Why Switch from Docker to Containerd? A Step‑by‑Step Kubernetes Migration Guide

As container technology evolves, more enterprises adopt Kubernetes to manage containerized applications. While Docker is the default runtime, the community is shifting toward the lighter, more efficient containerd, a CNCF graduated project that focuses on core container runtime responsibilities.

Reasons for Switching

Performance improvement: containerd reduces abstraction layers, boosting overall performance.

Enhanced security: it provides more direct system calls, lowering potential security risks.

Simplified architecture: containerd’s concise design makes maintenance and troubleshooting easier.

Official support trend: Kubernetes upstream is gradually moving to support containerd.

cAdvisor cannot collect container‑level resource usage.

Preparation Work

Kubernetes version must be 1.20+ because newer versions deprecate Docker as the default runtime.

Backup existing configurations and data to prevent issues during migration.

Ensure the operating system on all nodes is compatible with containerd.

Migration Steps

0. Pre‑migration steps

<code># Drain node
kubectl drain --ignore-daemonsets k8s-node02
node/master03 cordoned
WARNING: ignoring DaemonSet‑managed Pods: kube-system/calico-node-fbzqw, kube-system/kube-proxy-95hst
node/master03 drained

# Stop related services
systemctl stop kubelet
systemctl stop containerd
systemctl disable docker --now</code>

1. Deploy containerd service

Install and start containerd on the target nodes (refer to the previous guide for detailed installation steps).

2. Copy image configuration to other nodes

<code>$ scp -r /etc/containerd/certs.d 172.139.20.75:/tmp
$ sudo mv /tmp/certs.d /etc/containerd/
$ sudo crictl pull 172.139.20.170:5000/library/pause:3.9</code>

3. Modify kubelet parameters

<code>$ vim /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///run/containerd/containerd.sock --pod-infra-container-image=172.139.20.170:5000/library/pause:3.9"</code>

4. Restart kubelet service

<code>$ systemctl start kubelet</code>

5. Uncordon the node to make it schedulable again

<code>$ kubectl uncordon k8s-node02</code>

Tip: Ensure the

--container-runtime-endpoint

parameter is correctly set.

Verification

1. Check node runtime

<code>$ kubectl get nodes k8s-node02 -owide
NAME        STATUS   ROLES   AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE               KERNEL-VERSION                CONTAINER‑RUNTIME
k8s-node02  Ready    <none>  152d  v1.27.16  172.139.20.75 <none>        CentOS Linux 7 (Core)  5.4.278-1.el7.elrepo.x86_64 containerd://1.6.34</code>

2. Ensure pods run correctly on the node

<code>$ kubectl get pod -owide -A | grep k8s-node02
... (output showing pod statuses) ...</code>

Conclusion

After completing the switch from Docker to containerd, your Kubernetes cluster will benefit from improved performance and security features. Although the initial setup requires effort, the long‑term gains make the transition worthwhile for organizations seeking efficient, modern infrastructure. Keep learning and adapting as container technologies continue to evolve.