Migrate Docker Engine nodes from dockershim to cri-dockerd

This page shows you how to migrate your Docker Engine nodes to use instead of dockershim. Follow these steps if your clusters run Kubernetes 1.23 or earlier and you want to continue using Docker Engine after you upgrade to Kubernetes 1.24 and later, or if you just want to move off the dockershim component.

In Kubernetes 1.23 and earlier, Docker Engine used a component called the dockershim to interact with Kubernetes system components such as the kubelet. The dockershim component is deprecated and will be removed in Kubernetes 1.24. A third-party replacement, cri-dockerd, is available. The cri-dockerd adapter lets you use Docker Engine through the Container Runtime Interface.

Note: If you already use cri-dockerd, you aren’t affected by the dockershim removal. Before you begin, .

If you want to migrate to cri-dockerd so that you can continue using Docker Engine as your container runtime, you should do the following for each affected node:

1. Cordon and drain the node.
2. Configure the kubelet to use cri-dockerd.
3. Restart the kubelet.
4. Verify that the node is healthy.

Test the migration on non-critical nodes first.

You should perform the following steps for each node that you want to migrate to cri-dockerd.

Before you begin

• installed and started on each node.
• A network plugin.

1. Replace with the name of the node.

2. Drain the node to safely evict running Pods:

Configure the kubelet to use cri-dockerd

The following steps apply to clusters set up using the kubeadm tool. If you use a different tool, you should modify the kubelet using the configuration instructions for that tool.

1. Modify the --container-runtime-endpoint flag to unix:///var/run/cri-dockerd.sock.

The kubeadm tool stores the node’s socket as an annotation on the Node object in the control plane. To modify this socket for each affected node:

1. Edit the YAML representation of the Node object:

   Replace the following:

   • /path/to/admin.conf: the path to the kubectl configuration file, admin.conf.
   • : the name of the node you want to modify.

3. Save the changes. The Node object is updated on save.

Verify that the node is healthy

To check whether the node uses the cri-dockerd endpoint, follow the instructions in . The --container-runtime-endpoint flag for the kubelet should be unix:///var/run/cri-dockerd.sock.

Uncordon the node to let Pods schedule on it:

What’s next

• Read the .
• Learn how to migrate from Docker Engine with dockershim to containerd.

Items on this page refer to third party products or projects that provide functionality required by Kubernetes. The Kubernetes project authors aren’t responsible for those third-party products or projects. See the for more details.

You should read the content guide before proposing a change that adds an extra third-party link.

Last modified March 30, 2022 at 10:26 PM PST: