docker engine files missing from image whenever run in AKS

DK-8871 0 Reputation points
2024-04-02T07:19:38.24+00:00

Hi,

Notice that after the AKS auto upgraded to 1.28.5, all my daemonset failed due to docker.exe is missing.

Upon inspection, all the docker.exe, dockerd.exe, docker-proxy.exe file went missing. so not sure if this is being automatically removed?

my daemonset kubernetes:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: win-dockerd
  namespace: project_name
  labels:
    app: win-dockerd
spec:
  selector:
    matchLabels:
      app: win-dockerd
  template:
    metadata:
      labels:
        app: win-dockerd
    spec:
      containers:
      - name: win-dockerd
        image: acr_image_url_with_tag_for_dockerengine_daemon_windows
      securityContext:
        windowsOptions:
          hostProcess: true
          runAsUserName: "NT AUTHORITY\\SYSTEM"
      hostNetwork: true
      nodeSelector:
        kubernetes.io/os: windows
        # limit where to run this HostProcess container to reduce the attack surface, e.g. limit to one node pool
        agentpool: winbui

dockerfile:

FROM --platform=$BUILDPLATFORM curlimages/curl:7.88.1 AS build

ARG DOCKERVERSION

USER root

RUN curl -Lo docker.zip https://download.docker.com/win/static/stable/x86_64/docker-$DOCKERVERSION.zip; \

unzip docker.zip

FROM mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0

WORKDIR /docker

ENTRYPOINT ["dockerd.exe"]

COPY --from=build /docker .

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,146 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anveshreddy Nimmala 3,545 Reputation points Microsoft Vendor
    2024-04-02T11:08:57.4766667+00:00

    Hello DK-8871,

    Welcome to microsoft Q&A, Thankyou for posting your query here.

    Kubernetes deprecated Docker as a container runtime after version 1.20.It has moved to use container runtime interfaces (CRI) like containerd and CRI-O.

    Ensure your cluster and daemonsets are configured to use a supported container runtime like containerd. You might need to update your daemonsets configurations or node setups to accommodate this change.

    Check the release notes for the AKS version you upgraded to and any associated node image versions for changes to the container runtime. Adjust your configurations accordingly.

    https://learn.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli

    Use AKS node pool configurations or daemonsets that are compatible with the AKS-managed environments and their lifecycle management practices, rather than manually configuring nodes.

    If the issue persists and you're unable to find a configuration problem, consider reaching out to Azure support. This might be a known issue or require specific guidance based on your cluster's setup.

    Hope this helps you.If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!


  2. Brian Krische 0 Reputation points
    2024-05-01T17:40:35.2133333+00:00

    I was doing the same thing, this post finally helped me figure it out. I needed to change the ENTRYPOINT in my image to:

    ENTRYPOINT ["%CONTAINER_SANDBOX_MOUNT_POINT%/docker/dockerd.exe"]

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.