Kubernetes Drops dockershim: Unraveling Docker, containerd, and the Future of Containers

Docker

Docker is an open-source platform that enables developers to build, deploy, run, update and manage containers—standardized, executable components that combine application source code with the operating system (OS) libraries and dependencies required to run that code in any environment.

What Docker does do?

Docker is used to build our applications into image layers with all supported libraries and dependencies that can run in any environment.

When we are giving commands like docker build the application is converted into layers of images with all supported libraries and dependencies. These docker-build images can run in any environment.

How does Kubernetes utilise Docker?

Here, we must comprehend how Kubernetes and Docker will interact and which Docker components are necessary for running an application within Kubernetes.

  • Kubernetes utilizes the Docker runtime as its container execution environment, with the Docker daemon running within Kubernetes clusters.

  • Kubernetes does not depend on or make use of other Docker-specific functionalities, emphasizing its primary role in container orchestration and workload management.

  • Docker is using containerd to manage the containers in the Linux kernel.

Why does Kubernetes deprecate docker?

  • At the time, Docker was the most widely used container runtime, and it contributed to the growth of container technology.

  • Dockershim, a component of the Kubernetes code used to connect with the docker container runtime, has been developed by Kubernetes.

  • Instead of using any other features from Docker, Kubernetes makes use of its container runtime.

  • While only the Docker container runtime is required for deployment, K8s has chosen to remove the Dockershim from the code.

  • They can save a lot of CPU and RAM and deploy fewer components while still reducing security risks by doing away with Docker.

  • Containerd was previously a component of the docker daemon code, but it was separated to run independently for Kubernetes.

  • Later, CNCF adopted containerd and it is being developed as a separate project

  • Containerd is the second most popular among all the container runtimes

What is Containerd?

Containerd is an open-source container runtime and container management tool that provides the core functionality for running and managing containers on a host system. It is designed to be lightweight and platform-agnostic, making it a critical component in container ecosystems like Docker and Kubernetes.

Here are some key features of containerd:

  • Container Runtime: Containerd manages containers, including creation, start, stop, and deletion, using technologies like runC for secure isolation.

  • Image Management: It pulls and stores container images efficiently, handling layers and caching.

  • Snapshotting: Containerd handles filesystem snapshots, enabling shared layers for space efficiency.

  • OCI Compatibility: Compliant with Open Container Initiative (OCI) standards for interoperability.

  • Plugin Architecture: Modular design allows extensibility via custom plugins.

  • Low-Level Abstraction: Offers a low-level API for containers, utilized by higher-level orchestration tools.

  • Security and Isolation: Prioritizes container security via Linux kernel features like namespaces and cgroups.

  • Cross-Platform: Designed to work on various operating systems and is not tied to a specific container system.

Who needs to worry?

  • You don't need to be concerned about this deprecation if you use managed Kubernetes like EKS or GKE in any cloud platforms like AWS or Google because they already utilise containerd as their runtime.

  • Users of self-managed Kubernetes must switch their runtimes to any other container runtime since they are in charge of setting up the Control plane of Kubernetes.

  • For those that use Docker as their runtime, there exist substitutes for the container runtime. substitutes for Docker include installing Dockershim as a standalone component in a cluster.

Will docker images run inside k8s without docker ?

  • To develop, test, and deploy our application images in K8s, we will use Docker in our CI/CD pipelines.

  • The Linux Foundation's Open Container Initiative (OCI) establishes guidelines for how containers should operate.

  • These OCI standards are adhered to by container runtimes like containerd, CRI-O, and docker.

  • Any container platform in the container technology will be able to run any container image that is created independently of any tools.

To make it simple,

Summary

This blog examined the relationship between Docker and Kubernetes, highlighting how Kubernetes relies on Docker's runtime. With the deprecation of Dockershim, Kubernetes moved towards containerd for its container management needs. This shift underscores the industry's focus on standards like OCI for container portability.

Do follow and Subscribe to my newsletter for the latest updates.

0
Subscribe to my newsletter

Read articles from Jayakumar Sakthivel directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Jayakumar Sakthivel
Jayakumar Sakthivel

As a DevOps Engineer, I specialize in streamlining and automating software delivery processes utilizing advanced tools like Git, Terraform, Docker, and Kubernetes. I possess extensive experience managing cloud services from major providers like Amazon, Google, and Azure. I excel at architecting secure CI/CD pipelines, integrating top-of-the-line security tools like Snyk and Checkmarx to ensure the delivery of secure and reliable software products. In addition, I have a deep understanding of monitoring tools like Prometheus, Grafana, and ELK, which enable me to optimize performance and simplify cloud migration journeys. With my broad expertise and skills, I am well-equipped to help organizations achieve their software delivery and cloud management objectives.