Container-Optimized OS (COS) is an operating system image for your Compute Engine VMs that is optimized for running Docker containers. With Container-Optimized OS, you can bring up your Docker containers on Cloud de Confiance quickly, efficiently, and securely. This page describes the differences between the Cloud de Confiance and Google Cloud versions of Container-Optimized OS.
For more detailed information about Container-Optimized OS, see the Container-Optimized OS overview and the rest of the Container-Optimized OS documentation.
Key differences
There are some differences between the Cloud de Confiance version of Container-Optimized OS and the Google Cloud version. Some notable differences include the following:
- COS milestones 113 and below are unavailable
- ARM OS image families are unavailable
- Automatic updates are unavailable
A more detailed list of differences is provided in the rest of this section. If you are already familiar with Google Cloud, we recommend that you review these differences carefully, particularly before designing an application to run on Cloud de Confiance. We also recommend reviewing the general differences between Cloud de Confiance and Google Cloud.
If you would like to use a particular Container-Optimized OS feature that isn't currently available in Cloud de Confiance, contact Cloud de Confiance support. To be notified when new features roll out in Cloud de Confiance, subscribe to the release notes. Unless otherwise specified, features that are in preview are not available in Cloud de Confiance.
Hardware and OS
| Operating system details | The following differences apply to the image project:
|
Creating and configuring instances
| Creating a simple instance | Creating an instance with a container or containers as described in Creating and configuring an instance is not available, as the Konlet workflow is not supported in Cloud de Confiance by S3NS. Instead, follow the instructions in Create a Compute Engine instance to create an instance, selecting a Container-Optimized OS version as your boot disk. |
| Other metadata flags | Other metadata flags are unavailable |
| Enabling or disabling automatic updates | Enabling or disabling automatic updates is unavailable |
Running containers on instances
| Container Registry | Container Registry is unavailable |
| Private images | Accessing private images command docker-credential-gcr configure-docker should be replaced with docker-credential-gcr configure-docker --registries s3nsregistry.fr
|
| Configuring Docker daemon | Configuring Docker daemon to pull images from registry cache is unavailable |
Monitoring
| Node Problem Detector | Monitoring system health with Node Problem Detector is unavailable |
Building from open source
| Building from open source | Building from open source is unavailable |
Toolbox
| References to gcr.io/cos-cloud/toolbox | The toolbox Docker image has a different repository path in Cloud de Confiance. Use docker.s3nsregistry.fr/s3ns-system/cos-cloud/toolbox/toolbox if you need to pull the image
|
GPU accelerators
| Pulling cos-gpu-installer | The cos-gpu-installer Docker image has a different repository path in Cloud de Confiance.Use docker.s3nsregistry.fr/s3ns-system/cos-cloud/cos-gpu-installer/cos_gpu_installer if you need to pull the image
|
| Available GPUs | NVIDIA H100 is available |
| Unavailable GPUs |
The following machine types and their associated gpu drivers are unavailable: A2, G2, and N1 Pre-compiled close source drivers cannot be mirrored in Cloud de Confiance by S3NS, hence the following GPUs are unavailable: |
Workflows and tools
| Artifact Registry domain | Use s3nsregistry.fr instead of pkg.dev when using images in Artifact Registry
|
| Oval vulnerability feed | Oval vulnerability feed is unavailable |
| Configuring instances with user-defined guest policies | OSConfig is unavailable |
| OS Policy | OS Policy is unavailable |
Related guides
The following information might also affect how you use and design for Container-Optimized OS in Cloud de Confiance by S3NS. These guides include general information about working in Cloud de Confiance, including documentation, security and access control, billing, tooling, and service usage.
For details about other services and features in Cloud de Confiance and their differences from their Google Cloud counterparts, see the product list.