Dockershim Deprecation: Is Docker Truly out of Game?
Recently, the Kubernetes community announced it is deprecating Docker as a container runtime after v1.20.
Is Docker truly out of the game
Strictly speaking, what’s actually happening is that dockershim is being removed from Kubelet. In other words, Docker will not be used as the default container runtime. However, you may still integrate Docker into your environment. For more information, you can take a look at the official announcement of Kubernetes:
What does dockershim deprecation mean for KubeSphere users
Dockershim was a temporary solution proposed by the Kubernetes community to add support for Docker so that it could serve as its container runtime. Dockershim deprecation only means the code maintenance of Dockershim in the code repository of Kubernetes will stop. This is because Dockershim has become a heavy burden on the Kubernetes maintainers. After this change, the Kubernetes community will be able to maintain the Kubernetes Container Runtime Interface (CRI) only. In fact, all CRI-compliant runtimes can be the runtime for Kubernetes, such as CRI-O and containerd.
Currently, the KubeSphere Container Platform is using Docker as the container runtime of Kubernetes. Meanwhile, it also supports any CRI-compliant implementations. For KubeSphere and Docker users, dockershim deprecation does not affect the existing KubeSphere system and will not take any toll on your cluster or on your business. KubeSphere users can continue to use Docker which has already been tested at scale.
In future releases, other KubeSphere components, such as DevOps, will support these container runtimes and you will be able to use these CRI implementations.
The next game changer: containerd, CRI-O, and iSula
containerd, a Cloud Native Computing Foundation graduated project, is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It manages the complete container lifecycle of its host system.
CRI-O, an open-source project started by Red Hat, is an implementation of the Kubernetes CRI to enable using OCI (Open Container Initiative) compatible runtimes. It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running Pods.
iSula is an open-source container solution with unified architecture design to meet different requirements in CT and IT fields. Lightweight containers are implemented using C/C++. They are smart, fast, and not restricted by hardware and architecture. With less noise floor overhead, the containers can be widely used.
Deploy containerd, CRI-O, and iSula
As KubeSphere supports any implementation of the Kubernetes CRI, you can easily deploy containerd, CRI-O or iSula and integrate one of them into KubeSphere. Note that in a multi-node cluster, the container runtime should be the same on all nodes.
curl -OL https://github.com/opencontainers/runc/releases/download/v1.0.0-rc92/runc.amd64
mv runc.amd64 /usr/local/bin/runc && chmod +x /usr/local/bin/runc
Download the containerd installation package.
curl -OL https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz
tar -zxvf containerd-1.4.3-linux-amd64.tar.gz -C /usr/local
curl -o /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/cri/master/contrib/systemd-units/containerd.service
mkdir -p /etc/containerd
cat > /etc/containerd/config.toml << EOF [plugins] [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "kubesphere/pause:3.2" [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] ## You can input your registry mirror. EOF
systemctl enable containerd && systemctl restart containerd
containerd config dump |grep sandbox_imagestill shows
k8s.gcr.io/pause:xxx, please add
version = 2to the beginning of
systemctl restart containerd.
curl -OL https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz
cat > /etc/crictl.yaml << EOF runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 2 debug: false pull-image-on-create: false EOF
Download and install CRI-O.
yum install git make
curl -OL https://github.com/cri-o/cri-o/releases/download/v1.18.4/crio-v1.18.4.tar.gz
tar -zxf crio-v1.18.4.tar.gz
mkdir -p /etc/crio /opt/cni/bin /usr/local/share/oci-umount/oci-umount.d /usr/local/lib/systemd/system
echo "fs.may_detach_mounts=1" >> /etc/sysctl.conf
Navigate to the following fields and make changes.
pause_image = "kubesphere/pause:3.2" registries = [ "docker.io" ## You can input your registry mirror. ]
systemctl enable crio && systemctl restart crio
iSula (openEuler 20.09)
Install iSula on openEuler 20.09.
yum install iSulad -y
Navigate to the following fields and make changes.
"registry-mirrors": [ "docker.io" ## You can input your registry mirror. ] "pod-sandbox-image": "kubesphere/pause:3.2" "network-plugin": "cni" "cni-bin-dir": "/opt/cni/bin" "cni-conf-dir": "/etc/cni/net.d"
systemctl enable isulad && systemctl restart isulad
Deploy Kuberenetes and KubeSphere using KubeKey
We can use the open-source tool KubeKey to quickly deploy both Kubernetes and KubeSphere.
Download KubeKey v1.1.0-alpha.1 to create a cluster. This is an alpha version and future releases will also support the integration of different container runtimes.
curl -OL https://github.com/kubesphere/kubekey/releases/download/v1.1.0-alpha.1/kubekey-v1.1.0-alpha.1-linux-amd64.tar.gz
tar -zxvf kubekey-v1.1.0-alpha.1-linux-amd64.tar.gz
chmod +x kk
Create a configuration file. For example, run the following command to create the configuration for KubeSphere v3.0.0.
./kk create config --with-kubesphere v3.2.1
Edit the configuration file (default file name:
$ vi config-sample.yaml apiVersion: kubekey.kubesphere.io/v1alpha1 kind: Cluster ... kubernetes: version: v1.17.9 imageRepo: kubesphere clusterName: cluster.local containerManager: containerd ## Input the container runtime: containerd/crio/isula ...
NoteFor more information about the configuration file and installation, see Multi-node Installation.
Create a cluster.
./kk create cluster -f config-sample.yaml
Access the KubeSphere console to verify the runtime
After you deploy the cluster, you can access the web console of KubeSphere. On the Cluster Management page, check the container runtime that your cluster is using.
iSula on openEuler 20.09