Migrating from dockershim documentation

[SergeyKanzhelev]

/sig node

Fixes: #25768

This is the first iteration of a migration from dockershim instructions. PR is marked as WIP to collect initial feedback on a structure and content.

KEP: kubernetes/enhancements#2221

[netlify]

✔️ Deploy preview for kubernetes-io-master-staging ready!

🔨 Explore the source changes: b10decb

🔍 Inspect the deploy logs: https://app.netlify.com/sites/kubernetes-io-master-staging/deploys/60078a4af9a411000861a069

😎 Browse the preview: https://deploy-preview-25787--kubernetes-io-master-staging.netlify.app

[sftim]

ℹ️ Watch out - you've a space in a path.

[sftim]

Thanks @SergeyKanzhelev

I've added in a bunch of feedback. I appreciate that this is all WIP so please treat these as hints and not as instructions that you must follow.

[SergeyKanzhelev]

I addressed most of the feedback. I will add more content that I want to have in a first iteration and ping you again. Likely on Monday.

Thank you for your thoughtful review!

[SergeyKanzhelev]

Thank you @tengqm and @sftim . I think we can merge it as it is now and I will be working on other pages I wanted later. Can you please make a final review for this part.

Ideas for other tasks in this section:

• migrating Windows workloads from Dockershim
• work around the known issues of non-dockershim runtimes
• transition from docker CLI to crictl
• building images on kubernetes without Dockershim

[neolit123]

thanks for the write up @SergeyKanzhelev
as i mentioned on the original PR that did the deprecation, i think something important that we need to document is how the users can actually do an in-place swap of the container runtime on node.

[SergeyKanzhelev]

as i mentioned on the original PR that did the deprecation, i think something important that we need to document is how the users can actually do an in-place swap of the container runtime on node.

In-place may be one of the strategies. And vendors/admins would need to configure nodes to enable this. Simple node recreation and drain may be sufficient enough for many users. Similar to how regular upgrade to another k8s version works.

That's said, this PR creates a good place for this task description.

[neolit123]

In-place may be one of the strategies. And vendors/admins would need to configure nodes to enable this. Simple node recreation and drain may be sufficient enough for many users. Similar to how regular upgrade to another k8s version works.

re-place upgrades are what most hosted vendor solutions are doing.
as part of that process, the vendors could introduce new nodes that have a CR different than Docker.

but bare metal, self-hosted hardware users do in-place upgrades, by draining and upgrading node kubelets.
similar steps would apply if they wish to replace the container runtime.
these users don't have the option to introduce new nodes and ideally we should document the in-place steps for them.

That's said, this PR creates a good place for this task description.

do you have plans to document this as part of this PR?

[SergeyKanzhelev]

do you have plans to document this as part of this PR?

Not in this PR. I have more topics to cover as mentioned in previous comment as well:

• migrating Windows workloads from Dockershim
• work around the known issues of non-dockershim runtimes
• transition from docker CLI to crictl
• building images on kubernetes without Dockershim

Also I'm not super familiar with how the bare metal in-place upgrades typically work. Do you have any example documentation that I can use for reference? Or maybe we can find somebody knowing these scenarios well to document them.

I cannot tell whether this document is critically important. But if it is, maybe you can send a update for KEP to make it a Step 2 graduation criteria?

[neolit123]

do you have plans to document this as part of this PR?

Not in this PR. I have more topics to cover as mentioned in previous comment as well:

• migrating Windows workloads from Dockershim
• work around the known issues of non-dockershim runtimes
• transition from docker CLI to crictl
• building images on kubernetes without Dockershim

Also I'm not super familiar with how the bare metal in-place upgrades typically work. Do you have any example documentation that I can use for reference? Or maybe we can find somebody knowing these scenarios well to document them.

kubeadm's default upgrade command performs an in-place upgrade:
https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/

the process would roughly be:

• drain a node
• stop the docker runtime
• start new runtime
• change the kubelet socket
• restart kubelet
• uncordon the node

except that i don't know if that is completely valid and supported.
if it's not supported our documentation needs to tell that to the users.

I cannot tell whether this document is critically important. But if it is, maybe you can send a update for KEP to make it a Step 2 graduation criteria?

i'd estimate it as more important than these topics:

• migrating Windows workloads from Dockershim
• work around the known issues of non-dockershim runtimes
• transition from docker CLI to crictl
• building images on kubernetes without Dockershim

in fact i wanted it documented before we merged the deprecation PR:
kubernetes/kubernetes#94624 (comment)

[sftim]

@SergeyKanzhelev I'm afraid I do have some strong concerns that this is not yet OK to merge.

At the time of my review this PR is not marked as WIP, and proposes a change that seems to contravene the content guide on third party content. I've added a hold to make that concern clear.

Additionally, #25787 (comment) suggests that the PR should in fact still me marked as WIP.

[kbhawkey]

Is this information available from the SignalFx/Splunk documentation?
Instead, readers should consult the telemetry and security agent documentation to learn how each application handles the dockershim migration.

[kbhawkey]

Preview pages:

• https://deploy-preview-25787--kubernetes-io-master-staging.netlify.app/docs/tasks/administer-cluster/migrating-from-dockershim/
• https://deploy-preview-25787--kubernetes-io-master-staging.netlify.app/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you/
• https://deploy-preview-25787--kubernetes-io-master-staging.netlify.app/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents/

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please log a ticket with the Linux Foundation Helpdesk: https://support.linuxfoundation.org/
• Should you encounter any issues with the Linux Foundation Helpdesk, send a message to the backup e-mail support address at: login-issues@jira.linuxfoundation.org

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[SergeyKanzhelev]

/assign @ehashman

@sftim @kbhawkey thank you for review. I think I addressed all the feedback. Can we move forward with it?

Superseded

[sftim]

@kubernetes/sig-node-pr-reviews how does this look for technical accuracy?

Inline feedback is mainly minor details.

[sftim]

I wouldn't use the shortcode here.

[derekwaynecarr]

this looks good for sig-node technical accuracy.

/lgtm
/approve

[k8s-ci-robot]

LGTM label has been added.

Details

Git tree hash: 14133f11c54675f301399cefc9b94e5ec4d7c6b0

[dims]

/lgtm
/approve

[sftim]

/unhold

Content guide concerns are addressed.

[sftim]

My concern in https://github.com/kubernetes/website/pull/25787/files#r560586158 is about attracting vandalism. I don't know if that's much of a risk.

[SergeyKanzhelev]

My concern in https://github.com/kubernetes/website/pull/25787/files#r560586158 is about attracting vandalism. I don't know if that's much of a risk.

Google docs keeps history. I will go ahead and create a names snapshot of the doc and will keep them making snapshot for easy recovery from vandalism. I hope this addresses the concern.

[SergeyKanzhelev]

@sftim this is ready to be merged.

[SergeyKanzhelev]

Kindly ping @kbhawkey and @sftim

[tengqm]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: derekwaynecarr, dims, tengqm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• content/en/OWNERS [tengqm]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment