|
| 1 | +--- |
| 2 | +title: 将 Docker Engine 节点从 dockershim 迁移到 cri-dockerd |
| 3 | +weight: 9 |
| 4 | +content_type: task |
| 5 | +--- |
| 6 | + |
| 7 | +<!-- |
| 8 | +title: "Migrate Docker Engine nodes from dockershim to cri-dockerd" |
| 9 | +weight: 9 |
| 10 | +content_type: task |
| 11 | +--> |
| 12 | + |
| 13 | +{{% thirdparty-content %}} |
| 14 | + |
| 15 | +<!-- |
| 16 | +This page shows you how to migrate your Docker Engine nodes to use `cri-dockerd` |
| 17 | +instead of dockershim. You should follow these steps in these scenarios: |
| 18 | +
|
| 19 | + * You want to switch away from dockershim and still use Docker Engine to run |
| 20 | + containers in Kubernetes. |
| 21 | + * You want to upgrade to Kubernetes v{{< skew currentVersion >}} and your |
| 22 | + existing cluster relies on dockershim, in which case you must migrate |
| 23 | + from dockershim and `cri-dockerd` is one of your options. |
| 24 | +
|
| 25 | +To learn more about the removal of dockershim, read the [FAQ page](/dockershim). |
| 26 | +--> |
| 27 | +本页面为你展示如何迁移你的 Docker Engine 节点,使之使用 `cri-dockerd` 而不是 dockershim。 |
| 28 | +在以下场景中,你可以遵从这里的步骤执行操作: |
| 29 | + |
| 30 | +* 你期望不再使用 dockershim,但仍然使用 Docker Engine 来在 Kubernetes 中运行容器。 |
| 31 | +* 你希望升级到 Kubernetes v{{< skew currentVersion >}} 且你的现有集群依赖于 dockershim, |
| 32 | + 因此你必须放弃 dockershim,而 `cri-dockerd` 是你的一种选项。 |
| 33 | + |
| 34 | +要进一步了解 dockershim 的移除,请阅读 [FAQ 页面](/zh/dockershim)。 |
| 35 | + |
| 36 | +<!-- |
| 37 | +## What is cri-dockerd? {#what-is-cri-dockerd} |
| 38 | +
|
| 39 | +In Kubernetes 1.23 and earlier, you could use Docker Engine with Kubernetes, |
| 40 | +relying on a built-in component of Kubernetes named _dockershim_. |
| 41 | +The dockershim component was removed in the Kubernetes 1.24 release; however, |
| 42 | +a third-party replacement, `cri-dockerd`, is available. The `cri-dockerd` adapter |
| 43 | +lets you use Docker Engine through the {{<glossary_tooltip term_id="cri" text="Container Runtime Interface">}}. |
| 44 | +--> |
| 45 | +## cri-dockerd 是什么? {#what-is-cri-dockerd} |
| 46 | + |
| 47 | +在 Kubernetes v1.24 及更早版本中,你可以在 Kubernetes 中使用 Docker Engine, |
| 48 | +依赖于一个称作 _dockershim_ 的内置 Kubernetes 组件。 |
| 49 | +dockershim 组件在 Kubernetes v1.24 发行版本中已被移除;不过,一种来自第三方的替代品, |
| 50 | +`cri-dockerd` 是可供使用的。`cri-dockerd` 适配器允许你通过 |
| 51 | +{{<glossary_tooltip term_id="cri" text="容器运行时接口(Container Runtime Interface,CRI)">}} |
| 52 | +来使用 Docker Engine。 |
| 53 | + |
| 54 | +{{<note>}} |
| 55 | +<!-- |
| 56 | +If you already use `cri-dockerd`, you aren't affected by the dockershim removal. |
| 57 | +Before you begin, [Check whether your nodes use the dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/). |
| 58 | +--> |
| 59 | +如果你已经在使用 `cri-dockerd`,那么你不会被 dockershim 的移除影响到。 |
| 60 | +在开始之前,[检查你的节点是否在使用 dockershim](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/)。 |
| 61 | +{{</note>}} |
| 62 | + |
| 63 | +<!-- |
| 64 | +If you want to migrate to `cri-dockerd` so that you can continue using Docker |
| 65 | +Engine as your container runtime, you should do the following for each affected |
| 66 | +node: |
| 67 | +
|
| 68 | +1. Install `cri-dockerd`. |
| 69 | +1. Cordon and drain the node. |
| 70 | +1. Configure the kubelet to use `cri-dockerd`. |
| 71 | +1. Restart the kubelet. |
| 72 | +1. Verify that the node is healthy. |
| 73 | +--> |
| 74 | +如果你想要迁移到 `cri-dockerd` 以便继续使用 Docker Engine 作为你的容器运行时, |
| 75 | +你需要在所有被影响的节点上执行以下操作: |
| 76 | + |
| 77 | +1. 安装 `cri-dockerd`; |
| 78 | +1. 隔离(Cordon)并腾空(Drain)该节点; |
| 79 | +1. 配置 kubelet 使用 `cri-dockerd`; |
| 80 | +1. 重新启动 kubelet; |
| 81 | +1. 验证节点处于健康状态。 |
| 82 | + |
| 83 | +<!-- |
| 84 | +Test the migration on non-critical nodes first. |
| 85 | +
|
| 86 | +You should perform the following steps for each node that you want to migrate |
| 87 | +to `cri-dockerd`. |
| 88 | +--> |
| 89 | +首先在非关键节点上测试这一迁移过程。 |
| 90 | + |
| 91 | +你应该针对所有希望迁移到 `cri-dockerd` 的节点执行以下步骤。 |
| 92 | + |
| 93 | +## {{% heading "prerequisites" %}} |
| 94 | + |
| 95 | +<!-- |
| 96 | +* [`cri-dockerd`](https://github.com/mirantis/cri-dockerd#build-and-install) |
| 97 | + installed and started on each node. |
| 98 | +* A [network plugin](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/). |
| 99 | +--> |
| 100 | +* 安装了 [`cri-dockerd`](https://github.com/mirantis/cri-dockerd#build-and-install) |
| 101 | + 并且该服务已经在各节点上启动; |
| 102 | +* 一个[网络插件](/zh/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)。 |
| 103 | + |
| 104 | +<!-- |
| 105 | +## Cordon and drain the node |
| 106 | +
|
| 107 | +1. Cordon the node to stop new Pods scheduling on it: |
| 108 | +
|
| 109 | + ```shell |
| 110 | + kubectl cordon <NODE_NAME> |
| 111 | + ``` |
| 112 | + Replace `<NODE_NAME>` with the name of the node. |
| 113 | +--> |
| 114 | +## 隔离并腾空节点 {#cordon-and-drain-the-node} |
| 115 | + |
| 116 | +1. 隔离节点,阻止新的 Pod 被调度到节点上: |
| 117 | + |
| 118 | + ```shell |
| 119 | + kubectl cordon <NODE_NAME> |
| 120 | + ``` |
| 121 | + |
| 122 | + 将 `<NODE_NAME>` 替换为节点名称。 |
| 123 | + |
| 124 | +<!-- |
| 125 | +1. Drain the node to safely evict running Pods: |
| 126 | +--> |
| 127 | +2. 腾空节点以安全地逐出所有运行中的 Pod: |
| 128 | + |
| 129 | + ```shell |
| 130 | + kubectl drain <NODE_NAME> --ignore-daemonsets |
| 131 | + ``` |
| 132 | + |
| 133 | +<!-- |
| 134 | +## Configure the kubelet to use cri-dockerd |
| 135 | +
|
| 136 | +The following steps apply to clusters set up using the kubeadm tool. If you use |
| 137 | +a different tool, you should modify the kubelet using the configuration |
| 138 | +instructions for that tool. |
| 139 | +--> |
| 140 | +## 配置 kubelet 使用 cri-dockerd {#configure-the-kubelet-to-use-cri-dockerd} |
| 141 | + |
| 142 | +下面的步骤适用于用 kubeadm 工具安装的集群。如果你使用不同的工具, |
| 143 | +你需要使用针对该工具的配置指令来修改 kubelet。 |
| 144 | + |
| 145 | +<!-- |
| 146 | +1. Open `/var/lib/kubelet/kubeadm-flags.env` on each affected node. |
| 147 | +1. Modify the `--container-runtime-endpoint` flag to |
| 148 | + `unix:///var/run/cri-dockerd.sock`. |
| 149 | +--> |
| 150 | +1. 在每个被影响的节点上,打开 `/var/lib/kubelet/kubeadm-flags.env` 文件; |
| 151 | +1. 将 `--container-runtime-endpoint` 标志,将其设置为 `unix:///var/run/cri-dockerd.sock`。 |
| 152 | + |
| 153 | +<!-- |
| 154 | +The kubeadm tool stores the node's socket as an annotation on the `Node` object |
| 155 | +in the control plane. To modify this socket for each affected node: |
| 156 | +--> |
| 157 | +kubeadm 工具将节点上的套接字存储为控制面上 `Node` 对象的注解。 |
| 158 | +要为每个被影响的节点更改此套接字: |
| 159 | + |
| 160 | +<!-- |
| 161 | +1. Edit the YAML representation of the `Node` object: |
| 162 | +
|
| 163 | + ```shell |
| 164 | + KUBECONFIG=/path/to/admin.conf kubectl edit no <NODE_NAME> |
| 165 | + ``` |
| 166 | + Replace the following: |
| 167 | + |
| 168 | + * `/path/to/admin.conf`: the path to the kubectl configuration file, |
| 169 | + `admin.conf`. |
| 170 | + * `<NODE_NAME>`: the name of the node you want to modify. |
| 171 | +
|
| 172 | +1. Change `kubeadm.alpha.kubernetes.io/cri-socket` from |
| 173 | + `/var/run/dockershim.sock` to `unix:///var/run/cri-dockerd.sock`. |
| 174 | +1. Save the changes. The `Node` object is updated on save. |
| 175 | +--> |
| 176 | +1. 编辑 `Node` 对象的 YAML 表示: |
| 177 | + |
| 178 | + ```shell |
| 179 | + KUBECONFIG=/path/to/admin.conf kubectl edit no <NODE_NAME> |
| 180 | + ``` |
| 181 | + |
| 182 | + 根据下面的说明执行替换: |
| 183 | + |
| 184 | + * `/path/to/admin.conf`:指向 kubectl 配置文件 `admin.conf` 的路径; |
| 185 | + * `<NODE_NAME>`:你要修改的节点的名称。 |
| 186 | + |
| 187 | +1. 将 `kubeadm.alpha.kubernetes.io/cri-socket` 标志从 |
| 188 | + `/var/run/dockershim.sock` 更改为 `unix:///var/run/cri-dockerd.sock`; |
| 189 | +1. 保存所作更改。保存时,`Node` 对象被更新 |
| 190 | + |
| 191 | + |
| 192 | +<!-- |
| 193 | +## Restart the kubelet |
| 194 | +--> |
| 195 | +## 重启 kubelet {#restart-the-kubelet} |
| 196 | + |
| 197 | +```shell |
| 198 | +systemctl restart kubelet |
| 199 | +``` |
| 200 | + |
| 201 | +<!-- |
| 202 | +## Verify that the node is healthy |
| 203 | +
|
| 204 | +To check whether the node uses the `cri-dockerd` endpoint, follow the |
| 205 | +instructions in [Find out which runtime you use](/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/). |
| 206 | +The `--container-runtime-endpoint` flag for the kubelet should be `unix:///var/run/cri-dockerd.sock`. |
| 207 | +--> |
| 208 | +## 验证节点处于健康状态 {#verify-that-the-node-is-healthy} |
| 209 | + |
| 210 | +要检查节点是否在使用 `cri-dockerd` 端点, |
| 211 | +按照[找出你所使用的运行时](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/)页面所给的指令操作。 |
| 212 | +kubelet 的 `--container-runtime-endpoint` 标志取值应该是 `unix:///var/run/cri-dockerd.sock`。 |
| 213 | + |
| 214 | +<!-- |
| 215 | +## Uncordon the node |
| 216 | +
|
| 217 | +Uncordon the node to let Pods schedule on it: |
| 218 | +--> |
| 219 | +## 解除节点隔离 {#uncordon-the-node} |
| 220 | + |
| 221 | +```shell |
| 222 | +kubectl uncordon <NODE_NAME> |
| 223 | +``` |
| 224 | + |
| 225 | +## {{% heading "whatsnext" %}} |
| 226 | + |
| 227 | +<!-- |
| 228 | +* Read the [dockershim removal FAQ](/dockershim/). |
| 229 | +* [Learn how to migrate from Docker Engine with dockershim to containerd](/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/). |
| 230 | +--> |
| 231 | +* 阅读 [dockershim 移除常见问题](/zh/dockershim)。 |
| 232 | +* [了解如何从基于 dockershim 的 Docker Engine 迁移到 containerd](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/)。 |
| 233 | + |
0 commit comments