Skip to content

Commit 097b6c4

Browse files
authored
Merge pull request #31469 from AugustasV/telemetery_security_agents
Revise “Migrating telemetry and security agents from dockershim” task
2 parents 6712fbe + 80f4c27 commit 097b6c4

File tree

1 file changed

+20
-22
lines changed

1 file changed

+20
-22
lines changed

content/en/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents.md

Lines changed: 20 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -8,37 +8,35 @@ weight: 70
88

99
<!-- overview -->
1010

11-
With Kubernetes 1.20 dockershim was deprecated. From the
12-
[Dockershim Deprecation FAQ](/blog/2020/12/02/dockershim-faq/)
13-
you might already know that most apps do not have a direct dependency on runtime hosting
14-
containers. However, there are still a lot of telemetry and security agents
15-
that has a dependency on docker to collect containers metadata, logs and
16-
metrics. This document aggregates information on how to detect these
17-
dependencies and links on how to migrate these agents to use generic tools or
18-
alternative runtimes.
11+
Kubernetes' support for direct integration with Docker Engine is deprecated, and will be removed. Most apps do not have a direct dependency on runtime hosting containers. However, there are still a lot of telemetry and monitoring agents that has a dependency on docker to collect containers metadata, logs and metrics. This document aggregates information on how to detect these dependencies and links on how to migrate these agents to use generic tools or alternative runtimes.
1912

2013
## Telemetry and security agents
2114

22-
There are a few ways agents may run on Kubernetes cluster. Agents may run on
23-
nodes directly or as DaemonSets.
15+
Within a Kubernetes cluster there are a few different ways to run telemetry or security agents.
16+
Some agents have a direct dependency on Docker Engine when they as DaemonSets or
17+
directly on nodes.
2418

25-
### Why do telemetry agents rely on Docker?
19+
### Why do some telemetry agents communicate with Docker Engine?
2620

27-
Historically, Kubernetes was built on top of Docker. Kubernetes is managing
28-
networking and scheduling, Docker was placing and operating containers on a
29-
node. So you can get scheduling-related metadata like a pod name from Kubernetes
30-
and containers state information from Docker. Over time more runtimes were
31-
created to manage containers. Also there are projects and Kubernetes features
32-
that generalize container status information extraction across many runtimes.
21+
Historically, Kubernetes was written to work specifically with Docker Engine.
22+
Kubernetes took care of networking and scheduling, relying on Docker Engine for launching
23+
and running containers (within Pods) on a node. Some information that is relevant to telemetry,
24+
such as a pod name, is only available from Kubernetes components. Other data, such as container
25+
metrics, is not the responsibility of the container runtime. Early yelemetry agents needed to query the
26+
container runtime **and** Kubernetes to report an accurate picture. Over time, Kubernetes gained
27+
the ability to support multiple runtimes, and now supports any runtime that is compatible with
28+
the container runtime interface.
3329

34-
Some agents are tied specifically to the Docker tool. The agents may run
35-
commands like [`docker ps`](https://docs.docker.com/engine/reference/commandline/ps/)
30+
Some telemetry agents rely specifically on Docker Engine tooling. For example, an agent
31+
might run a command such as
32+
[`docker ps`](https://docs.docker.com/engine/reference/commandline/ps/)
3633
or [`docker top`](https://docs.docker.com/engine/reference/commandline/top/) to list
37-
containers and processes or [docker logs](https://docs.docker.com/engine/reference/commandline/logs/)
38-
to subscribe on docker logs. With the deprecating of Docker as a container runtime,
34+
containers and processes or [`docker logs`](https://docs.docker.com/engine/reference/commandline/logs/)
35+
to receive streamed logs. If nodes in your existing cluster use
36+
Docker Engine, and you switch to a different container runtime,
3937
these commands will not work any longer.
4038

41-
### Identify DaemonSets that depend on Docker {#identify-docker-dependency}
39+
### Identify DaemonSets that depend on Docker Engine {#identify-docker-dependency}
4240

4341
If a pod wants to make calls to the `dockerd` running on the node, the pod must either:
4442

0 commit comments

Comments
 (0)