No More Docker in Kubernetes?

Docker support in the kubelet is now deprecated and will be removed in a future release. The kubelet uses a module called "dockershim" which implements CRI support for Docker and it has seen maintenance issues in the Kubernetes community. We encourage you to evaluate moving to a container runtime that is a full-fledged implementation of CRI (v1alpha1 or v1 compliant) as they become available. (#94624, @dims) [SIG Node]

Whats up with that?

Historically, for Kubernetes to support Docker, it was necessary for the Kubernetes team to create and then maintain a dockershim as part of the kubelet codebase to integrate with Docker. As other container providers entered the space (e.g., CoreOS/ContainerLinux's rkt, podman, etc. ), the Kubernetes team responded to requests to support alternative container runtimes by introducing the Container Runtime Interface (CRI). The CRI provides a plug-in interface to allow kubelet to support a wide range of container runtime without the need to recompile the codebase. This approach allows Kubernetes users to select any container runtime as long as it implements the CRI. Unfortunately, Docker isn't CRI compliant.

The problem with Docker

While Docker is often considered a container runtime, it reality, it isn't. Instead, Docker is actually a suite of tools that handles a host of responsibilities. These responsibilities include providing application infrastructure, container construction, networking, orchestration, security, authorization, and a host of other application lifecycle services. Under the covers, Docker is calling an actual container runtime named containerd.


To ensure that containers would be interoperable between runtimes, the Linux Foundation, Docker, and several other container industry leaders created the Open Container Initiative (OCI) in 2015. The OCI created two specifications: the Runtime Specification (runtime-spec), and the Image Specification image-spec. The runtime-spec is responsible for defining container lifecycle management and interaction, while the image-spec establishes the structure of the container image format. From these specifications, Docker, along with Google and IBM created the containerd project in 2016 to implement the OCI specification. In 2017, containerd was donated to the Cloud Native Computing Foundation (CNCF) to provide a vendor-neutral container runtime implementation. Since then, in addition to graduating from the CNCF, as of version 1.5, Container Runtime Interface (CRI) support has been merged in to allow it to work seemlessly necessarywith Kubernetes.

Removing Docker Support

The decision to discontinue support for Docker is a matter of practicality. Docker was never designed to be embedded into Kubernetes. The Kubernetes team decided it was no longer practical to expend the resources necessary to maintain dockershim when it could directly call containerd through the supported CRI and cut out the middle-man.

While Kubernetes will continue to support Docker in version 1.20, users will get a deprecation warning for Docker. When the Docker runtime support is finally removed (currently slated for version 1.22), users will need to switch to one of the CRI-compliant container runtimes.

Do I have to change my dockerfiles?

The good news is that your Docker-created containers are still valid. As mentioned earlier, Docker was part of the Open Container Initiative (OCI), and as such, the containers it creates are compliant with the Image Specification. As such, they will work in any OCI-compliant runtime.

Kubernetes, Containerd, and Microk8s

In recent articles, we have been using MicroK8s as our Kubernetes distribution. This decision was primarily due to its ease of installation, minimalist distribution, simplicity, and performance. One other important feature is that its default container runtime is containerd. From a development perspective, this solves several problems often encountered when sharing a Docker installation between a development Kubernetes cluster and local Docker image authoring.

Much ado about nothing

For most, this news amounts to little more than click-bait. Most developers and administrators will simply upgrade their Kubernetes, installation and use whatever the distribution default to (e.g., containerd, CRI-O, etc.). For those who must wish to continue using Docker with Kubernetes, all hope is not lost. Mirantis and Docker have announced that they will take over maintenance and support for dockershim from the Kubernetes team.