|
| 1 | +--- |
| 2 | +title: "Migrate Docker Engine nodes from dockershim to cri-dockerd" |
| 3 | +weight: 9 |
| 4 | +content_type: task |
| 5 | +--- |
| 6 | + |
| 7 | +{{% thirdparty-content %}} |
| 8 | + |
| 9 | +This page shows you how to migrate your Docker Engine nodes to use `cri-dockerd` |
| 10 | +instead of dockershim. You should follow these steps in these scenarios: |
| 11 | + |
| 12 | + * You want to switch away from dockershim and still use Docker Engine to run |
| 13 | + containers in Kubernetes. |
| 14 | + * You want to upgrade to Kubernetes v{{< skew currentVersion >}} and your |
| 15 | + existing cluster relies on dockershim, in which case you must migrate |
| 16 | + from dockershim and `cri-dockerd` is one of your options. |
| 17 | + |
| 18 | +To learn more about the removal of dockershim, read the [FAQ page](/dockershim). |
| 19 | + |
| 20 | +## What is cri-dockerd? {#what-is-cri-dockerd} |
| 21 | + |
| 22 | +In Kubernetes 1.23 and earlier, you could use Docker Engine with Kubernetes, |
| 23 | +relying on a built-in component of Kubernetes named _dockershim_. |
| 24 | +The dockershim component was removed in the Kubernetes 1.24 release; however, |
| 25 | +a third-party replacement, `cri-dockerd`, is available. The `cri-dockerd` adapter |
| 26 | +lets you use Docker Engine through the {{<glossary_tooltip term_id="cri" text="Container Runtime Interface">}}. |
| 27 | + |
| 28 | +{{<note>}} |
| 29 | +If you already use `cri-dockerd`, you aren't affected by the dockershim removal. |
| 30 | +Before you begin, [Check whether your nodes use the dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/). |
| 31 | +{{</note>}} |
| 32 | + |
| 33 | +If you want to migrate to `cri-dockerd` so that you can continue using Docker |
| 34 | +Engine as your container runtime, you should do the following for each affected |
| 35 | +node: |
| 36 | + |
| 37 | +1. Install `cri-dockerd`. |
| 38 | +1. Cordon and drain the node. |
| 39 | +1. Configure the kubelet to use `cri-dockerd`. |
| 40 | +1. Restart the kubelet. |
| 41 | +1. Verify that the node is healthy. |
| 42 | + |
| 43 | +Test the migration on non-critical nodes first. |
| 44 | + |
| 45 | +You should perform the following steps for each node that you want to migrate |
| 46 | +to `cri-dockerd`. |
| 47 | + |
| 48 | +## {{% heading "prerequisites" %}} |
| 49 | + |
| 50 | +* [`cri-dockerd`](https://github.com/mirantis/cri-dockerd#build-and-install) |
| 51 | + installed and started on each node. |
| 52 | +* A [network plugin](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/). |
| 53 | + |
| 54 | +## Cordon and drain the node |
| 55 | + |
| 56 | +1. Cordon the node to stop new Pods scheduling on it: |
| 57 | + |
| 58 | + ```shell |
| 59 | + kubectl cordon <NODE_NAME> |
| 60 | + ``` |
| 61 | + Replace `<NODE_NAME>` with the name of the node. |
| 62 | + |
| 63 | +1. Drain the node to safely evict running Pods: |
| 64 | + |
| 65 | + ```shell |
| 66 | + kubectl drain <NODE_NAME> \ |
| 67 | + --ignore-daemonsets |
| 68 | + ``` |
| 69 | + |
| 70 | +## Configure the kubelet to use cri-dockerd |
| 71 | + |
| 72 | +The following steps apply to clusters set up using the kubeadm tool. If you use |
| 73 | +a different tool, you should modify the kubelet using the configuration |
| 74 | +instructions for that tool. |
| 75 | + |
| 76 | +1. Open `/var/lib/kubelet/kubeadm-flags.env` on each affected node. |
| 77 | +1. Modify the `--container-runtime-endpoint` flag to |
| 78 | + `unix:///var/run/cri-dockerd.sock`. |
| 79 | + |
| 80 | +The kubeadm tool stores the node's socket as an annotation on the `Node` object |
| 81 | +in the control plane. To modify this socket for each affected node: |
| 82 | +
|
| 83 | +1. Edit the YAML representation of the `Node` object: |
| 84 | +
|
| 85 | + ```shell |
| 86 | + KUBECONFIG=/path/to/admin.conf kubectl edit no <NODE_NAME> |
| 87 | + ``` |
| 88 | + Replace the following: |
| 89 | + |
| 90 | + * `/path/to/admin.conf`: the path to the kubectl configuration file, |
| 91 | + `admin.conf`. |
| 92 | + * `<NODE_NAME>`: the name of the node you want to modify. |
| 93 | +
|
| 94 | +1. Change `kubeadm.alpha.kubernetes.io/cri-socket` from |
| 95 | + `/var/run/dockershim.sock` to `unix:///var/run/cri-dockerd.sock`. |
| 96 | +1. Save the changes. The `Node` object is updated on save. |
| 97 | +
|
| 98 | +## Restart the kubelet |
| 99 | +
|
| 100 | +```shell |
| 101 | +systemctl restart kubelet |
| 102 | +``` |
| 103 | +
|
| 104 | +## Verify that the node is healthy |
| 105 | +
|
| 106 | +To check whether the node uses the `cri-dockerd` endpoint, follow the |
| 107 | +instructions in [Find out which runtime you use](/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/). |
| 108 | +The `--container-runtime-endpoint` flag for the kubelet should be `unix:///var/run/cri-dockerd.sock`. |
| 109 | +
|
| 110 | +## Uncordon the node |
| 111 | +
|
| 112 | +Uncordon the node to let Pods schedule on it: |
| 113 | +
|
| 114 | +```shell |
| 115 | +kubectl uncordon <NODE_NAME> |
| 116 | +``` |
| 117 | +
|
| 118 | +## {{% heading "whatsnext" %}} |
| 119 | +
|
| 120 | +* Read the [dockershim removal FAQ](/dockershim/). |
| 121 | +* [Learn how to migrate from Docker Engine with dockershim to containerd](/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/). |
0 commit comments