we are making a few notable changes in kubeadm 1.24 that may require
we will keep the communication channels updated later in the release
cycle if needed.
[*] dockershim related changes:
dockershim is being removed in kubelet version 1.24. kubeadm 1.24 is
being changed to:
- treat cri-dockerd (https://github.com/Mirantis/cri-dockerd
) as the
service responsible for communicating with the Docker CR on the host.
- always error out if multiple CRI compatible sockets are found on the
host and ask the user to specify which one to use. do not special case
containerd+docker if both sockets are present.
- default the kubeadm internal / static default CRI socket to
containerd (was dockershim)
- use crictl for all CRI socket communication. previously the docker
CLI was used in the case of Docker.
[*] kubeadm v1beta2 has been deprecated and we suggest that you
migrate to v1beta3. v1beta2 will be removed after 1 year / 3 releases.
"kubeadm config migrate ..." can be used for the conversion.
[*] continue the rename of the kubeadm "master" label / taint to
in 1.24 we are adding a new taint
" with effect "NoSchedule" and
removing the "node-role.kubernetes.io/master
" label on nodes. in 1.20
we instructed all users to preemptively add toleration for this taint
in their workloads and to start using the newly added label
this plan is detailed in the KEP linked here:
[*] the UnversionedKubeletConfigMap feature gate introduced in 1.23 is
moving to Beta in 1.24 (enabled by default). this means that kubeadm
by default will no longer create versioned objects related to the
KubeletConfiguration stored in the cluster - e.g. the
"kubelet-config-x.yy" ConfigMap will now become "kubelet-config"
(without the version x.yy). "kubeadm upgrade" will automatically
manage this for users during upgrade:
a more detailed summary was done in our issue triage / "1.24 summary"
meeting on Wed 5th Jan (there is also a VOD):
please let me know if you have any questions.