate artifacts (including a Dockerfile and a zip archive with extracted workload files and settings) you can use to build a deployable container image. This feature is currently in Beta. See Adding a Windows migration source.
Migrate to Containers now includes Custom Resource Definitions (CRDs) that enable you to easily create and manage migrations using an API automation solution or code. For example, you can use these CRDs to build your own automated tools.
For more on the Migrate to Containers CRDs, see CRD overview.
Added the new --json-key sa.json
option to the migctl source create ce
command to create a migration for Compute Engine, where sa.json
specifies a service account. See Optionally creating a service account when using Compute Engine as a migration source for more.
To edit the migration plan, you must now use the migctl migration get my-migration
command to download the plan. After you are done editing the plan, you have to upload it by using the migctl migration update my-migration
command. See Customizing a migration plan for more.
Added the node-selectors
and tolerations
options to the migctl setup install
installation command that lets you install Migrate to Containers on a specific set of nodes or node pools in a cluster. See Installing Migrate for GKE Enterprise.
The migctl migration cleanup
command has been removed and is no longer necessary.
In previous releases, you used a command in the form: migctl source create ce my-ce-src --project my-project --zone zone
to create a migration for Compute Engine. The --zone
option has been removed when creating a Compute Engine migration. Using the --zone
option in this release causes an error.
The migctl migration logs
command has been removed. You now use the Google Console to view logs.
By default Migrate to Containers installs to and performs migrations
in the v2k-system
namespace. In previous releases, you could specify the namespace.
The option to specify a namespace has been removed.
GKE on-prem preview: If a source was created with migctl source create
using the wrong credentials, you could not delete the migration with migctl migration delete
. This issue has been fixed in the GA release of on-prem support.
160309992: Editing a migration plan from the GUI console might fail if it was also edited using migctl
.
161135630: Attempting multiple migrations of the same remote VM (from VMware, AWS or Azure) simultaneously, might result in a stuck migration process.
Workaround: Delete the stuck migration.
161214397: In case of a missing service-account to upload container images to the Container Registry, the migration might get stuck.
Workaround: Add the service-account. If you are using the Migrate to Containers CRD API,
delete the GenerateArtifactsTask object using kubectl
and recreate it either using the CRD or re-running
migctl migration generate-artifacts
. Alternatively, you can use migctl
to delete the migration and recreate it. You can first download the migration YAML using
migctl migration get
to backup any customizations you have made.
161110816: migctl migration create
with a source that doesn't exist fails with a non-informative error message: request was denied
.
161104564: Creating a Linux migration with wrong os-type
specification causes the migration process to get stuck until deleted.
160858543, 160836394, 160844377, 154430477, 154403665, 153241390,153239696, 152408818, 151516642, 132002453: Unstable network in Migrate to Virtual Machines infrastructure, or a GKE node restart, might cause migration to get stuck.
Workaround: Delete the migration and re-create it. If recreating the migration does not solve the issue, please contact support.
161787358: In some cases, upgrading from version v1.3 to v1.4 might fail with Failed to convert source
message.
Workaround: Re-run the upgrade command.
153811691, 153439420: Migrate to Containers support for older Java does not handle OpenJDK 7 and 8 CPU resource calculations.
152974631: Using GKE nodes with CPU and Memory configurations below the recommended values might cause migrations to get stuck.
157890913, 160082702, 161125635, 159693579:A migration might continue to indicate that it is running, while an issue encountered prevents further processing.
Workaround: Check event messages on the migration object using the verbose
migctl
status command: migctl migration status migration_name -v
.
You might be able to correct the issue to allow the migration to continue or the migration should
be deleted and recreated if an Error event is listed without further retries.
An example is when creating a Windows migration on a cluster with no Windows nodes. In this case the event message will show:
Warning FailedScheduling 10s Pod discover-xyz 0/1 nodes are available: 1 node(s) didn't match node selector.
March 30, 2020
New migctl
CLI for deploying Migrate for GKE Enterprise, creating and
operating migrations using a structured workflow and a migration processing cluster.
Introducing a unified migration workflow across all supported VM sources -- VMware, AWS EC2, Azure VMs and Compute Engine VMs.
Migrations are defined and operated using a Kubernetes CRD.
Automated generation of a suggested migration plan (specified in a CRD), CI/CD artifacts and deployment specs. The migration process now results in extracting and generating container and deployment artifacts, including a container image and a Dockerfile, extracted data in a persistent volume, deployment/statefulSet, PVC and PV specs in an auto-generated YAML file for easy workload deployment.
The Migrate for GKE Enterprise software runtime layer now offers a compatibility feature for older Java versions that are not container aware by reflecting the correct resource allocations in the container's /proc file system.
Migrate for GKE Enterprise v1.0 Marketplace deployment is now removed. Migrate for GKE Enterprise v1.3 allows installation in v1.0 compatibility mode where needed.
Preview features -- contact your Google Sales representative to enroll.
- Migrating Windows VMs with IIS ASP.NET web applications to Windows 2019 containers on GKE.
- Processing migrations in GKE Enterprise on-prem.
147211918: In some cases, migration from AWS or Azure as a source can be stuck with no progress. If this happens, run kubectl describe storageclass
to view related events. You can also check the status of the matching Cloud Details in Migrate to Virtual Machines.
146699220: When the source VM has a systemd service with a NICE
config property, the service might not start when running in a container.
Workaround: Remove the NICE
property in the source VM before the migration.
144896313: Migration of Security-Enhanced Linux (SELinux) is not supported.
149900626: Some file systems not listed in Compatible VM operating systems may fail to migrate. When running migctl migration logs migration-name
, the logs in Cloud Logging may show a message such as:
failed to mount - exit status 32 - mount: /tmp/bootdir: unknown filesystem type 'LVM2\_member'.
152194161: Your migrated workload container fails when running a cluster with GKE nodes of type "COS". When you run the command kubectl logs [podname]
, you might see the following:
apparmor.go:385] Couldn't set label to lxc-container-default - write /proc/1/attr/current: no such file or directory
This is an indication that the required AppArmor profiles are not installed on the GKE nodes. To solve this, run migctl setup install --cos-runtime
.
148334068: When Migrating a physical VM from on-premises connected via Migrate to Virtual Machines, Migrate for GKE Enterprise attempts to optimize network utilization and discards (rather than stream) blocks that are not in use on the source VM file system. In some cases, this might cause VMware storage sessions to time out. For assistance, please contact support.
GKE on-prem preview: If a source was created with migctl source create
using the wrong credentials, migrations will fail. Attempts to delete the migration with migctl migration delete
may stop responding in a "Terminating" state, as in the following example:
$ migctl migration list NAME PROCESS STATE STATUS PROGRESS AGE my-vm-01 generate-artifacts createSourceSnapshots TERMINATING [2/13]
December 19, 2019
When specifying a mixed-case value for the clone_vm_disks
script's -A <var>app-name</var>
argument, the YAML file generated by the script would include a workload name that could not be deployed.
The command now checks for a valid input value.
The Migrate to Virtual Machines password could be inadvertently logged in Stackdriver Logging.
Migrate for GKE Enterprise failed to recognize a reference to a disk specified as a PARTUUID
in the fstab
file. PARTUUID
is now supported.
Deleting a StatefulSet
attached to a persistent volume would leave the volume in an attached state./p>
Using configuration YAML from a version prior to 1.0 caused the pod to enter a crashloop stage.
An error message now is now displayed to request that you update to the latest definition.
When resolving block devices in a multipath device, the operation appeared to succeed even if there was an error with one of the block devices.
Resolving source storage devices would sometimes fail without error if one of the devices has no partitions.
Using kubectl exec
on a migration pod would sometimes display superfluous bash
warnings about LC_ALL
.
Attempting to switch to a non-root user with the su
command after connecting to the machine with ssh
would fail when you had previously used su
to switch to another user.
Migrate for GKE Enterprise CSI drive would sometimes fail connecting to the migrated VM.
The kubectl cp
command would fail when copying files to the migrated pod.
November 13, 2019
Migrate for GKE Enterprise supports migrating existing VMware, Amazon EC2, Azure, and Compute Engine VMs to containers on Google Kubernetes Engine. For more information, see Benefits of Migrate for GKE Enterprise.
You can monitor export of short-term storage to a persistent volume using kubectl
. For more information, see Exporting streaming PVs to permanent storage.
Using a ConfigMap
, you can have content from application log files you specify written to Stackdriver Logging (a default list is included). For more, see Configuring logging to Stackdriver Logging.
For information on operating systems supported by Migrate for GKE Enterprise, see Compatible VM operating systems.
On the Migrate to Virtual Machines portlet in VMWare vCenter, VMs will be shown as Managed by Migrate to Virtual Machines during migration process. Only the cache and storage migration status are updated in this view. Other functionality, such as Migrate to Virtual Machines actions, may not be functional.
For known issues and workarounds, see Troubleshooting Migrate for GKE Enterprise.
VMs using EFI configurations are not compatible for migration with this release.
Operating systems running systemd
versions lower than 234 are limited to 65536 open files.
When using a private GKE cluster, the GKE control plane might be unable to reach Migrate for GKE Enterprise infrastructure (specifically, the admission-controller) by default. This is because the admission-controller Pod listens on port 9443.
To work around this issue, add port 9443 to the firewall rules of the control plane node. For more, see Creating a private cluster.
When specifying a mixed-case value for the clone_vm_disks
script's -A <var>app-name</var>
argument, the YAML file generated by the script includes a workload name that can not be deployed.
To work around this issue, specify the argument's value in lowercase only.
The Migrate to Virtual Machines password can be inadvertently logged in Stackdriver Logging.
Migrate for GKE Enterprise fails to recognize a reference to a disk specified as a PARTUUID
in the fstab
file.
Deleting a StatefulSet attached to a persistent volume will leave the volume in an attached state.
Using configuration YAML from a version prior to 1.0 causes the pod to enter a crashloop stage.
To work around this, update your YAML file to conform to the latest definition.
When resolving block devices in a multipath device, the operation appears to succeed even if there was an error with one of the block devices.
Resolving source storage devices would sometimes fail without error if one of the devices has no partitions.
Using kubectl exec
on a migration pod sometimes displays superfluous bash
warnings about LC_ALL
. These are only cosmetic.
Attempting to switch to a non-root user with the su
command after connecting to the machine with ssh
fails when you have previously used su
to switch to another user.
To work around this issue, use kubectl exec
instead of ssh
to get a shell to the container.
Migrate for GKE Enterprise CSI drive may sometimes fail connecting to the migrated VM.
The kubectl cp
command fails when copying files to the migrated pod.