Brothers! You probably already know that Kubernetes has dropped support for Docker as a container runtime in future releases. In the 1.20 release at the end of 2020, Dockershim is deprecated. In release 1.22, which is scheduled for release at the end of 2021, it is planned to completely abandon its support.
If you are using managed Kubernetes clusters (such as GKE, EKS, AKS) this will not be a major problem for you and most likely switching will be easy. But if you manage the cluster yourself (for example, using kubeadm ) and use the Docker container runtime, sooner or later, you will have to replace it in order to be able to update Kubernetes to the latest versions.
The purpose of this article is not to provide exhaustive information about the reasons for such a decision on the part of Kubernetes developers or to study in detail the behavior of specific container runtime in a Kubernetes cluster. Instead, we will figure out step by step how to switch the Docker container runtime to another solution that supports the Container Runtime Interface ( CRI ) standard . If you are interested in the reasons why Docker is no longer recommended for use, check out this article from the official Kubernetes Don't Panic blog : Kubernetes and Docker .
In order not to miss new articles, subscribe to the telegram channel Mops DevOps
What to check first
The impact on the workloads running on your cluster should be minimal. The only thing you need to worry about is whether you are using Docker-in-Docker in any of your containerized workloads by mounting the Docker socket /var/run/docker.sock. In this case, you will need to find an alternative (like Kaniko ) before switching from Docker to the new container runtime.
It is also highly recommended that you back up your data before moving on to switching the container runtime!
Let's get to work!
, , container runtime, . containerd container runtime, , , CRI-O.
(worker nodes) (control plane).
Worker nodes
.
1) drain
cordon
, :
kubectl cordon <node_name> kubectl drain <node_name>
: DaemonSets, --ignore-daemonsets
, pods. kubelet pods container runtime, . , DaemonSet, , , nodeSelector
DaemonSet, .
2) kubelet:
sudo systemctl stop kubelet sudo systemctl status kubelet
3) Docker
, Linux Docker. , Docker, , (, /var/ lib/docker).
5) Enable
Start
containerd:
sudo systemctl enable containerd sudo systemctl start containerd sudo systemctl status containerd
6) Kubernetes container runtime CRI . , containerd.
/etc/containerd/config.toml
disabled_plugins = [""]
, containerd:
sudo systemctl restart containerd
7) kubelet.
/var/lib/kubelet/kubeadm-flags.env KUBELET_KUBEADM_ARGS ( container runtime):
--container-runtime=remote --container-runtime-endpoint=/run/containerd/containerd.sock
8) kubelet:
sudo systemctl start kubelet
9) , container runtime:
kubectl describe node <node_name>
System Info: Machine ID: 21a5dd31f86c4 System UUID: 4227EF55-BA3BCCB57BCE Boot ID: 77229747-9ea581ec6773 Kernel Version: 3.10.0-1127.10.1.el7.x86_64 OS Image: Red Hat Enterprise Linux Server 7.8 (Maipo) Operating System: linux Architecture: amd64 >>Container Runtime Version: containerd://1.4.3 Kubelet Version: v1.20.2 Kube-Proxy Version: v1.20.2
10) Uncordon , , pods:
kubectl uncordon <node_name>
, , !
Control Plane
container runtime . , .
container runtime kube-apiserver, etcd coredns pods, . kubectl.
, container runtime :
1) journalctl, kubelet:
journalctl -u kubelet
2) containerd:
journalctl -u containerd
3) crictl, , :
crictl --runtime-endpoint /run/containerd/containerd.sock ps
4) container runtime , , :
kubectl describe node <master_node_name> , kubectl get node -o wide
! Kubernetes Docker, .
- Mops DevOps - , , !