kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #40192 from SergeyKanzhelev/dockershim 

updates for dockershim removal
This commit is contained in:
Kubernetes Prow Robot 2023-03-24 02:38:32 -07:00 committed by GitHub
parent 53332a1d44 9b78ecff2c
commit a5ec2187bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 68 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
content/en/blog/_posts/2022-11-28-registry-k8s-io-change.md
View File

@ -62,7 +62,16 @@ imageRepository: "k8s.gcr.io"
### Reverting the Registry Name in kubelet
The image used by kubelet for the pod sandbox (`pause`) can be overridden by setting the `--pod-infra-container-image` flag. For example:
The image used by kubelet for the pod sandbox (`pause`) can be overridden
by configuring your container runtime or by setting the `--pod-infra-container-image`
flag depending on the version of Kubernetes you are using.
Other runtimes:
[containerd](/docs/setup/production-environment/container-runtimes/#override-pause-image-containerd),
[CRI-O](/docs/setup/production-environment/container-runtimes/#override-pause-image-cri-o),
[cri-dockerd](/docs/setup/production-environment/container-runtimes/#override-pause-image-cri-dockerd-mcr).
When using dockershim before v1.23:
```
kubelet --pod-infra-container-image=k8s.gcr.io/pause:3.5

10
content/en/docs/setup/production-environment/container-runtimes.md
View File

@ -177,8 +177,9 @@ follow [configuring a cgroup driver](/docs/tasks/administer-cluster/kubeadm/conf
Your container runtime must support at least v1alpha2 of the container runtime interface.
Kubernetes {{< skew currentVersion >}} defaults to using v1 of the CRI API.
If a container runtime does not support the v1 API, the kubelet falls back to
Kubernetes [starting v1.26](/blog/2022/11/18/upcoming-changes-in-kubernetes-1-26/#cri-api-removal)
_only works_ with v1 of the CRI API. Earlier versions default
to v1 version, however if a container runtime does not support the v1 API, the kubelet falls back to
using the (deprecated) v1alpha2 API instead.
## Container runtimes
@ -255,6 +256,11 @@ sandbox image by setting the following config:
You might need to restart `containerd` as well once you've updated the config file: `systemctl restart containerd`.
Please note, that it is a best practice for kubelet to declare the matching `pod-infra-container-image`.
If not configured, kubelet may attempt to garbage collect the `pause` image.
There is ongoing work in [containerd to pin the pause image](https://github.com/containerd/containerd/issues/6352)
and not require this setting on kubelet any longer.
### CRI-O
This section contains the necessary steps to install CRI-O as a container runtime.

12
content/en/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md
View File

@ -19,10 +19,15 @@ Dockershim was removed from Kubernetes with the release of v1.24.
If you use Docker Engine via dockershim as your container runtime and wish to upgrade to v1.24,
it is recommended that you either migrate to another runtime or find an alternative means to obtain Docker Engine support.
Check out the [container runtimes](/docs/setup/production-environment/container-runtimes/)
section to know your options. Make sure to
section to know your options.
The version of Kubernetes with dockershim (1.23) is out of support and the v1.24
will run out of support [soon](/releases/#release-v1-24). Make sure to
[report issues](https://github.com/kubernetes/kubernetes/issues) you encountered
with the migration so the issues can be fixed in a timely manner and your cluster would be
ready for dockershim removal.
ready for dockershim removal. After v1.24 running out of support, you will need
to contact your Kubernetes provider for support or upgrade multiple versions at a time
if there are critical issues affecting your cluster.
Your cluster might have more than one kind of node, although this is not a common
configuration.
@ -38,9 +43,6 @@ These tasks will help you to migrate:
* Check out [container runtimes](/docs/setup/production-environment/container-runtimes/)
to understand your options for an alternative.
* There is a
[GitHub issue](https://github.com/kubernetes/kubernetes/issues/106917)
to track the discussion about the deprecation and removal of dockershim.
* If you find a defect or other technical concern relating to migrating away from dockershim,
you can [report an issue](https://github.com/kubernetes/kubernetes/issues/new/choose)
to the Kubernetes project.

43
content/en/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you.md
View File

@ -89,6 +89,49 @@ built or pulled by Docker would not be visible to container runtime and
Kubernetes. They needed to be pushed to some registry to allow them to be used
by Kubernetes.
## Known issues
### Some filesystem metrics are missing and the metrics format is different
The Kubelet `/metrics/cadvisor` endpoint provides Prometheus metrics,
as documented in [Metrics for Kubernetes system components](/docs/concepts/cluster-administration/system-metrics/).
If you install a metrics collector that depends on that endpoint, you might see the following issues:
- The metrics format on the Docker node is `k8s_<container-name>_<pod-name>_<namespace>_<pod-uid>_<restart-count>`
but the format on other runtime is different. For example, on containerd node it is `<container-id>`.
- Some filesystem metrics are missing, as follows:
```
container_fs_inodes_free
container_fs_inodes_total
container_fs_io_current
container_fs_io_time_seconds_total
container_fs_io_time_weighted_seconds_total
container_fs_limit_bytes
container_fs_read_seconds_total
container_fs_reads_merged_total
container_fs_sector_reads_total
container_fs_sector_writes_total
container_fs_usage_bytes
container_fs_write_seconds_total
container_fs_writes_merged_total
```
#### Workaround
You can mitigate this issue by using [cAdvisor](https://github.com/google/cadvisor) as a standalone daemonset.
1. Find the latest [cAdvisor release](https://github.com/google/cadvisor/releases)
with the name pattern `vX.Y.Z-containerd-cri` (for example, `v0.42.0-containerd-cri`).
2. Follow the steps in [cAdvisor Kubernetes Daemonset](https://github.com/google/cadvisor/tree/master/deploy/kubernetes) to create the daemonset.
3. Point the installed metrics collector to use the cAdvisor `/metrics` endpoint
which provides the full set of
[Prometheus container metrics](https://github.com/google/cadvisor/blob/master/docs/storage/prometheus.md).
Alternatives:
- Use alternative third party metrics collection solution.
- Collect metrics from the Kubelet summary API that is served at `/stats/summary`.
## {{% heading "whatsnext" %}}
- Read [Migrating from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/) to understand your next steps