k8s将节点容器运行时从Docker迁移到Containerd

1.执行drain操作

kubectl drain k8s-node01 --ignore-daemonsets  #

2.对应节点上关闭docker

#注意，是要迁移的节点
systemctl stop kubelet
systemctl stop docker.socket
systemctl stop docker 

3.安装、配置 Containerd

yum install  containerd.io cri-tools  -y  #就是docker的yum源
mkdir -p /etc/containerd
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock 
containerd config default         #生成默认配置文件


vim /etc/containerd/config.toml
61 sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"  #修改镜像下载地址
125 SystemdCgroup = true  #使用systemdcgroup驱动  参考文档：https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/
153	[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
添加
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]  #设置镜像加速
    endpoint = ["https://j7ih9k5f.mirror.aliyuncs.com"]

4.加载模块及修改参数(转发IPv4并让iptables看到桥接流量)

cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter
lsmod | egrep 'overlay|br_netfilter'

#docker版本以下配置应该已经存在，确认后操作
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf

systemctl enable containerd  ; systemctl restart containerd
systemctl status containerd

5.修改kubelet配置

cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"   #设置kubelet使用系统套接字 ，参考文档：https://kubernetes.io/zh-cn/docs/reference/command-line-tools-reference/kubelet/
systemctl restart kubelet
systemctl status kubelet
root@k8s-master manifests]# kubectl get node -o wide|grep k8s-node01 #检查节点
k8s-node01 Ready <none> 41h v1.20.11 192.168.1.132 <none> CentOS Linux 7 (Core) 6.0.2-1.el7.elrepo.x86_64 containerd://1.6.8　

6.执行uncordon操作

kubectl uncordon k8s-node01  #剩余节点依次操作即可

7.删除docker

 yum remove docker-ce docker-ce-cli