|
| 1 | +--- |
| 2 | +title: "Migrate Docker Engine nodes from dockershim to cri-dockerd" |
| 3 | +weight: 9 |
| 4 | +content_type: task |
| 5 | +--- |
| 6 | + |
| 7 | +{{% thirdparty-content %}} |
| 8 | + |
| 9 | +This page shows you how to migrate your Docker Engine nodes to use `cri-dockerd` |
| 10 | +instead of dockershim. Follow these steps if your clusters run Kubernetes 1.23 |
| 11 | +or earlier and you want to continue using Docker Engine after |
| 12 | +you upgrade to Kubernetes 1.24 and later, or if you just want to move off the |
| 13 | +dockershim component. |
| 14 | + |
| 15 | +## What is cri-dockerd? {#what-is-cri-dockerd} |
| 16 | + |
| 17 | +In Kubernetes 1.23 and earlier, Docker Engine used a component called the |
| 18 | +dockershim to interact with Kubernetes system components such as the kubelet. |
| 19 | +The dockershim component is deprecated and will be removed in Kubernetes 1.24. A |
| 20 | +third-party replacement, `cri-dockerd`, is available. The `cri-dockerd` adapter |
| 21 | +lets you use Docker Engine through the {{<glossary_tooltip term_id="cri" text="Container Runtime Interface">}}. |
| 22 | + |
| 23 | +{{<note>}} |
| 24 | +If you already use `cri-dockerd`, you aren't affected by the dockershim removal. |
| 25 | +Before you begin, [Check whether your nodes use the dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/). |
| 26 | +{{</note>}} |
| 27 | + |
| 28 | +If you want to migrate to `cri-dockerd` so that you can continue using Docker |
| 29 | +Engine as your container runtime, you should do the following for each affected |
| 30 | +node: |
| 31 | + |
| 32 | +1. Install `cri-dockerd`. |
| 33 | +1. Cordon and drain the node. |
| 34 | +1. Configure the kubelet to use `cri-dockerd`. |
| 35 | +1. Restart the kubelet. |
| 36 | +1. Verify that the node is healthy. |
| 37 | + |
| 38 | +Test the migration on non-critical nodes first. |
| 39 | + |
| 40 | +You should perform the following steps for each node that you want to migrate |
| 41 | +to `cri-dockerd`. |
| 42 | + |
| 43 | +## {{% heading "prerequisites" %}} |
| 44 | + |
| 45 | +* [`cri-dockerd`](https://github.com/mirantis/cri-dockerd#build-and-install) |
| 46 | + installed and started on each node. |
| 47 | +* A [network plugin](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/). |
| 48 | + |
| 49 | +## Cordon and drain the node |
| 50 | + |
| 51 | +1. Cordon the node to stop new Pods scheduling on it: |
| 52 | + |
| 53 | + ```shell |
| 54 | + kubectl cordon <NODE_NAME> |
| 55 | + ``` |
| 56 | + Replace `<NODE_NAME>` with the name of the node. |
| 57 | + |
| 58 | +1. Drain the node to safely evict running Pods: |
| 59 | + |
| 60 | + ```shell |
| 61 | + kubectl drain <NODE_NAME> \ |
| 62 | + --ignore-daemonsets |
| 63 | + ``` |
| 64 | + |
| 65 | +## Configure the kubelet to use cri-dockerd |
| 66 | + |
| 67 | +The following steps apply to clusters set up using the kubeadm tool. If you use |
| 68 | +a different tool, you should modify the kubelet using the configuration |
| 69 | +instructions for that tool. |
| 70 | + |
| 71 | +1. Open `/var/lib/kubelet/kubeadm-flags.env` on each affected node. |
| 72 | +1. Modify the `--container-runtime-endpoint` flag to |
| 73 | + `unix:///var/run/cri-dockerd.sock`. |
| 74 | + |
| 75 | +The kubeadm tool stores the node's socket as an annotation on the `Node` object |
| 76 | +in the control plane. To modify this socket for each affected node: |
| 77 | +
|
| 78 | +1. Edit the YAML representation of the `Node` object: |
| 79 | +
|
| 80 | + ```shell |
| 81 | + KUBECONFIG=/path/to/admin.conf kubectl edit no <NODE_NAME> |
| 82 | + ``` |
| 83 | + Replace the following: |
| 84 | + |
| 85 | + * `/path/to/admin.conf`: the path to the kubectl configuration file, |
| 86 | + `admin.conf`. |
| 87 | + * `<NODE_NAME>`: the name of the node you want to modify. |
| 88 | +
|
| 89 | +1. Change `kubeadm.alpha.kubernetes.io/cri-socket` from |
| 90 | + `/var/run/dockershim.sock` to `unix:///var/run/cri-dockerd.sock`. |
| 91 | +1. Save the changes. The `Node` object is updated on save. |
| 92 | +
|
| 93 | +## Restart the kubelet |
| 94 | +
|
| 95 | +```shell |
| 96 | +systemctl start kubelet |
| 97 | +``` |
| 98 | +
|
| 99 | +## Verify that the node is healthy |
| 100 | +
|
| 101 | +To check whether the node uses the `cri-dockerd` endpoint, follow the |
| 102 | +instructions in [Find out which runtime you use](/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/). |
| 103 | +The `--container-runtime-endpoint` flag for the kubelet should be `unix:///var/run/cri-dockerd.sock`. |
| 104 | +
|
| 105 | +## Uncordon the node |
| 106 | +
|
| 107 | +Uncordon the node to let Pods schedule on it: |
| 108 | +
|
| 109 | +```shell |
| 110 | +kubectl uncordon <NODE_NAME> |
| 111 | +``` |
| 112 | +
|
| 113 | +## {{% heading "whatsnext" %}} |
| 114 | +
|
| 115 | +* Read the [dockershim removal FAQ](/dockershim/). |
| 116 | +* [Learn how to migrate from Docker Engine with dockershim to containerd](/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/). |
0 commit comments