The mention of Kubernetes dropping support for Docker in the release notes raised a lot of eyebrows.
Docker support in the kubelet is now deprecated and will be removed in a future release. The kubelet uses a module called “dockershim” which implements CRI support for Docker and it has seen maintenance issues in the Kubernetes community. We encourage you to evaluate moving to a container runtime that is a full-fledged implementation of CRI
What Docker does at high level:
- Docker can build container images
- Docker can push and pull from container registries
- Docker can create container processes
- Docker is a container runtime.
Kubernetes is an orchestration tool that groups many different compute resources such as virtual/physical machines and make it look like a huge compute resource for your application to run and share with others. In the current architecture, Docker, as a container runtime, is used only to run those applications in an actual host.
Docker is a popular choice for that runtime, but Docker was not designed to be embedded inside Kubernetes. Docker includes many user enhancements for programmers, but Kubernetes doesn’t need any of that. The part that Kubernetes needs is just ‘containerd’.
Additionally, Docker is not compliant with CRI, the Container Runtime Interface. Because of this, Kubernetes used a bridge service called “dockershim”. Maintaining dockershim had become a heavy burden on the Kubernetes maintainers. Dockershim was always intended to be a temporary solution. The CRI standard was created to reduce this burden and allow smooth interoperability of different container runtimes. Docker itself doesn’t currently implement CRI, hence the problem.
So to summarize, here are the two major reasons why Kubernetes is deprecating Docker:
- Management overhead of dockershim.
- Docker is not complaint with CRI
Currently dockershim is still working fine, but will be dropped at version 1.23 in late 2021.