In IT Consulting
Migrating from Dockershim to Containerd Learn Kubernetes with Google - read the full article about Kubernetes tutorial, IT Consulting and from Share Learn on Qualified.One
Youtube Blogger
hi this is lauren kubernetes with google video series and im sergey kang an engineer working on kubernetes here at google in this video i will be talking about docker support duplication in kubernetes and how to migrate to container d so docker is now duplicated in kubernetes it sounds scary reading the very first sentence in the release notes makes you pay attention the second sentence introduces you to the new terms like docker shim and cri lets talk about this cri stands for container runtime interface this is a glue that allows kubernetes which knows where to schedule port talk to container runtime which can run containers of this port kubernetes is responsible for orchestration runtime knows how to run and check the status of containers there are various container runtimes each has special features and decide on trade-offs they make between performance security and functionality but as long as they are cri compliant you can use them with kubernetes container d is an industry standard container runtime you are likely already using it as it is layered underneath docker when docker shim is used as container runtime kubelet which is kubernetes agent on the node communicates with docker to schedule containers and check on its status docker in its turn uses containers to actually schedule containers while also making these containers are visible and available for docker tooling and ui switching to container d as the container runtime eliminates this middleman all the same containers can be run by containers as before but now since containers would schedule directly discontinuity they are not visible to docker so any docker tooling or fancy ui you might have used before to check on these containers no longer available you cannot get container information using docker ps or docker inspect commands as you cannot list containers you cannot get locks stop containers or execute something with docker exactly by the way stopping containers via docker cli directly was never a good idea as it is better to allow kubernetes to orchestrate them so you dont confuse kubernetes by disappearing containers you can still pull images or build them using docker build command but images built or pulled by docker would not be visible by d and kubernetes and you need to push them to some registry to allow them to be used by kubernetes now as you know the limitations of migration to continuity you may be more convinced that your application is unlikely to be affected by runtime change even though you still use docker to build containers some situations when you do have this dependency are running privileged ports executing docker commands or doing it with ssh on a node directly or by installing agent on this node we noticed that sometimes this depends on docker is coming from third-party touring not from the application directly those are typically monitoring and security agents in very rare cases you may have an indirect dependence on docker-specific behavior like a specific log message but again this is not common as i said its rare that you need to run docker cli on your node but if you discovered any of the use cases on the previous slide there is an alternative you can switch to sierra ctl sir ictl is a runtime independent way to inspect and operate containers you can find the cheat sheet of commands mapping between docker cli and sierra ccl following the link on the slide okay now you know the container run time is reviewed potential problems with the migration and ready to switch to container d it is very easy with gke just use the gcloud containers cluster update command to create the node pool again with a new node image type this command will recreate nodes one by one while rescheduling the workload note you can roll back as easy and if you start getting benefits of this migration you can run your application with less infrastructure overhead more secure as you have less components involved and be on the front line of new kubernetes feature development let us know what you think and how your migration experience was thank you for viewing this episode of learn kubernetes with google im sergey kincheliff bye you
Share Learn: Migrating from Dockershim to Containerd Learn Kubernetes with Google - IT Consulting