How-tos

IBM Cloud Kubernetes Service Supports containerd

Share this post:

Kubernetes container runtime containerd replaces Docker

For IBM Cloud Kubernetes Service clusters that run version 1.11 or later, containerd replaces Docker as the container runtime for Kubernetes. Clusters running version 1.10 and earlier continue using Docker. This change to containerd provides enhanced performance and a simplified container runtime environment. For more information related to this transition, see the following blogs:

Action is required for apps that depend on Docker

As with most architecture changes, you may also be required to make changes. In particular, if your Kubernetes app relies on Docker as the Kubernetes container runtime, you must update the app to handle containerd as the container runtime. Examples of such dependencies include the following:

  • Your app pod mounts the Docker socket /var/run/docker.sock. The UNIX socket for containerd is /var/run/containerd/containerd.sock. It is important to note that the containerd socket does not provide the Docker HTTP API, but it has a gRPC listener for its own API as well as the Kubernetes CRI API.
  • Your app pod runs with host privileges and accesses the Docker CLI on the host. The common CLI for all CRI compliant Kubernetes runtimes is crictl. While crictl is the preferred host CLI for CRI runtimes, containerd also has an administrative/debug CLI, ctr.
  • Your app pod mounts /var/lib/docker/containers to access Docker container logs. The container logs for containerd are available under /var/log/pods.

In addition to your apps, you may also rely on vendor apps that need to change. The good news is that, in general, your container development processes do not change. You can still use a Dockerfile to define a Docker image and build a container for your apps. If you use Docker commands to build and push images to a registry, you may continue to do so.

Many apps already support containerd

You are not alone in this journey to a world with container runtimes other than Docker. IBM, the Kubernetes and containerd communities, and many others are working to make this a smooth transition for you and your favorite Kubernetes apps. For example, go to IBM Cloud helm charts catalog and select IBM Cloud Kubernetes Service for a list of IBM charts that already support containerd. In addition, there are numerous external and IBM catalog services that already support containerd, such as logging with LogDNA, security with Aqua or Twistlock, and monitoring with Sysdig.

Prepare for the transition to containerd

Since migrating apps will take some time, IBM Cloud Kubernetes Service has kept version 1.10 as the default cluster version longer than normal. However, the default cluster version will soon change to 1.11. After the change, you will still be able to create version 1.10 clusters, but you should start planning your upgrade now.

Open an IBM support ticket if you require assistance preparing for the upgrade to Kubernetes 1.11 or later with containerd.

Questions?

For general questions, engage our team via Slack by registering here, and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.

Developer, IBM Cloud Kubernetes Service

Phil Estes

DE & CTO, Linux OS and Container Architecture Strategy, IBM Cloud

More How-tos stories
April 11, 2019

How to Automate TLS Certificate Rotation to Avoid Outages

In this post, we'll share how you can make sure you have end-to-end protection for data in transit without running into any TLS certificate expiry issues.

Continue reading

April 5, 2019

Node.js 502 Bad Gateway Issues and How To Resolve Them

In December of 2018, many Node.js users noticed that their applications randomly returned an HTTP status code 502 "Bad Gateway" error. In this post, we'll show you how to resolve this issue if you have been affected.

Continue reading

April 3, 2019

Managing IBM Cloud Resources with a Service ID Through the Command Line Interface

We are excited to announce that you can now log into IBM Cloud with a service ID in v0.15.0 of the IBM Cloud CLI. This enables users to manage IBM Cloud resources with a service ID created within an account through the command line interface.

Continue reading