From 2663c19414da81f6b35ab1c8d8f419404a5fa9e8 Mon Sep 17 00:00:00 2001
From: song <tinysong1226@gmail.com>
Date: Sat, 14 May 2022 17:51:16 +0800
Subject: [PATCH] [zh] sync migrating-from-dockershim doc

Signed-off-by: song <tinysong1226@gmail.com>
---
 .../migrating-from-dockershim/_index.md       |  50 ++++-
 ...k-if-dockershim-deprecation-affects-you.md | 185 ------------------
 .../find-out-runtime-you-use.md               | 105 +++++++++-
 3 files changed, 153 insertions(+), 187 deletions(-)
 delete mode 100644 content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md

diff --git a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md
index cdeaed150c..8b55a149c0 100644
--- a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md
+++ b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/_index.md
@@ -2,6 +2,7 @@
 title: "从 dockershim 迁移"
 weight: 10
 content_type: task 
+no_list: true
 ---
 <!-- 
 title: "Migrating from dockershim"
@@ -28,7 +29,16 @@ to understand the problem better.
 各类疑问随之而来：这对各类工作负载和 Kubernetes 部署会产生什么影响。
 我们的[弃用  Dockershim 常见问题](/blog/2022/02/17/dockershim-faq/)可以帮助你更好地理解这个问题。
 
-<!-- It is recommended to migrate from dockershim to alternative container runtimes.
+<!-- 
+Dockershim was removed from Kubernetes with the release of v1.24.
+If you use Docker via dockershim as your container runtime, and wish to upgrade to v1.24,
+it is recommended that you either migrate to another runtime or find an alternative means to obtain Docker Engine support.
+-->
+Dockershim 在 Kubernetes v1.24 版本已经被移除。
+如果你集群内是通过 dockershim 使用 Docker 作为容器运行时，并希望 Kubernetes 升级到 v1.24，
+建议你迁移到其他容器运行时或使用其他方法以获得 Docker 引擎支持。
+
+<!--
 Check out [container runtimes](/docs/setup/production-environment/container-runtimes/)
 section to know your options. Make sure to
 [report issues](https://github.com/kubernetes/kubernetes/issues) you encountered
@@ -40,3 +50,41 @@ ready for dockershim removal.
 一节以了解可用的备选项。
 当在迁移过程中遇到麻烦，请[上报问题](https://github.com/kubernetes/kubernetes/issues)。
 那么问题就可以及时修复，你的集群也可以进入移除 dockershim 前的就绪状态。
+
+<!--
+Your cluster might have more than one kind of node, although this is not a common
+configuration.
+
+These tasks will help you to migrate:
+
+* [Check whether Dockershim deprecation affects you](/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you/)
+* [Migrating from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/)
+* [Migrating telemetry and security agents from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents/)
+-->
+你的集群中可以有不止一种类型的节点，尽管这不是常见的情况。
+
+下面这些任务可以帮助你完成迁移：
+
+* [检查弃用 Dockershim 对你的影响](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you/)
+* [dockershim 迁移](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/)
+* [从 dockershim 迁移遥测和安全代理](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents/)
+<!--
+## {{% heading "whatsnext" %}}
+
+* Check out [container runtimes](/docs/setup/production-environment/container-runtimes/)
+  to understand your options for a container runtime.
+* There is a
+  [GitHub issue](https://github.com/kubernetes/kubernetes/issues/106917)
+  to track discussion about the deprecation and removal of dockershim.
+* If you found a defect or other technical concern relating to migrating away from dockershim,
+  you can [report an issue](https://github.com/kubernetes/kubernetes/issues/new/choose)
+  to the Kubernetes project.
+-->
+
+## 下一步
+
+* 查看[容器运行时](/zh/docs/setup/production-environment/container-runtimes/)了解可选的容器运行时。
+* [GitHub 问题](https://github.com/kubernetes/kubernetes/issues/106917)跟踪有关 dockershim 的弃用和删除的讨论。
+* 如果你发现与 dockershim 迁移相关的缺陷或其他技术问题，
+  可以在 Kubernetes 项目[报告问题](https://github.com/kubernetes/kubernetes/issues/new/choose)。
+  
\ No newline at end of file
diff --git a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md
deleted file mode 100644
index 96132ad465..0000000000
--- a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-deprecation-affects-you.md
+++ /dev/null
@@ -1,185 +0,0 @@
----
-title: 检查弃用 Dockershim 对你的影响
-content_type: task 
-weight: 20
----
-<!-- 
-title: Check whether Dockershim deprecation affects you
-content_type: task 
-reviewers:
-- SergeyKanzhelev
-weight: 20
--->
-
-<!-- overview -->
-
-<!-- 
-The `dockershim` component of Kubernetes allows to use Docker as a Kubernetes's
-{{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}.
-Kubernetes' built-in `dockershim` component was
-[deprecated](/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)
-in release v1.20.
--->
-Kubernetes 的 `dockershim` 组件使得你可以把 Docker 用作 Kubernetes 的
-{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}。
-在 Kubernetes v1.20 版本中，内建组件 `dockershim` 被[弃用](/zh/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)。
-
-
-<!-- 
-This page explains how your cluster could be using Docker as a container runtime,
-provides details on the role that `dockershim` plays when in use, and shows steps
-you can take to check whether any workloads could be affected by `dockershim` deprecation.
--->
-本页讲解你的集群把 Docker 用作容器运行时的运作机制，
-并提供使用 `dockershim` 时，它所扮演角色的详细信息，
-继而展示了一组操作，可用来检查弃用 `dockershim` 对你的工作负载是否有影响。
-
-<!-- 
-## Finding if your app has a dependencies on Docker {#find-docker-dependencies} 
--->
-## 检查你的应用是否依赖于 Docker {#find-docker-dependencies}
-
-<!-- 
-If you are using Docker for building your application containers, you can still
-run these containers on any container runtime. This use of Docker does not count
-as a dependency on Docker as a container runtime.
--->
-即使你是通过 Docker 创建的应用容器，也不妨碍你在其他任何容器运行时上运行这些容器。
-这种使用 Docker 的方式并不构成对 Docker 作为一个容器运行时的依赖。
-
-<!-- 
-When alternative container runtime is used, executing Docker commands may either
-not work or yield unexpected output. This is how you can find whether you have a
-dependency on Docker:
--->
-当用了别的容器运行时之后，Docker 命令可能不工作，或者产生意外的输出。
-下面是判定你是否依赖于 Docker 的方法。
-
-<!--
-1. Make sure no privileged Pods execute Docker commands (like `docker ps`),
-   restart the Docker service (commands such as `systemctl restart docker.service`),
-   or modify Docker-specific files such as `/etc/docker/daemon.json`.
-1. Check for any private registries or image mirror settings in the Docker
-   configuration file (like `/etc/docker/daemon.json`). Those typically need to
-   be reconfigured for another container runtime.
-1. Check that scripts and apps running on nodes outside of your Kubernetes
-   infrastructure do not execute Docker commands. It might be:
-   - SSH to nodes to troubleshoot;
-   - Node startup scripts;
-   - Monitoring and security agents installed on nodes directly.
-1. Third-party tools that perform above mentioned privileged operations. See
-   [Migrating telemetry and security agents from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents)
-   for more information.
-1. Make sure there is no indirect dependencies on dockershim behavior.
-   This is an edge case and unlikely to affect your application. Some tooling may be configured
-   to react to Docker-specific behaviors, for example, raise alert on specific metrics or search for
-   a specific log message as part of troubleshooting instructions.
-   If you have such tooling configured, test the behavior on test
-   cluster before migration.
--->
-1. 确认没有特权 Pod 执行 Docker 命令（如 `docker ps`）、重新启动 Docker
-   服务（如 `systemctl restart docker.service`）或修改 Docker 配置文件
-   `/etc/docker/daemon.json`。
-2. 检查 Docker 配置文件（如 `/etc/docker/daemon.json`）中容器镜像仓库的镜像（mirror）站点设置。
-   这些配置通常需要针对不同容器运行时来重新设置。
-3. 检查确保在 Kubernetes 基础设施之外的节点上运行的脚本和应用程序没有执行 Docker 命令。
-   可能的情况如：
-   - SSH 到节点排查故障；
-   - 节点启动脚本；
-   - 直接安装在节点上的监控和安全代理。
-4. 检查执行上述特权操作的第三方工具。详细操作请参考
-   [从 dockershim 迁移遥测和安全代理](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents)。
-5. 确认没有对 dockershim 行为的间接依赖。这是一种极端情况，不太可能影响你的应用。
-   一些工具很可能被配置为使用了 Docker 特性，比如，基于特定指标发警报，
-   或者在故障排查指令的一个环节中搜索特定的日志信息。
-   如果你有此类配置的工具，需要在迁移之前，在测试集群上测试这类行为。
-
-<!-- 
-## Dependency on Docker explained {#role-of-dockershim}  
--->
-## Docker 依赖详解 {#role-of-dockershim}
-
-<!-- 
-A [container runtime](/docs/concepts/containers/#container-runtimes) is software that can
-execute the containers that make up a Kubernetes pod. Kubernetes is responsible for orchestration
-and scheduling of Pods; on each node, the {{< glossary_tooltip text="kubelet" term_id="kubelet" >}}
-uses the container runtime interface as an abstraction so that you can use any compatible
-container runtime.
- -->
-[容器运行时](/zh/docs/concepts/containers/#container-runtimes)是一个软件，用来运行组成 Kubernetes Pod 的容器。
-Kubernetes 负责编排和调度 Pod；在每一个节点上，{{< glossary_tooltip text="kubelet" term_id="kubelet" >}}
-使用抽象的容器运行时接口，所以你可以任意选用兼容的容器运行时。
-
-<!-- 
-In its earliest releases, Kubernetes offered compatibility with one container runtime: Docker.
-Later in the Kubernetes project's history, cluster operators wanted to adopt additional container runtimes.
-The CRI was designed to allow this kind of flexibility - and the kubelet began supporting CRI. However,
-because Docker existed before the CRI specification was invented, the Kubernetes project created an
-adapter component, `dockershim`. The dockershim adapter allows the kubelet to interact with Docker as
-if Docker were a CRI compatible runtime.
- -->
-在早期版本中，Kubernetes 提供的兼容性支持一个容器运行时：Docker。
-在 Kubernetes 发展历史中，集群运营人员希望采用更多的容器运行时。
-于是 CRI 被设计出来满足这类灵活性需要 - 而 kubelet 亦开始支持 CRI。
-然而，因为 Docker 在 CRI 规范创建之前就已经存在，Kubernetes 就创建了一个适配器组件 `dockershim`。
-dockershim 适配器允许 kubelet 与 Docker 交互，就好像 Docker 是一个 CRI 兼容的运行时一样。
-
-<!-- 
-You can read about it in [Kubernetes Containerd integration goes GA](/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/) blog post.
- -->
-你可以阅读博文
-[Kubernetes 正式支持集成 Containerd](/zh/blog/2018/05/24/kubernetes-containerd-integration-goes-ga/)。
-
-<!-- Dockershim vs. CRI with Containerd -->
-![Dockershim 和 Containerd CRI 的实现对比图](/images/blog/2018-05-24-kubernetes-containerd-integration-goes-ga/cri-containerd.png)
-
-<!-- 
-Switching to Containerd as a container runtime eliminates the middleman. All the
-same containers can be run by container runtimes like Containerd as before. But
-now, since containers schedule directly with the container runtime, they are not visible to Docker.
-So any Docker tooling or fancy UI you might have used
-before to check on these containers is no longer available.
- -->
-切换到容器运行时 Containerd 可以消除掉中间环节。
-所有相同的容器都可由 Containerd 这类容器运行时来运行。
-但是现在，由于直接用容器运行时调度容器，它们对 Docker 是不可见的。
-因此，你以前用来检查这些容器的 Docker 工具或漂亮的 UI 都不再可用。
-
-<!-- 
-You cannot get container information using `docker ps` or `docker inspect`
-commands. As you cannot list containers, you cannot get logs, stop containers,
-or execute something inside container using `docker exec`.
- -->
-你不能再使用 `docker ps` 或 `docker inspect` 命令来获取容器信息。
-由于你不能列出容器，因此你不能获取日志、停止容器，甚至不能通过 `docker exec` 在容器中执行命令。
-
-<!-- 
-If you're running workloads via Kubernetes, the best way to stop a container is through
-the Kubernetes API rather than directly through the container runtime (this advice applies
-for all container runtimes, not only Docker).
- -->
-{{< note >}}
-如果你在用 Kubernetes 运行工作负载，最好通过 Kubernetes API 停止容器，
-而不是通过容器运行时来停止它们
-（此建议适用于所有容器运行时，不仅仅是针对 Docker）。
-{{< /note >}}
-
-<!-- 
-You can still pull images or build them using `docker build` command. But images
-built or pulled by Docker would not be visible to container runtime and
-Kubernetes. They needed to be pushed to some registry to allow them to be used
-by Kubernetes.
- -->
-你仍然可以下载镜像，或者用 `docker build` 命令创建它们。
-但用 Docker 创建、下载的镜像，对于容器运行时和 Kubernetes，均不可见。
-为了在 Kubernetes 中使用，需要把镜像推送（push）到某镜像仓库。
-
-<!-- ## {{% heading "whatsnext" %}}
-
-- Read [Migrating from dockershim](/docs/tasks/administer-cluster/migrating-from-dockershim/) to understand your next steps
-- Read the [dockershim deprecation FAQ](/blog/2020/12/02/dockershim-faq/) article for more information. 
--->
-## {{% heading "whatsnext" %}}
-
-- 阅读[从 dockershim 迁移](/zh/docs/tasks/administer-cluster/migrating-from-dockershim/)以了解你的下一步工作
-- 阅读[dockershim 弃用常见问题解答](/zh/blog/2020/12/02/dockershim-faq/)文章了解更多信息。
\ No newline at end of file
diff --git a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md
index 7a6f3c8df9..5c11ccc645 100644
--- a/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md
+++ b/content/zh/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use.md
@@ -55,16 +55,34 @@ kubectl get nodes -o wide
 <!--
 The output is similar to the following. The column `CONTAINER-RUNTIME` outputs
 the runtime and its version.
+
+For Docker Engine, the output is similar to this:
 -->
 输出如下面所示。`CONTAINER-RUNTIME` 列给出容器运行时及其版本。
 
+对于 Docker Engine，输出类似于： 
 ```none
-# For dockershim
 NAME         STATUS   VERSION    CONTAINER-RUNTIME
 node-1       Ready    v1.16.15   docker://19.3.1
 node-2       Ready    v1.16.15   docker://19.3.1
 node-3       Ready    v1.16.15   docker://19.3.1
 ```
+<!--
+If your runtime shows as Docker Engine, you still might not be affected by the
+removal of dockershim in Kubernetes 1.24. [Check the runtime
+endpoint](#which-endpoint) to see if you use dockershim. If you don't use
+dockershim, you aren't affected. 
+
+For containerd, the output is similar to this:
+-->
+
+如果你的容器运行时显示为 Docker Engine，你仍然可能不会被 1.24 中 dockershim 的移除所影响。
+通过[检查运行时端点](#which-endpoint)，可以查看你是否在使用 dockershim。
+如果你没有使用 dockershim，你就不会被影响。
+看下是否是使用的 dockershim，如何是 dockershim 则会受到在 Kubernetes 1.24 中移除 dockershim 的影响。
+反之则不会受到影响。
+
+对于 containerd，输出类似于这样： 
 
 ```none
 # For containerd
@@ -81,3 +99,88 @@ on [Container Runtimes](/docs/setup/production-environment/container-runtimes/)
 你可以在[容器运行时](/zh/docs/setup/production-environment/container-runtimes/)
 页面找到与容器运行时相关的更多信息。
 
+<!--
+## Find out what container runtime endpoint you use {#which-endpoint}
+-->
+## 检查当前使用的运行时端点  {#which-endpoint}
+
+<!--
+The container runtime talks to the kubelet over a Unix socket using the [CRI
+protocol](/docs/concepts/architecture/cri/), which is based on the gRPC
+framework. The kubelet acts as a client, and the runtime acts as the server.
+In some cases, you might find it useful to know which socket your nodes use. For
+example, with the removal of dockershim in Kubernetes 1.24 and later, you might
+want to know whether you use Docker Engine with dockershim.
+-->
+
+容器运行时使用 Unix Socket 与 kubelet 通信，这一通信使用基于 gRPC 框架的
+[CRI 协议](/zh/docs/concepts/architecture/cri/)。kubelet 扮演客户端，运行时扮演服务器端。
+在某些情况下，你可能想知道你的节点使用的是哪个 socket。
+如若集群是 Kubernetes 1.24 及以后的版本，
+或许你想知道当前运行时是否是使用 dockershim 的 Docker Engine。
+
+<!--
+{{<note>}}
+If you currently use Docker Engine in your nodes with `cri-dockerd`, you aren't
+affected by the dockershim removal.
+{{</note>}}
+-->
+
+{{<note>}}
+如果你的节点在通过 `cri-dockerd` 使用 Docker Engine，
+那么集群不会受到 Kubernetes 移除 dockershim 的影响。
+{{</note>}}
+
+<!--
+You can check which socket you use by checking the kubelet configuration on your
+nodes.
+-->
+可以通过检查 kubelet 的参数得知当前使用的是哪个 socket。
+
+<!--
+1.  Read the starting commands for the kubelet process:
+
+    ```
+    tr \\0 ' ' < /proc/"$(pgrep kubelet)"/cmdline
+    ```
+    If you don't have `tr` or `pgrep`, check the command line for the kubelet
+    process manually.
+-->
+1. 查看 kubelet 进程的启动命令
+   
+   ```
+    tr \\0 ' ' < /proc/"$(pgrep kubelet)"/cmdline
+   ```
+   如有节点上没有 `tr` 或者 `pgrep`，就需要手动检查 kubelet 的启动命令
+
+<!--
+1.  In the output, look for the `--container-runtime` flag and the
+    `--container-runtime-endpoint` flag.
+
+    *   If your nodes use Kubernetes v1.23 and earlier and these flags aren't
+        present or if the `--container-runtime` flag is not `remote`,
+        you use the dockershim socket with Docker Engine.
+    *   If the `--container-runtime-endpoint` flag is present, check the socket
+        name to find out which runtime you use. For example,
+        `unix:///run/containerd/containerd.sock` is the containerd endpoint.
+-->
+2. 在命令的输出中，查找 `--container-runtime` 和 `--container-runtime-endpoint` 标志。
+
+   * 如果 Kubernetes 集群版本是 v1.23 或者更早的版本，并且这两个参数不存在，
+      或者 `container-runtime` 标志值不是 `remote`，则你在通过 dockershim 套接字使用
+      Docker Engine。
+     或者如果集群使用的 Docker engine 和 dockershim socket，则输出结果中 `--container-runtime` 不是 `remote`,
+   * 如果设置了 `--container-runtime-endpoint` 参数，查看套接字名称即可得知当前使用的运行时。
+     如若套接字 `unix:///run/containerd/containerd.sock` 是 containerd 的端点。
+     
+<!--
+If you want to change the Container Runtime on a Node from Docker Engine to containerd,
+you can find out more information on [migrate to a different runtime](/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/),
+or, if you want to continue using Docker Engine in v1.24 and later, migrate to a
+CRI-compatible adapter like [`cri-dockerd`](https://github.com/Mirantis/cri-dockerd).
+-->
+如果想将节点上的容器运行时从 Docker Engine 切换成 containerd，可在
+[Docker Engine 迁移到 containerd](zh/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/) 
+找到更多信息。或者，如果你想在 Kubernetes v1.24 及以后的版本仍使用 Docker Engine，
+可以安装 CRI 兼容的适配器实现，如 [`cri-dockerd`](https://github.com/Mirantis/cri-dockerd)。
+[`cri-dockerd`](https://github.com/Mirantis/cri-dockerd)。
\ No newline at end of file