kubernetes1.24.0, Why use docker in production environment ?
if you consider
Mirantis and Docker have committed to maintaining a replacement adapter for Docker Engine, and to maintain that adapter even after the in-tree dockershim is removed from Kubernetes. The replacement adapter is named cri-dockerd.
Download the cri-dockerd binary package or compile the source code yourself
1 2 3 4 5 6# download file wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.0/cri-dockerd-v0.2.0-linux-amd64.tar.gz # unzip file tar -xvf cri-dockerd-v0.2.0-linux-amd64.tar.gz # Copy the binary file to the specified directory cp cri-dockerd /usr/bin/Configure startup files
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65vim /usr/lib/systemd/system/cri-docker.service [Unit] Description=CRI Interface for Docker Application Container Engine Documentation=https://docs.mirantis.com After=network-online.target firewalld.service docker.service Wants=network-online.target Requires=cri-docker.socket [Service] Type=notify ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint=unix:///var/run/cri-docker.sock --network-plugin=cni --cni-bin-dir=/opt/cni/bin \ --cni-conf-dir=/etc/cni/net.d --image-pull-progress-deadline=30s --pod-infra-container-image=docker.io/juestnow/pause:3.6 \ --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target # Generate socket file vim /usr/lib/systemd/system/cri-docker.socket [Unit] Description=CRI Docker Socket for the API PartOf=cri-docker.service [Socket] ListenStream=/var/run/cri-dockerd.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target # start up cri-dockerd systemctl daemon-reload systemctl start cri-docker # set startup systemctl enable cri-docker # view startup status systemctl status cri-dockerDownload cri-tools to verify whether cri-docker is normal
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24# Download binaries wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.0/crictl-v1.24.0-linux-amd64.tar.gz # unzip tar -xvf crictl-v1.24.0-linux-amd64.tar.gz # Copy the binaries to the specified directory cp crictl /usr/bin/ # Create configuration file vim /etc/crictl.yaml runtime-endpoint: "unix:///var/run/cri-docker.sock" image-endpoint: "unix:///var/run/cri-docker.sock" timeout: 10 debug: false pull-image-on-create: true disable-pull-on-run: false # Test if you can access docker # View running containers crictl ps # View pulled images crictl images # pull image crictl pull busybox [root@k8s-node-4 ~]# crictl pull busybox Image is up to date for busybox@sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678 # Return true, cri-dockerd access to docker is complete1
REF
Thursday, February 17, 2022 - Updated: Dockershim Removal FAQ