Migrate to Containers: Qwik Start

Join Sign in

Migrate to Containers: Qwik Start

1 hour 1 Credit


Google Cloud self-paced labs logo


VM instances can exist on premises, managed by products such as VMWare vSphere, and in public clouds such as AWS or Azure, in addition to Google Cloud Compute Engine instances.

Anthos is an open source application platform that enables you to modernize your existing applications in your hybrid or multi-cloud environment. You can build new VMs and run them anywhere in a secure manner. Anthos is built on open source technologies pioneered by Google — including Kubernetes, Istio, and Knative — and enables consistency between on-premises and cloud environments.

When workloads are upgraded to containers, IT departments can eliminate OS-level maintenance and security patching for VMs and automate policy and security updates at scale. Monitoring across on-premises and cloud environments is done through a single interface in the Cloud Console.

Migrate to Containers provides an almost real-time solution to take an existing VM and make it available as a Kubernetes hosted pod with all the values associated with executing your applications in a Kubernetes cluster.

In this lab you create a simple Compute Engine virtual machine (VM), then use Migrate to Containers to migrate the VM to a GKE processing cluster in the Cloud. You can perform the steps using either the migctl tool or the Cloud Console. migctl is a command-line tool for setting up and managing a Migrate to Containers migration environment on Google Cloud. migctl is available in Cloud Shell.

How Migrate to Containers allows you to containerize faster than other possibilities:

Container migration architecture diagram.


You will learn how to perform the following tasks:

  • Create a Compute Engine instance hosting a Web Server.

  • Create a GKE cluster to host the migrated Compute Engine instance.

  • Migrate the Compute Engine instance using Migrate to Containers.

  • Test the Web Server that exists in GKE.

Setup and requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

To complete this lab, you need:

  • Access to a standard internet browser (Chrome browser recommended).
Note: Use an Incognito or private browser window to run this lab. This prevents any conflicts between your personal account and the Student account, which may cause extra charges incurred to your personal account.
  • Time to complete the lab---remember, once you start, you cannot pause a lab.
Note: If you already have your own personal Google Cloud account or project, do not use it for this lab to avoid extra charges to your account.

How to start your lab and sign in to the Google Cloud Console

  1. Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is the Lab Details panel with the following:

    • The Open Google Console button
    • Time remaining
    • The temporary credentials that you must use for this lab
    • Other information, if needed, to step through this lab
  2. Click Open Google Console. The lab spins up resources, and then opens another tab that shows the Sign in page.

    Tip: Arrange the tabs in separate windows, side-by-side.

    Note: If you see the Choose an account dialog, click Use Another Account.
  3. If necessary, copy the Username from the Lab Details panel and paste it into the Sign in dialog. Click Next.

  4. Copy the Password from the Lab Details panel and paste it into the Welcome dialog. Click Next.

    Important: You must use the credentials from the left panel. Do not use your Google Cloud Skills Boost credentials. Note: Using your own Google Cloud account for this lab may incur extra charges.
  5. Click through the subsequent pages:

    • Accept the terms and conditions.
    • Do not add recovery options or two-factor authentication (because this is a temporary account).
    • Do not sign up for free trials.

After a few moments, the Cloud Console opens in this tab.

Note: You can view the menu with a list of Google Cloud Products and Services by clicking the Navigation menu at the top-left. Navigation menu icon

Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

  1. Click Activate Cloud Shell Activate Cloud Shell icon at the top of the Google Cloud console.

When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. The output contains a line that declares the PROJECT_ID for this session:

Your Cloud Platform project in this session is set to YOUR_PROJECT_ID

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

  1. (Optional) You can list the active account name with this command:

gcloud auth list
  1. Click Authorize.

  2. Your output should now look like this:


ACTIVE: * ACCOUNT: To set the active account, run: $ gcloud config set account `ACCOUNT`
  1. (Optional) You can list the project ID with this command:

gcloud config list project


[core] project = <project_ID>

Example output:

[core] project = qwiklabs-gcp-44776a13dea667a6 Note: For full documentation of gcloud, in Google Cloud, refer to the gcloud CLI overview guide.
  1. Set an environment variable for your Project ID:


Task 1. Create the source Compute Engine

  1. Run the following command to create and configure a Compute Engine instance that will act as the source of the VM to be migrated:
gcloud compute instances create source-vm --zone={{{project_0.startup_script.lab_zone | zone}}} --machine-type=e2-standard-2 --subnet=default --scopes="cloud-platform" --tags=http-server,https-server --image=ubuntu-minimal-1604-xenial-v20210119a --image-project=ubuntu-os-cloud --boot-disk-size=10GB --boot-disk-type=pd-standard --boot-disk-device-name=source-vm \ --metadata startup-script={{{project_0.startup_script.metadata_script|METADATA_SCRIPT}}}

You have installed the Apache web server and created a basic web page via the startup script.

Sample output:

Created [{{{project_0.startup_script.lab_zone | zone}}}/instances/source-vm]. NAME: source-vm ZONE: {{{project_0.startup_script.lab_zone | zone}}} MACHINE_TYPE: e2-standard-2 PREEMPTIBLE: INTERNAL_IP: EXTERNAL_IP: STATUS: RUNNING
  1. Create a firewall rule to allow the HTTP:

gcloud compute firewall-rules create default-allow-http --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:80 --source-ranges= --target-tags=http-server

Sample output:

Creating firewall...working..Created []. Creating firewall...done. NAME: default-allow-http NETWORK: default DIRECTION: INGRESS PRIORITY: 1000 ALLOW: tcp:80 DENY: DISABLED: False

Click Check my progress to verify the objective. Create the source Compute Engine

  1. In the Cloud Console navigate to Compute Engine > VM instances and locate the row for the instance you created and copy the External IP address.

  2. Paste the instance's IP address to your browser address bar. Prefix it with http://.

You should now see the "Hello World" page.

To migrate the VM, first stop it from running..

  1. In the Cloud Console navigate to Compute Engine > VM instances, check the checkbox to the left of the source-vm then click the STOP button on the top.

The navigation path to the Stop button.

Note: If you do not see the Stop button, select the More Actions (three vertical dots) button and choose stop from the dropdown.
  1. Confirm the shutdown by clicking Stop in the pop-up window. You can continue to the next section while the VM is shutting down.
Note: The VM must be stopped for you to migrate it. You can start it again after you create the migration below, either by using the UI or by using the migctl migration create command.

Task 2. Create a processing cluster

In the following steps you'll create a GKE cluster in the Cloud that you'll use as a processing cluster. This is where you'll install Migrate to Containers and execute the migration.

  • In Cloud Shell use the following command to create a new Kubernetes cluster to use as a processing center:
gcloud container clusters create migration-processing --project=$PROJECT_ID --zone={{{project_0.startup_script.lab_zone | zone}}} --machine-type e2-standard-4 --image-type ubuntu_containerd --num-nodes 3 --enable-stackdriver-kubernetes --subnetwork "projects/$PROJECT_ID/regions/{{{project_0.startup_script.lab_region | region}}}/subnetworks/default" Note: Be sure you specify the same zone here that you specified when creating the VM.

Sample output:

Creating cluster migration-processing in {{{project_0.startup_script.lab_zone | zone}}} ...done. Created [{{{project_0.startup_script.lab_zone | zone}}}/clusters/migration-processing]. To inspect the contents of your cluster, go to:{{{project_0.startup_script.lab_zone | zone}}}/migration-processing?project=qwiklabs-gcp-04-1126b7a391de kubeconfig entry generated for migration-processing. NAME: migration-processing LOCATION: {{{project_0.startup_script.lab_zone | zone}}} MASTER_VERSION: 1.20.10-gke.301 MASTER_IP: MACHINE_TYPE: e2-standard-4 NODE_VERSION: 1.20.10-gke.301 NUM_NODES: 3 STATUS: RUNNING

Click Check my progress to verify the objective. Create a processing cluster

Task 3. Install Migrate to Containers

To allow Migrate to Containers to access Container Registry and Cloud Storage you need to create a service account with the storage.admin role.

  1. In Cloud Shell create the m4a-install service account:

gcloud iam service-accounts create m4a-install \ --project=$PROJECT_ID
  1. Grant the storage.admin role to the service account:

gcloud projects add-iam-policy-binding $PROJECT_ID \ --member="serviceAccount:m4a-install@$" \ --role="roles/storage.admin"
  1. Download the key file for the service account:

gcloud iam service-accounts keys create m4a-install.json \ --iam-account=m4a-install@$ \ --project=$PROJECT_ID
  1. Connect to the cluster:
gcloud container clusters get-credentials migration-processing --zone {{{project_0.startup_script.lab_zone | zone}}}
  1. Set up Migrate to Containers components on your processing cluster by using the migctl command-line tool included with Migrate to Containers:
migctl setup install --json-key=m4a-install.json --gcp-project $PROJECT_ID --gcp-region {{{project_0.startup_script.lab_region | region}}}
  1. Validate the Migrate to Containers installation. Use the migctl doctor command to confirm a successful deployment:

migctl doctor

It may take more than a minute before the command returns the following success result.

Sample output:

[✓] Deployment [✓] Docker registry [✓] Artifacts repo [x] Source Status Note: Source Status shows [x] until you define your first migration source below.
  1. Re-run the command until you see the successful deployment.

Task 4. Migrating the VM

Now you'll create a migration plan with migration details, then use it to migrate the VM.

To use Compute Engine as a migration source, you must first create a service account with the compute.viewer and compute.storageAdmin roles:

  1. In Cloud Shell create the m4a-ce-src service account:

gcloud iam service-accounts create m4a-ce-src \ --project=$PROJECT_ID
  1. Grant the compute.viewer role to the service account:

gcloud projects add-iam-policy-binding $PROJECT_ID \ --member="serviceAccount:m4a-ce-src@$" \ --role="roles/compute.viewer"
  1. Grant the compute.storageAdmin role to the service account:

gcloud projects add-iam-policy-binding $PROJECT_ID \ --member="serviceAccount:m4a-ce-src@$" \ --role="roles/compute.storageAdmin"
  1. Download the key file for the service account:

gcloud iam service-accounts keys create m4a-ce-src.json \ --iam-account=m4a-ce-src@$ \ --project=$PROJECT_ID
  1. Create the migration source:

migctl source create ce source-vm --project $PROJECT_ID --json-key=m4a-ce-src.json

Where m4a-ce-src.json specifies the service account you created above.

Create a migration

You begin migrating VMs by creating a migration. This results in a migration plan object.

A migration is the central object with which you perform migration actions, monitor migration activities and status with the migctl tool or in the Cloud Console. The migration object is implemented as a Kubernetes Custom Resource Definition (CRD).

Next you will create a migration by running the migctl tool.

  1. Create the migration plan that defines what to migrate:

migctl migration create my-migration --source source-vm --vm-id source-vm --type linux-system-container

Sample output:

Migration my-migration was created. Run `migctl migration status my-migration` to see its status.
  1. Run the following to check the status:

migctl migration status my-migration

When the status shows that the migration has the Completed status you can move on to the next step.

NAME CURRENT-OPERATION PROGRESS STEP STATUS AGE my-migration GenerateMigrationPlan [3/3] Discovery Completed 1m30s

Review the migration plan

  1. For this lab, you will use the migration default plan. You will now download the migration plan to just to review it:
migctl migration get my-migration
  1. Open the my-migration.yaml file in your preferred text editor or the Cloud Shell code editor to review.

If you need to make changes, you would upload the new plan with migctl migration update my-migration command.

Task 5. Migrate the VM using the migration plan

  1. This command will migrate the VM and generate artifacts you can use to deploy the workload:

migctl migration generate-artifacts my-migration Note: If the output appears like Error: Migration plan generation is not completed, re-run the command until you see the sample output as described.

Sample output:

Generate Artifacts task started for Migration my-migration. Run `migctl migration status my-migration` to see its status.
  1. After the migration begins, check its status by running the following:

migctl migration status my-migration

The migration can take several minutes.

  1. Re-run the command until you see the Completed status.
NAME CURRENT-OPERATION PROGRESS STEP STATUS AGE my-migration GenerateArtifacts [3/3] GenerateDeploymentFiles Completed 7m35s
  1. You can add -v flag for verbosity:
migctl migration status my-migration -v

Task 6. Deploying the migrated workload

In the following steps you'll get the deployment artifacts you generated during migration, then use them to deploy your migrated workload to the cluster. As a last step, you'll confirm that the "Hello World!" web page is available from your migrated app.

  1. Once the migration is complete, get the generated YAML artifacts:

migctl migration get-artifacts my-migration

The command downloads files that were generated during the migration:

  • deployment_spec.yaml -- The YAML file that configures your workload.

  • Dockerfile -- The Dockerfile used to build the image for your migrated VM.

  • migration.yaml -- A copy of the migration plan.

  • blocklist.yaml -- The list of container services to disable based on your settings in the migration plan.

  1. If the Cloud Shell editor isn't open already, click the Open Editor button.

  2. Open the deployment_spec.yaml file and locate the Service object whose name is source-vm.

  3. Beneath the following Service definition, add another Service at the end that will expose port 80 for access to your web server over HTTP:

apiVersion: v1 kind: Service metadata: name: my-service spec: selector: app: source-vm ports: - protocol: TCP port: 80 targetPort: 80 type: LoadBalancer

Your file should look like this:

apiVersion: v1 kind: Service metadata: creationTimestamp: null name: source-vm spec: clusterIP: None selector: app: source-vm type: ClusterIP status: loadBalancer: {} --- apiVersion: v1 kind: Service metadata: name: my-service spec: selector: app: source-vm ports: - protocol: TCP port: 80 targetPort: 80 type: LoadBalancer
  1. Save the file.

  2. Apply the deployment_spec.yaml to deploy the workload:

kubectl apply -f deployment_spec.yaml

Sample output:

deployment.apps/source-vm created service/source-vm created service/my-service created

It may take a few minutes for the deployment to finish.

  1. Now check for an external IP address:
kubectl get service

Sample output:

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-service LoadBalancer 80:31060/TCP 11m kubernetes ClusterIP 443/TCP 31m my-service LoadBalancer 80:31026/TCP 2m3s source-vm ClusterIP None 11m

When the web server is ready, you'll see an external IP address for the my-service you added.

Task 7. Test the migration

  • Test the migration by opening a browser and visiting the web page at the external IP address of my-service (be sure to use HTTP rather than HTTPS).

For example:


Click Check my progress to verify the objective. Verify creation of my-service through migration


You migrated a Compute Engine instance to a Kubernetes pod using Migrate to Containers. This same technique can be used for other sources of VMs including VMWare vSphere, AWS, and Azure.

Finish your quest

This self-paced lab is part of the VM Migration quest. A quest is a series of related labs that form a learning path. Completing a quest earns you a badge to recognize your achievement. You can make your badge or badges public and link to them in your online resume or social media account. Enroll in any quest that contains this lab and get immediate completion credit. Refer to the Google Cloud Skills Boost catalog for all available quests.

Take your next lab

Next steps / Learn more

End your lab

When you have completed your lab, click End Lab. Your account and the resources you've used are removed from the lab platform.

You will be given an opportunity to rate the lab experience. Select the applicable number of stars, type a comment, and then click Submit.

The number of stars indicates the following:

  • 1 star = Very dissatisfied
  • 2 stars = Dissatisfied
  • 3 stars = Neutral
  • 4 stars = Satisfied
  • 5 stars = Very satisfied

You can close the dialog box if you don't want to provide feedback.

For feedback, suggestions, or corrections, please use the Support tab.

Manual Last Updated: November 18, 2022

Lab Last Tested: June 6, 2022

Copyright 2023 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.