I have Kubernetes nodes with both docker and containerd installed. I need docker on the node to run CI pipelines and builds. How can I make Kubernetes use the recommended containerd instead of docker? Existing documentation recommands to remove docker from the system, which is not desirable for my case.
Is there a way to force Kubernetes to use containerd as a container runtime instead of docker when both are installed?
Kubelet is the process responsible for the on-the-Node container actions, and it has a set of command-line flags to tell it to use a remote container management provider (both containerd and cri-o are consumed the same way, AFAIK):
[Service]
ExecStart=/usr/local/bin/kubelet --container-runtime=remote --container-runtime-endpoint=unix:///var/run/dockershim.sock
(assuming your containerd is listening on the same dockershim.sock path)
The fine manual specifically says to ensure you don't switch those flags with an existing Node registration, since it makes certain assumptions when creating the containers, so if you already have a Node that is using docker, ideally stop kubelet, blow away those containers, kubectl delete node $the_node_name and let kubelet re-register with the correct configuration
Tested on Ubunut 20.04, a simple and clean way to enable containerd runtime was to add this content to /etc/systemd/system/kubelet.service.d/20-use-containerd.conf:
Environment="KUBELET_EXTRA_ARGS=--container-runtime remote --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock"
This adds some extra arguments to the kubelet service, to enable containerd instead of relying on docker-shim by default.
It is recommanded to restart the node, or at least stop kubelet, docker and containerd for the switch, as a simple kubelet restart will try to run the containers via containerd while they are still running using docker.