[ad_1]
Kubernetes v1.24 The ship was later released without Dockershim yet depreciate it In the December 2020 release v1.20. Dockershim is no longer available as a built-in container runtime. You need to use a file Supported playback time Instead, like containersor CRI-O or Docker Engine with the cri-dockerd Electric switch.
In this article, we will explain how to check if you are affected or not and then explain how you can go to a different uptime. You must take these steps Before You are upgrading to Kubernetes v1.24 or later so that your cluster workloads are not affected.
What was Dockershim?
Dockershim was developed as a necessary component so that Kubernetes could support more container runtimes. At the beginning of the project, Kubernetes only worked with the Docker Engine. This limitation has been removed by entering CRI . Standard. Any CRI-compliant runtime can now be used with Kubernetes, including containerd and CRI-OAnd the OCI Implementation of the standard.
While CRI brought new flexibility to Kubernetes, it posed a problem for existing clusters. Docker lacked support for the CRI standard, so Dockershim was designed to allow compatibility of the Kubernetes team layer on top. Dockershim was a direct integration with the Docker Engine that was always intended to be a temporary measure.
Container traffic is now much more than Docker, as Kubernetes’ original push to CRI demonstrates. Docker itself has been split into individual components with the runtime extracted as containersHe is a graduate of the Cloud Native Computing Foundation (CNCF).
The containerd is fully supported by Kubernetes and is more suitable for standalone use in cloud environments. Kubernetes Docker does not require the CLI and its feature set to run Pods; All you need is the ability to start and run containers at a relatively low level. Dockershim was removed because it was difficult to maintain. create its use fragile code which was tightly coupled to the Docker Engine implementation.
Check if you are using Dockershim
Groups created recently on modern platforms are unlikely to use Dockershim. This includes groups operated by popular cloud providers such as Amazon EKS, Azure AKS, Google GKE, and DigitalOcean DOKS.
You will likely need to take action if you keep your own group and first set it up several years ago. You can check if you are using Dockershim as a runtime for any of your nodes by running this Kubectl command:
$ kubectl get nodes -o wide NAME STATUS VERSION CONTAINER-RUNTIME node-1 Ready v1.22.8 docker://19.3.1 node-2 Ready v1.22.8 containerd://1.4.13
In this example one of the nodes is using containerd and can be left as is. The other node is configured with Docker and can be affected by Dockershim removal. You can check by running this command on node:
$ tr \\0 ' ' < /proc/"$(pgrep kubelet)"/cmdline | grep "\-\-container\-runtime"
Your Node is using Dockershim to run containers if no output is shown. If you get some output, check the show --container-runtime-endpoint Flag value to determine if Dockershim is active. Runtime endpoint unix:///run/containerd/containerd.sock The flags container is used, so there is no need to migrate.
Change node runtime
Nodes using Dockershim must be updated to Use a different runtime. First drain your Node workloads with Kubectl, so your Pods are rescheduled to other Nodes in your group. You must also surround the node to stop any new Pods from being scheduled.
$ kubectl cordon node-1 $ kubectl drain node-1 --ignore-daemonsets
Next, run the following commands on the same node. Start by stopping the Docker daemon and Node’s Kubelet running process:
$ systemctl stop kubelet $ systemctl disable docker.service --now
Now you can install your new runtime.
Container use d
The container is generally considered to be the preferred solution for existing collections. You should be able to migrate to containerd if you don’t rely on specific features of the Docker engine. If you are, head to the next section and install cri-dockerd While that.
Add a Docker repository to your system if your package lists don’t already include it. containerd is distributed in a Docker repository.
$ sudo apt-get update $ sudo apt-get install ca-certificates curl gnupg lsb-release $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg $ echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Container install:
$ sudo apt update $ sudo apt install containerd
Now update the node’s Kubelet configuration file to use the new runtime. to open /var/lib/kubelet/kubeadm-flags.env. Find or add a file --container-runtime And the --container-runtime-endpoint tags with the following values:
--container-runtime=remote--container-runtime-endpoint=unix:///run/containerd/containerd.sock
Next, change the annotation of the saved socket against the node object in the Kubernetes control plane:
$ kubectl edit node node-1
In the file that opens, find a file kubeadm.alpha.kubernetes.io/cri-socket Annotation and change it to unix:///run/containerd/containerd.sock. Save and close the file to update the node object.
Now restart Kubelet:
$ systemctl start kubelet
Allow the node a few moments to start up and connect to the Kubernetes control plane. You should be able to duplicate a file get nodes command and see that containerd is in use now.
$ kubectl get nodes -o wide NAME STATUS VERSION CONTAINER-RUNTIME node-1 Ready v1.22.8 containerd://1.4.13 node-2 Ready v1.22.8 containerd://1.4.13
Finally, remove the hoop you placed around the knot so you can start receiving the horns:
$ kubectl uncordon node-1
using cri-dockerd
cri-dockerd It is a runtime jointly developed by Docker and Mirantis. It is a standalone version of Dockershim that is maintained independently. It allows you to keep using familiar functionality without overburdening your Kubernetes project with Dockershim maintenance requirements.
Make sure you’ve already got Docker Engine is installed. Then install cri-dockerd by downloading the latest binary from the GitHub versions:
$ wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.0/cri-dockerd-v0.2.0-linux-amd64.tar.gz $ tar xvf cri-dockerd-v0.2.0-linux-amd64.tar.gz $ mv cri-dockerd /usr/local/bin/
Next download, install and enable the cri-dockerd system service configurations:
wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket sudo mv cri-docker.socket cri-docker.service /etc/systemd/system/ sudo sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service sudo systemctl daemon-reload sudo systemctl enable cri-docker.service sudo systemctl enable --now cri-docker.socket
You can now modify your Node’s Kubelet configuration to use cri-dockerd. This is similar to configuring node to use containerd.
to open /var/lib/kubelet/kubeadm-flags.env. Find or add a file --container-runtime And the --container-runtime-endpoint tags with the following values:
--container-runtime=remote--container-runtime-endpoint=unix:///var/run/cri-dockerd.sock
Then change the annotation of the node object’s socket:
$ kubectl edit node node-1
In the file that opens, find a file kubeadm.alpha.kubernetes.io/cri-socket Annotation and change it to unix:///var/run/cri-dockerd.sock. Save and close the file to update the node object.
Now restart Kubelet:
$ systemctl start kubelet
Wait a few moments and then use Kubectl to verify that the node is up and running. It will still display the Docker runtime but is now based on the standalone cri-dockerd database, rather than the Kubernetes-integrated Dockershim.
$ kubectl get nodes -o wide NAME STATUS VERSION CONTAINER-RUNTIME node-1 Ready v1.22.8 docker://19.3.1 node-2 Ready v1.22.8 containerd://1.4.13
You can now remove the hoop you placed around the knot. It will start accepting Pod schedule requests again.
$ kubectl uncordon node-1
conclusion
Kubernetes v1.24 removed the Dockershim component that was previously CRI compliant for the Docker engine. While the latest collections will not be affected, you should check if you are using Dockershim before upgrading to the new version.
The runtime to switch to depends on how you are currently using the group. Contained is usually a good choice if you don’t use Docker features. You can use cri-dockerd for Dockershim-like re-integration if you need to maintain compatibility with existing Docker Engine based tools. This helps too If you escalate Docker daemon socket (/var/run/docker.sock) in your container to power docker Workflow.
Removing Dockershim does not affect how container images are created and used. Kubernetes can still play back images created with files docker build It is compatible with all supported runtimes. CRI runtimes work with any OCI format image, as output by Docker and Other photo builders.
[ad_2]
Source link
