Migrating from Dockershim to Containerd Learn Kubernetes with Google

In IT Consulting

Migrating from Dockershim to Containerd Learn Kubernetes with Google - read the full article about Kubernetes tutorial, IT Consulting and from Share Learn on Qualified.One
Share Learn
Youtube Blogger

hi this is lauren kubernetes with google video  series and im sergey kang an engineer working on kubernetes here at google in this video i  will be talking about docker support duplication in kubernetes and how to migrate to container  d so docker is now duplicated in kubernetes it sounds scary reading the very first sentence  in the release notes makes you pay attention the second sentence introduces you to the new  terms like docker shim and cri lets talk about this cri stands for container runtime interface  this is a glue that allows kubernetes which knows where to schedule port talk to container runtime  which can run containers of this port kubernetes is responsible for orchestration runtime knows  how to run and check the status of containers there are various container  runtimes each has special features and decide on trade-offs they make between  performance security and functionality but as long as they are cri compliant  you can use them with kubernetes container d is an industry standard container  runtime you are likely already using it as it is layered underneath docker when docker shim is used  as container runtime kubelet which is kubernetes agent on the node communicates with docker to  schedule containers and check on its status docker in its turn uses containers to actually schedule  containers while also making these containers are visible and available for docker tooling and ui  switching to container d as the container runtime eliminates this middleman all the same containers  can be run by containers as before but now since containers would schedule directly discontinuity  they are not visible to docker so any docker tooling or fancy ui you might have used before  to check on these containers no longer available you cannot get container information using docker  ps or docker inspect commands as you cannot list containers you cannot get locks stop containers  or execute something with docker exactly by the way stopping containers via docker cli  directly was never a good idea as it is better to allow kubernetes to orchestrate them so you dont  confuse kubernetes by disappearing containers you can still pull images or build  them using docker build command but images built or pulled by docker  would not be visible by d and kubernetes and you need to push them to some registry  to allow them to be used by kubernetes now as you know the limitations of migration to  continuity you may be more convinced that your application is unlikely to be affected by runtime  change even though you still use docker to build containers some situations when you do have this  dependency are running privileged ports executing docker commands or doing it with ssh on a node  directly or by installing agent on this node we noticed that sometimes this depends on  docker is coming from third-party touring not from the application directly those are  typically monitoring and security agents in very rare cases you may have an indirect  dependence on docker-specific behavior like a specific log message but again this is not  common as i said its rare that you need to run docker cli on your node but if you discovered  any of the use cases on the previous slide there is an alternative you  can switch to sierra ctl sir ictl is a runtime independent way to inspect  and operate containers you can find the cheat sheet of commands mapping between docker cli  and sierra ccl following the link on the slide okay now you know the container run time is  reviewed potential problems with the migration and ready to switch to container d it is very easy  with gke just use the gcloud containers cluster update command to create the node pool again  with a new node image type this command will recreate nodes one by one while rescheduling  the workload note you can roll back as easy and if you start getting benefits of this  migration you can run your application with less infrastructure overhead more secure as you have  less components involved and be on the front line of new kubernetes feature development let us know  what you think and how your migration experience was thank you for viewing this episode of learn  kubernetes with google im sergey kincheliff bye you

Share Learn: Migrating from Dockershim to Containerd Learn Kubernetes with Google - IT Consulting