Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs to change Container runtime #30141

Merged
merged 17 commits into from
Feb 11, 2022
Merged

Docs to change Container runtime #30141

Changes from 3 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
1ad36f6
Docs to change Container runtime
Debanitrkl Oct 19, 2021
1a5066b
Updated header
Debanitrkl Oct 20, 2021
63f34ed
Updated header
Debanitrkl Oct 20, 2021
f1aade1
Few changes made according to the reviews
Debanitrkl Nov 24, 2021
b95629f
Updated few headings
Debanitrkl Jan 5, 2022
60efd5d
Updated few markdown changes
Debanitrkl Jan 24, 2022
138a3d9
Reverted a unwanted changes
Debanitrkl Jan 24, 2022
ec6061c
Removed the double extension in the filename
Debanitrkl Jan 26, 2022
deb40dd
Updated
Debanitrkl Feb 1, 2022
f97bf9f
Updated according to review
Debanitrkl Feb 1, 2022
8eb2aa7
Final Updates
Debanitrkl Feb 4, 2022
36ad07c
Added instructions to remove docker engine
Debanitrkl Feb 7, 2022
704bf04
Minor changes
Debanitrkl Feb 7, 2022
ec48473
Minor updates on heading
Debanitrkl Feb 7, 2022
8b73923
Minor updates on lists
Debanitrkl Feb 7, 2022
7dc0d47
Minor updates on line 106
Debanitrkl Feb 9, 2022
c38dc24
Minor updates on line 106
Debanitrkl Feb 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
115 changes: 115 additions & 0 deletions ...nt/en/docs/tasks/administer-cluster/migrating-from-dockershim/Change-runtime.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
---
title: "Migrating Container runtime from dockershim to containerd"
Copy link
Member

@neolit123 neolit123 Nov 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems to be an opinionated suggestion for transition.
what if the user wishes to use cri-o instead of containerd?

in the CR popularity survey we did before docker was first, followed by containerd and then cri-o.
so if containerd wins here by being second, it makes sense, but cri-o might not be very happy about this.

cc @saschagrunert for feedback on CRI-O.

Copy link
Member

@saschagrunert saschagrunert Nov 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reaching out! I think the whole guide is opinionated to a particular setup, which is probably fine. Mentioning CRI-O as alternative container runtime to containerd would make us very happy, though. 🙃

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, i think it's worth denoting with a sentence near the top of the guide that this covers an example scenario for migrating from dockershim to containerd and that alternative container runtime such as cri-o can be picked from the https://kubernetes.io/docs/setup/production-environment/container-runtimes/ page.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds like a good way to head off issues around https://kubernetes.io/docs/contribute/style/content-guide/#third-party-content

We make an exception for container runtimes - these are necessary out-of-project packages that you must have to make a working Kubernetes cluster - but we don't like to be in the business of picking favorites.

weight: 10
content_type: task
---

- Drain Node
```
# replace <node-to-drain> with the name of your node you are draining
kubectl drain <node-to-drain> --ignore-daemonsets
```
- Stop docker
Debanitrkl marked this conversation as resolved.
Show resolved Hide resolved
```
systemctl stop kubelet
systemctl stop docker
```
- Install & start containerd


### For linux systems
Debanitrkl marked this conversation as resolved.
Show resolved Hide resolved
Use the following commands to install Containerd on your system:

Install and configure prerequisites:
Copy link
Member

@neolit123 neolit123 Nov 23, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the guide seems to be duplicating steps that already existing the in the "installing a container runtime" page:
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
instead we can cross-link.

the steps can be generalized as:

  • drain node
  • stop kubelet
  • uninstall old CR
  • install new CR (CR of your chose, not picking a preference in this page, cross-link to the main CR page)
  • update kubelet config and kubeadm bits (optional)
  • restart kubelet
  • uncordon node
  • check if the node / pods work

i know that it works and i've seen users already do it, but before we merge such a guide for hotswap SIG node must tell us if this is even supported and if something unpredictable can happen. cgroup (drivers)? proper cleanup after uninstalling the old CR - logs, container state, etc?

cc @SergeyKanzhelev

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we do want a “dummies guide to” here, because the Docker deprecation is already worrying quite a few people.


```shell
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# Setup required sysctl params, these persist across reboots.
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

# Apply sysctl params without reboot
sudo sysctl --system
```

Install containerd:

1. Install the `containerd.io` package from the official Docker repositories.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why use the Docker repository for this? I would recommend that people fetch it from their
OS distribution or, failing that, from source and build it.

I suspect that telling people to get containerd from Docker is liable to add to the confusion.

Instructions for setting up the Docker repository for your respective Linux distribution and
installing the `containerd.io` package can be found at
[Install Docker Engine](https://docs.docker.com/engine/install/#server).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Instructions for setting up the Docker repository for your respective Linux distribution and
installing the `containerd.io` package can be found at
[Install Docker Engine](https://docs.docker.com/engine/install/#server).
You can find instructions for installing `containerd` at
[Starting Containerd](https://containerd.io/docs/getting-started/#starting-containerd).


2. Configure containerd:

```shell
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
```

3. Restart containerd:

```shell
sudo systemctl restart containerd
```
### For windows powershell
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider splitting this into two task pages, one for Linux nodes and one for Windows nodes.


Start a Powershell session, set `$Version` to the desired version (ex: `$Version=1.4.3`),
and then run the following commands:

1. Download containerd:

```powershell
curl.exe -L https://github.com/containerd/containerd/releases/download/v$Version/containerd-$Version-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz
tar.exe xvf .\containerd-windows-amd64.tar.gz
```

2. Extract and configure:

```powershell
Copy-Item -Path ".\bin\" -Destination "$Env:ProgramFiles\containerd" -Recurse -Force
cd $Env:ProgramFiles\containerd\
.\containerd.exe config default | Out-File config.toml -Encoding ascii

# Review the configuration. Depending on setup you may want to adjust:
# - the sandbox_image (Kubernetes pause image)
# - cni bin_dir and conf_dir locations
Get-Content config.toml

# (Optional - but highly recommended) Exclude containerd from Windows Defender Scans
Add-MpPreference -ExclusionProcess "$Env:ProgramFiles\containerd\containerd.exe"
```
Copy link
Contributor

@MadhavJivrajani MadhavJivrajani Oct 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I usually prefer each command to typically be its own code section (unless relevant commands can be grouped in order for the text description to explain things more effectively) with a description above it and the comments can be put as text and not as comments.
    • Please use this for reference.
  • # (Optional - but highly recommended) Exclude containerd from Windows Defender Scans: Please describe why this is recommended.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This piece of code block has also been taken from the documentation here https://github.com/kubernetes/website/blob/main/content/en/docs/setup/production-environment/container-runtimes.md#container-runtimes, but yes I will add more descriptions to make this more clear and if required separately group them.


3. Start containerd:

```powershell
.\containerd.exe --register-service
Start-Service containerd
```
- configure kubelet to use containerd
Edit the file `/var/lib/kubelet/kubeadm-flags.env` and add the containerd runtime to the flags. `--container-runtime=remote` and `--container-runtimeendpoint=unix:///run/containerd/containerd.sock"`
Debanitrkl marked this conversation as resolved.
Show resolved Hide resolved

- restart kubelet
`systemctl start kubelet`

- verify pods are running
Run `kubectl get nodes -o wide` and containerd appears as the runtime for the node we just changed.
Copy link
Contributor

@MadhavJivrajani MadhavJivrajani Oct 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

- configure kubelet to use containerd
Edit the file `/var/lib/kubelet/kubeadm-flags.env` and add the containerd runtime to the flags. `--container-runtime=remote` and `--container-runtimeendpoint=unix:///run/containerd/containerd.sock"`

This is not rendered on separate lines if that was your original intent. And same for the ones below and above it as well.


- finally if everything goes well remove docker
```
apt purge docker-ce docker-ce-cli
OR
yum remove docker-ce docker-ce-cli
```
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Is this still under Windows Powershell?
  • Not sure if the OR here is the right way to go about it. Maybe a separate code section?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't try this myself took it from the reference here https://kruyt.org/migrate-docker-containerd-kubernetes/. Also, I guess given the formatting style of this doc a separate code section would be better

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would use https://kubernetes.io/docs/contribute/style/hugo-shortcodes/#tabs and have a tab for Debian-heritage systems and another for RedHat-heritage systems.