Important Update – Deprecation of Docker Virtual Machine Images Extended to 30 April 2023

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Containers articles.

Previously we announced the support for the Mirantis Container Runtime (formerly Docker EE) on Windows Server will be transitioning to Mirantis Inc. This transition has been extended from the previously communicated date of 22 September 2022 until 30 April 2023. We expect this will be the final extension.  Customers are encouraged to review the required actions outlined in this post and complete migration prior to the 30 April 2023 transition.

 

Please note that in accordance with the transition on 30 April 2023, both the DockerMsftProvider API and the "Windows Server with containers" images published by Microsoft on the Azure Gallery will be retired and removed from the gallery.  

 

We sincerely apologize for any inconvenience that this retirement notice may have caused for our customers.   

 

Note: If you’re using Windows containers on AKS or AKS on prem (Azure Stack HCI or Windows Server), this announcement need not apply to you; Microsoft provides a fully supported container runtime at no additional cost for these environments. 

 

If you are using one or more of the following Azure gallery images, then you may be impacted:  

  • 2016-Datacenter-with-Containers 
  • 2016-datacenter-with-containers-g2 
  • 2016-Datacenter-with-Containers-GS 
  • 2019-Datacenter-Core-with-Containers 
  • 2019-datacenter-core-with-containers-g2 
  • 2019-Datacenter-Core-with-Containers-smalldisk 
  • 2019-datacenter-core-with-containers-smalldisk-g2 
  • 2019-Datacenter-with-Containers 
  • 2019-datacenter-with-containers-g2 
  • 2019-Datacenter-with-Containers-GS 
  • 2019-Datacenter-with-Containers-smalldisk 
  • 2019-datacenter-with-containers-smalldisk-g2 
  • datacenter-core-20h2-with-containers-smalldisk 
  • datacenter-core-20h2-with-containers-smalldisk-gs 
  • datacenter-core-20h2-with-containers-smalldisk-g2 

 

Required action 

After 30 April 2023, Microsoft will remove all versions of these images from the gallery. Going forward, you’ll have the following options: 

  1. Make the transition to AKS/AKS-HCI where full support and automatic management of the container runtime is provided at no additional cost. 
  2. Use the Mirantis-provided Windows Server Marketplace VM image. Mirantis has made this image publicly available for customers to switch any workloads to. The cost of this marketplace image will include the cost of support and license for the runtime. Customers building and running Docker containers using Docker CLI with Kubernetes or Swarm orchestration or needing a higher level of security (FIPS140-2) may want to pursue this option. 
  3. Use the Azure Image Builder service to build your own image based on the desired version of Windows Server and bundle a container runtime of your choice including Mirantis Container Runtime available from Mirantis webstore and from the marketplace. 
  4. Use VM Scale Set Custom Script Extensions to do a post-deployment configuration of your VM to install your desired container toolchain.  

Each of these methods are provided as an option to make this as smooth of a transition as possible for you. The following sections will detail the pros and cons of each option. For customers using Windows containers in Service Fabric, Service Fabric only supports Mirantis Container Runtime as a configuration, which would require a Mirantis entitlement for scaling, upgrades, or support (see the Mirantis Virtual Machine Image section below). 

 

1. Which method should I choose? 

There are four things to keep in mind when considering the above options. It is up to your organization to decide which aspect you want to optimize around:  

  1. How complex is it to implement?  
  2. What is the cost?  
  3. How does it impact my workload in production? 
  4. Do I need to build or manage Docker containers using Docker CLI with Kubernetes or Swarm, or need to comply with higher security level FIPS 140-2? 

 

1.1. Move to AKS / AKS-HCI (on prem) 

AKS and AKS-HCI are fully managed services with lower management overhead than what you are used to with custom deployments. Support for the container runtime is included within the AKS and AKS-HCI services under your Azure subscription. 

 

The initial engineering cost here may be considerable, as it may require re-architecting your application to work within the Kubernetes paradigm, however, the reduced management workload that results may help lower your long-term maintenance and support requirements.  

 

One important note, while direct support for Hyper-V in Kubernetes is in progress, we suggest using Azure Container Instances with a virtual kublet to add Hyper-V containers to your cluster. 

 

1.2. The Mirantis VM Image 

Mirantis will be maintaining their own VM image within the Azure marketplace (All products – Microsoft Azure Marketplace) in replacement for the images listed prior. This would theoretically offer the lowest engineering cost, as it only requires a change in the Marketplace VM image tag and a rebuild of your existing VM scale sets. The cost here comes from the fact that the support contract with Mirantis is no longer included with your Windows server license, and you must get support directly from Mirantis. The cost of the license is included in the cost of the Azure Marketplace image. For tips on installing the Mirantis Container Runtime alongside the additional support costs, please visit the Mirantis site: Start Mirantis Container Runtime on Windows Server | Mirantis. Note: this is true for general Mirantis Container Runtime usage, including building your own VM image. We will soon be publishing public documentation in concert with Mirantis on how to use the Mirantis VM image.. 

 

1.3. Azure Image Builder & Custom Script Extensions 

Azure Image Builder can be more complex to implement and there are more steps involved. Additionally, while the Image Builder service comes at no additional cost, you must pay for the compute, storage, and networking usage associated with the build process (additional details here). The benefit to using Image Builder is that the configuration is done during a build time and would not have any effect on your workload at runtime; when the VM scale set instantiates a new VM from your custom image, the image will have already been prepped so no time must be spent here and it will be immediately ready to run containers (one of the key benefits of using the now-deprecated 'Windows Server with containers' images). Follow this tutorial to get started in building your own VM images on Azure.  

 

Should you opt for Custom Script Extensions, it is quicker to implement, and the cost is only in the nominal price to store the script in Azure or GitHub. However, the script may only execute after a VM has been provisioned, so you must budget for additional time being spent to properly prep the VM at scale-out time.  

 

To install the Docker CE / Moby runtime yourself, please use this script. If you want to suggest changes to this script please make a PR here Windows-Containers/helpful_tools at Main · microsoft/Windows-Containers (github.com). For a full guide on installation please head to Prep Windows operating system containers | Microsoft Docs 

 

Docker Community Edition (CE) and Moby are one and the same, this script uses the Docker CE binaries built and produced by Docker Inc.  

 

Note that installing the Hyper-V feature will require a reboot, so if you want to skip the reboot during installation you can add the -NoRestart parameter.  

 

If you want to skip network configuration you can use the -SkipDefaultHost parameter.  

 

2. Migration guidelines for Azure Service Fabric customers 

Effective 30 April 2023 Service Fabric customers using the “with containers” VM images may face service disruptions as Microsoft will remove the “with container” VM images from the Azure image gallery. The VM image unavailability would lead to the failure of VM lifecycle management operations such as scale out, re-image, and service healing for Azure Service Fabric (SF) node types based specifically on these VM images.  

 

All impacted customers must upgrade the SKU utilized within your Azure Virtual Machine Scale Set for SF clusters. 

 

Please refer to the container runtime support page on Azure Service Fabric Troubleshooting Guides or create a Microsoft support case 

 

2.1 Running Containerized workloads on SF 

 

Customers can continue to run containerized workloads on SF by: 

The possible scenarios for customers to run containerized workloads on SF are:   

 

Using the VM image provided by Mirantis 

The Mirantis VM image has Mirantis Container Runtime (MCR) prebaked into the VM image and is available in the Azure gallery. 

The VM image pricing includes the licensing cost for MCR. Customers should follow the guidance of scale up a node type to do the node SKU upgrade for their SF clusters 

 

Use Mirantis Container Runtime but not the VM image from Mirantis 

 Customers need to procure the MCR license from Mirantis and provision the MCR runtime in a standard VM image by executing the following steps:  

 

Step 1: Install MCR in the VM image via Custom Script VM extension on a new node type. Follow the guidance of scale up a node type 

 

Step 2: Enable Automatic OS image upgrades on Azure Virtual Machine Scale Set 

 

Step 3: Move workload to the new node type and remove the old node type 

 

Use a container runtime other than MCR 

 

Service Fabric works with Moby runtime; however, Microsoft will not provide CSS support for issues related with Moby runtime. 

 

2.2. Running non-containerized workloads on SF 

Customers who are not running containerized workloads but using “with container” VM images should choose between OS SKU in-place upgrade or OS SKU upgrade. We recommend using OS SKU upgrade as it ensures service availability during the migration process. 

 

3. Support and Help 

If you’re impacted by these changes, have read this guide, and would like additional guidance from the Windows Containers product team, you can reach us at github/Windows-Containers where you will find information about getting time on the product team’s calendar to chat. In addition to this, feel free to send an email to win-ctr-ext-rntm-chg@microsoft.com and we’ll respond as soon as possible. You can also reach out to Mirantis (win-ctr-mcr@mirantis.com) who can help you with your decision making. 

 

Links provided herein will take you to a third-party website and are provided for convenience only. Third-party websites are subject to the third-party’s terms and privacy statements. 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.