No More Docker in Kubernetes?
Docker support in the kubelet is now deprecated and will be removed in a future release. The kubelet uses a module called "dockershim" which implements CRI support for Docker and it has seen maintenance issues in the Kubernetes community. We encourage you to evaluate moving to a container runtime that is a full-fledged implementation of CRI (v1alpha1 or v1 compliant) as they become available. (#94624, @dims) [SIG Node]
Whats up with that?Historically, for Kubernetes to support Docker, it was necessary for the Kubernetes team to create and then maintain a dockershim as part of the kubelet codebase to integrate with Docker. As other container providers entered the space (e.g., CoreOS/ContainerLinux's rkt, podman, etc. ), the Kubernetes team responded to requests to support alternative container runtimes by introducing the Container Runtime Interface (CRI). The CRI provides a plug-in interface to allow kubelet to support a wide range of container runtime without the need to recompile the codebase. This approach allows Kubernetes users to select any container runtime as long as it implements the CRI. Unfortunately, Docker isn't CRI compliant.
The problem with DockerWhile Docker is often considered a container runtime, it reality, it isn't. Instead, Docker is actually a suite of tools that handles a host of responsibilities. These responsibilities include providing application infrastructure, container construction, networking, orchestration, security, authorization, and a host of other application lifecycle services. Under the covers, Docker is calling an actual container runtime named containerd.
ContainerdTo ensure that containers would be interoperable between runtimes, the Linux Foundation, Docker, and several other container industry leaders created the Open Container Initiative (OCI) in 2015. The OCI created two specifications: the Runtime Specification (runtime-spec), and the Image Specification image-spec. The runtime-spec is responsible for defining container lifecycle management and interaction, while the image-spec establishes the structure of the container image format. From these specifications, Docker, along with Google and IBM created the containerd project in 2016 to implement the OCI specification. In 2017, containerd was donated to the Cloud Native Computing Foundation (CNCF) to provide a vendor-neutral container runtime implementation. Since then, in addition to graduating from the CNCF, as of version 1.5, Container Runtime Interface (CRI) support has been merged in to allow it to work seemlessly necessarywith Kubernetes.
Removing Docker SupportThe decision to discontinue support for Docker is a matter of practicality. Docker was never designed to be embedded into Kubernetes. The Kubernetes team decided it was no longer practical to expend the resources necessary to maintain dockershim when it could directly call containerd through the supported CRI and cut out the middle-man.
While Kubernetes will continue to support Docker in version 1.20, users will get a deprecation warning for Docker. When the Docker runtime support is finally removed (currently slated for version 1.22), users will need to switch to one of the CRI-compliant container runtimes.