Changing the Container Runtime on a Node from Docker Engine to containerd

This task outlines the steps needed to update your container runtime to containerd from Docker. It is applicable for cluster operators running Kubernetes 1.23 or earlier. Also this covers an example scenario for migrating from dockershim to containerd and alternative container runtimes can be picked from this page.

Before you begin

Note: This section links to third party projects that provide functionality required by Kubernetes. The Kubernetes project authors aren’t responsible for these projects, which are listed alphabetically. To add a project to this list, read the content guide before submitting a change. More information.

Install containerd. For more information see containerd’s installation documentation and for specific prerequisite follow the containerd guide.

Drain the node

  1. kubectl drain <node-to-drain> --ignore-daemonsets

Replace <node-to-drain> with the name of your node you are draining.

Stop the Docker daemon

  1. systemctl stop kubelet
  2. systemctl disable docker.service --now

Install Containerd

Follow the guide for detailed steps to install containerd.

  1. Install the containerd.io package from the official Docker repositories. Instructions for setting up the Docker repository for your respective Linux distribution and installing the containerd.io package can be found at Getting started with containerd.

  2. Configure containerd:

    1. sudo mkdir -p /etc/containerd
    2. containerd config default | sudo tee /etc/containerd/config.toml
  3. Restart containerd:

    1. sudo systemctl restart containerd

Start a Powershell session, set $Version to the desired version (ex: $Version="1.4.3"), and then run the following commands:

  1. Download containerd:

    1. curl.exe -L https://github.com/containerd/containerd/releases/download/v$Version/containerd-$Version-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz
    2. tar.exe xvf .\containerd-windows-amd64.tar.gz
  2. Extract and configure:

    1. Copy-Item -Path ".\bin\" -Destination "$Env:ProgramFiles\containerd" -Recurse -Force
    2. cd $Env:ProgramFiles\containerd\
    3. .\containerd.exe config default | Out-File config.toml -Encoding ascii
    4. # Review the configuration. Depending on setup you may want to adjust:
    5. # - the sandbox_image (Kubernetes pause image)
    6. # - cni bin_dir and conf_dir locations
    7. Get-Content config.toml
    8. # (Optional - but highly recommended) Exclude containerd from Windows Defender Scans
    9. Add-MpPreference -ExclusionProcess "$Env:ProgramFiles\containerd\containerd.exe"
  3. Start containerd:

    1. .\containerd.exe --register-service
    2. Start-Service containerd

Configure the kubelet to use containerd as its container runtime

Edit the file /var/lib/kubelet/kubeadm-flags.env and add the containerd runtime to the flags. --container-runtime=remote and --container-runtime-endpoint=unix:///run/containerd/containerd.sock".

Users using kubeadm should be aware that the kubeadm tool stores the CRI socket for each host as an annotation in the Node object for that host. To change it you can execute the following command on a machine that has the kubeadm /etc/kubernetes/admin.conf file.

  1. kubectl edit no <node-name>

This will start a text editor where you can edit the Node object. To choose a text editor you can set the KUBE_EDITOR environment variable.

  • Change the value of kubeadm.alpha.kubernetes.io/cri-socket from /var/run/dockershim.sock to the CRI socket path of your choice (for example unix:///run/containerd/containerd.sock).

    Note that new CRI socket paths must be prefixed with unix:// ideally.

  • Save the changes in the text editor, which will update the Node object.

Restart the kubelet

  1. systemctl start kubelet

Verify that the node is healthy

Run kubectl get nodes -o wide and containerd appears as the runtime for the node we just changed.

Remove Docker Engine

Note: This section links to third party projects that provide functionality required by Kubernetes. The Kubernetes project authors aren’t responsible for these projects, which are listed alphabetically. To add a project to this list, read the content guide before submitting a change. More information.

Finally if everything goes well, remove Docker.

  1. sudo yum remove docker-ce docker-ce-cli
  1. sudo apt-get purge docker-ce docker-ce-cli
  1. sudo dnf remove docker-ce docker-ce-cli
  1. sudo apt-get purge docker-ce docker-ce-cli