Description:
Use Container-Optimized OS (cos_containerd) as a managed, optimized and hardened base OS that limits the host's attack surface.
Rationale:
COS is an operating system image for Compute Engine VMs optimized for running containers. With COS, you can bring up your containers on Google Cloud Platform quickly, efficiently, and securely.
Using COS as the node image provides the following benefits:
If modifying an existing cluster's Node pool to run COS, the upgrade operation used is long-running and will block other operations on the cluster (including delete) until it has run to completion.
COS nodes also provide an option with 'containerd' as the main container runtime directly integrated with Kubernetes instead of 'docker'. Thus, on these nodes, Docker cannot view or access containers or images managed by Kubernetes. Your applications should not interact with Docker directly. For general troubleshooting or debugging, use crictl instead.
Using Google Cloud Console
Using Command Line
To set the node image to 'cos' for an existing cluster's Node pool:
gcloud container clusters upgrade [CLUSTER_NAME]
--image-type cos_containerd
--zone [COMPUTE_ZONE] --node-pool [POOL_NAME]