Use gci (or another alternative) as the base node image

[armish]

Context: #57

Basically, the issue is that the new default gci image has a completely new way of managing the node by making use of a minimal distribution that lacks many of the helpful utilities (e.g. mount.nfs). We are currently working around this problem by opting-out of using gci when creating clusters, but Google has officially deprecated the container-vm:

From Release Notes - September 27, 2016:

... The old container-vm is now deprecated; it will be supported for a limited time...

In the long run, we probably have to learn how to deal with the new image and revert #57.

[smondet]

Relevant → kubernetes/kubernetes#33447

[cioc]

Updated kubernetes ticket with all our info, kubernetes/kubernetes#33447 (comment)

Don't have any info about when this will get solved for GKE on gci.

[hammer]

@smondet looks like this one's fixed upstream and will be available in GKE 1.4.7 real soon now: kubernetes/kubernetes#33447

[armish]

Looks like Google is trying hard to scare people away from using the container-vm from now on. Just got this e-mail:

Dear Google Container Engine Customer,

We have detected that you are running a Google Container Engine (GKE) cluster that is using Container-VM as your node image. Container-VM is being deprecated in September 2017 in anticipation of support ending for the base image (Debian 7) in May 2018. We recommend that you upgrade your cluster to our latest supported operating system, Container-Optimized OS (COS).

In order to upgrade your cluster, we recommend checking your cluster against known compatibility limitations and setting up a test cluster to ensure compatibility. For additional information on migrating your cluster, please view our migration guide.

Will this change affect me?

Yes, this email was sent because we have detected that the following clusters and node pools are using Container-VM. You must upgrade your cluster to COS prior to the deprecation of Container-VM from GKE.

Will I experience downtime when upgrading my cluster to COS?

Our upgrade instructions include 2 options for upgrading your cluster to COS. One option is to create a new node-pool on COS and move your existing workloads to the new node-pool. You should see little to no down time during this migration when using this option. The second option is an in-place upgrade using a gcloud command (similar to upgrading your kubernetes version) and some downtime should be expected when using this option.

Will I experience down time if I do not upgrade my cluster to COS?

We do not expect you to experience immediate down time. If, however, you do not upgrade prior to the end of Container-VM support, you will be running on an unsupported operating system and your cluster may be more vulnerable to security, reliability, and stability issues so we highly recommend upgrading your cluster to COS.

I checked the compatibility page and my cluster is not compatible with COS. What should I do?

Please contact Google Cloud Support.

When will Container-VM be deprecated and no longer available in GKE?

We plan to deprecate Container-VM in September 2017. At that time, new nodes will not be created with Container-VM and support for existing Container-VM nodes (including security patches, etc.) will no longer be available.

If you have any questions or concerns, please contact Google Cloud Support.

Sincerely,
The Google Container Engine Team

Maybe we should start looking for alternatives and give them a try once again?

[smondet]

I tried with the COS image on the GKE and it fails to mount NFSs because of DNS requests.
hammerlab/secotrec#66

(

• With COS, and IP addresses it works
• With container_vm and hostnames it works

)