从 Docker 到 Containerd：Kubernetes 容器运行时迁移实战指南

一、背景

Kubernetes 自 v1.24 起移除了 dockershim，不再原生支持 Docker Engine，用户需迁移至受支持的 CRI 兼容运行时，如：

• Containerd（推荐，高性能、轻量级）

• CRI-O（专为 Kubernetes 设计）

• Docker Engine + cri-dockerd（兼容方案，但需额外维护）

二、迁移步骤

1.前置准备

当前是3个node节点，都是docker运行时，现在驱逐node-3节点

#移除节点
[root@master-1 ~]# kubectl drain node-3 --ignore-daemonsets

#停止相关服务
[root@node-3 ~]# systemctl stop kubelet
[root@node-3 ~]# systemctl stop docker
[root@node-3 ~]# systemctl disable docker --now
[root@node-3 ~]# systemctl stop kube-proxy

2.部署containerd服务

Containerd部署指南

3.修改kubelet参数

加上containerd运行时参数--container-runtime=remote --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock

[root@node-3 ~]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/kubernetes/kubernetes
After=containerd.service
Requires=containerd.service

[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/usr/local/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig --cert-dir=/etc/kubernetes/ssl --kubeconfig=/etc/kubernetes/cfg/kubelet.config --config=/etc/kubernetes/cfg/kubelet.json --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.2   --alsologtostderr=true --logtostderr=false --log-dir=/var/log/kubernetes --container-runtime=remote --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --v=2 
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

4.启动各个服务

#启动服务
[root@node-3 ~]# systemctl daemon-reload
[root@node-3 ~]# systemctl restart kubelet
[root@node-3 ~]# systemctl start kube-proxy

[root@node-3 ~]# systemctl status kubelet
[root@node-3 ~]# systemctl status kube-proxy

5.查看node-3节点状态

#目前节点3已经准备好啦，处于不可调度状态
[root@master-1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node-1   Ready <none> 71d v1.23.1
node-2   Ready <none> 71d v1.23.1
node-3   Ready,SchedulingDisabled <none> 24h v1.23.1

6.将node节点恢复为可调度

#恢复可调度状态
[root@master-1 ~]# kubectl uncordon node-3
node/node-3 uncordoned

7.查看节点运行时

#发现运行时已经切换成功啦
[root@master-1 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node-3   Ready <none> 24h v1.23.1   192.168.91.23   <none> CentOS Linux 7 (Core) 3.10.0-862.el7.x86_64 containerd://1.6.4

8.测试业务

部署一个nginx业务

[root@master-1 ~]# cat nginx.yaml 
apiVersion: apps/v1
kind: Deployment 
metadata:
  name: nginx-demo
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        imagePullPolicy: IfNotPresent


[root@master-1 ~]# kubectl apply -f nginx.yaml
[root@master-1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-demo-68984b745f-5k5ts 1/1     Running 0          7m14s 10.244.1.2     node-2   <none> <none>
nginx-demo-68984b745f-9pmwk 1/1     Running 0          29m   10.244.2.56    node-3   <none> <none>
nginx-demo-68984b745f-bp8x2 1/1     Running 0          7m14s 10.244.0.2     node-1   <none> <none>

以上效果说明我们集群已从 Docker 全面切换至 Containerd，运行状态正常。