Search Results

Upgrading K8s CNI from Docker to CRI-O

Date Jun 06, 2020
Date May 03, 2022

Shifting from Docker to CRI-O seems complicated right? You might be afraid about unnecessary downtimes if things go south. This guide shows you how you can migrate to CRI-O without even crying. No teary eyes ;)

With that, let's start by tearing down your cluster, one node at a time. Starting with your precious, the first control plane node.

  1. uninstall docker
systemctl stop kubelet
docker rm -f $(docker ps -aq)
apt purge docker-ce
apt autoremove --purge
# Do this after you see cri-o working fine
rm -rf /var/lib/docker*
  1. install crio
    # Install essentials
    apt install -y apt-transport-https curl jq tar bridge-utils iptables-persistent

    # save the following config
    cat << EOF > /etc/sysctl.d/99-kubernetes-cri.conf
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1
    net.bridge.bridge-nf-call-ip6tables = 1

    sysctl --system

    # Install crio binaries from official script, set the tag version to your current kubernetes minor version
    curl | bash -s -- -t v1.23.2
  1. create /etc/containers/registries.conf for registry information error
vi /etc/containers/registries.conf

    registries = ['', '', '', '', '']
    registries = []
    registries = []
    # Cri-o should be enabled from systemd for startup
    systemctl enable crio.service
    systemctl start crio.service
  1. update kubelet for crio support

Full rundown of these config choices can be found at

vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

# Add this line directly below the service section inside the file
Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock --runtime-request-timeout=10m"
  1. update kubeadm to support crio

vi kubeadm-config.yaml

kind: InitConfiguration
  criSocket: /var/run/crio/crio.sock
# Use this command on your first control plane node
kubeadm upgrade apply v1.23.6 --config kubeadm-config.yaml