►
From YouTube: Docker we still love you
Description
With dockershim removal scheduled in v1.24 release of Kubernetes, there have been a lot of confusion regarding this. In this talk, I will majorly discuss the "why dockershim removal" was necessary and discuss how the "shim" and container runtime are quite unrelated will further focus on the container ecosystem and the readily available options.
The talk will also focus on how CRI makes it easier for Kubernetes to use different container runtimes. It will include adequate links to available resources to help people understand the migration and make necessary changes.
A
This
means
is
defective
of
what
happened
last
year.
When
you
know
docker
announced
it
is
deprecating
a
docker
ship.
You
know,
and
there
was
a
havoc
along
the
depths
community,
especially
the
sre
and
devops.
They
thought
and
those
people,
especially
who
weren't
aware
about
things
like
container
run
time,
oci
and
other
things
they
thought
you
know.
A
Document
removal
means
the
death
of
docker
and
kind
of
you
know
they
thought
that
we
won't
be
supporting
container
images
built
out
of
docker,
which
is
very
untrue,
and
if
you
know
the
real
reason
behind
the
removal
of
docker
sim,
it
is
for
the
benefit
of
the
project
and
how
it's
indicative
of
how
the
project
is
becoming
more
and
more
inclusive
for
various
container
runtimes
that
are
coming
up
in
recent
advancements
in
particular
technologies.
A
So,
in
this
talk
I'll
give
you
a
context
of
what
is
what
is
happening
and
how
you
know
this.
Whole
things
are
interlinked
how
cubelet
talks
to
containers
and
how
they
occur.
In
turn,
orchestrate
helps
in
orchestration
of
cuban
the
occupation
of
the
containers
for
communities.
We
will
be
seeing
what
is
what
is
happening
in
communities
1.24
and
there's
no
need
to
panic,
it's
time
to
adapt
and
the
resources.
A
The
unlimited
resources
that
every
day
of
stream
devs
are
trying
to
create
for
end
users
as
well
as
upstream
folks,
obviously
to
help
understand
what
is
going
on
behind
the
scenes.
A
So,
as
we
know
at
the
lower
layers
at
the
lowest
layers,
the
fundamental
accumulation
node
is
the
software
that,
among
other
things,
starts
and
stops
contacting
the
basic
things
and
the
thing
that
does
this.
We
call
this
container
run
time.
Basically,
and
you
know,
tubelet
communicates
with
the
container
run
time
over
unix
sockets,
using
grpc
framework,
where
cubelet
acts
as
a
client
and
cra
seem
acts
as
a
server
and
inherently
when
docker
started
doc.
The
docker
started.
It
was
a
monolithic
service
and
kubernetes.
A
When
it
started,
docker
was
the
only
container
runtime
that
was
prevalent
in
the
market,
so
they
came
up
with
something
called
docker
shim
to
support
the
container
runtime
interface
for
docker,
because
docker
inherently
didn't
hide.
This
container
runtime
interface,
but
with
you
know,
with
more
and
more
container
runtime
container
runtimes
coming
up
in
kubernetes
1.5
release,
with
the
reason
of
being
more
inclusive,
providing
developers
more
options
of
using
various
container
runtimes.
A
It
came
up
with
a
container
runtime
interface,
which
is
a
plug-in
or
interface
which
enables
cubelet
to
use
a
wide
variety
of
container
runtimes
without
the
need
to
recompile.
I
would
say
so.
Historically,
if
you
will
see
docker,
you
know
started
as
a
monolithic
project.
A
As
I
have
said,
you
know
modulated
tool
that
contained
the
ability
to
set
up
containers
along
with
a
myriad
of
developers,
tool,
including
you
know,
cli
logging,
storage
management,
network
building
tools
and
many
other
features
outside
the
core
capacity
to
create
a
container
and
in
the
vein
of
unix
philosophy.
However,
docker
eventually
broke
up.
You
know
these
components
and
contributed
the
container
d.
A
If
you
could
see
in
the
first
thing,
this
container
d
is
the
container
runtime
component
of
docker
and
it
has
been
developed
as
an
open
source
project
and
have
been
donated
to
cncf,
so
the
default
configuration
in
kubernetes
kept
docker
as
the
abstraction
layer
on
the
top
of
continuity.
As
as
we
started,
you
know.
As
I
say
in
initial
days,
we
used
docker
as
the
abstraction
layer
on
top
of
alternative,
which
in
turn
was
an
abstraction
layer.
A
On
top
of
parenthesis,
this
additional
layers
and
all
of
the
additional
layers
that
docker
includes
obviously
creates
maintenance,
attack,
headaches,
significant
overhead
and
larger
attack
surface
of
exploits,
and
this
is
not
ideal
in
the
future
environment.
But
teams
are,
you
know,
deploying
code
multiple
times
a
day,
so
the
additional
layer
also
introduces
serious
security
implications
and,
at
the
same
time
of
when
other
container
runtimes
begin
popping
up,
kubernetes
maintainer
came
up
with
this
standard
called
the
container
runtime
interface
in
the
1.5
version,
which
you
prompt
in
the
last
slide.
A
That
would
be
a
common
language
for
communication
between
cubelets
and
container
runtimes
and
as
docker
wasn't
compliant
with
the
standard
it
required.
A
middle
layer
sim
to
operate,
obviously
that's
the
reason
why
docker
sim
is
there
and
if
it
would
have
inherently
supported
this
cri,
we
wouldn't
have
needed
this
document
and
you
know
kubernetes
and
container
demand
maintainers,
and
it
is
here.
A
I
seem
for
communities
to
talk
directly
to
content
id
which
you
could
find
in
container
d
1.0,
so
this
allowed
now
this
allowed
kubernetes
to
cut
out
docker
and
use
container
directly,
so
this
technically
reduce
the
container
capabilities.
Obviously,
the
the
reason
why
docker
is
famous
among
developers
is
its
other
capabilities
of
logging
and
the
cli.
It
provides
inherent
cli
and
other
things,
but
you
know
those
capabilities
are
quite
unnecessary
for
an
orchestration
tool
like
communities,
because
you
know,
containers
managed
by
communities,
for
example,
does
doesn't
need
access.
A
However,
cri
sim,
you
know
this,
this
demon
added
another
complexity
and
another.
You
know
attack
surface
for
so-called
developers,
so
you
know
how
this
thing
functioned
in
container
d.
1.0
is
you
know
this
daemon
called
cra
container
d
was
required
to
operate
between
cubelet
and
cartel
d
and
cri
continuously
handled
the
container
runtime
interface
service,
requests
from
cubelet
and
used
container
d
to
manage
containers
and
category
images
correspondingly
so
compared
to
docker
sim,
you
know
docker
sim,
the
docker
cr
implementation.
A
This
eliminated
one
extra
hop
up
stack,
but
in
container
continuity,
1.1,
which
came
up
after
you
know
in
2016
cryo.
When
came
up
with
an
alternative
to
docker.
It
jumped
ahead
of
the
continuity's
evolution,
evolution
and
included
a
native
cra
plug-in
from
the
beginning,
and
following
this
in
continental
1.1,
you
will
find
the
cra
container.
D1
is
now
refactored
to
be
a
container
dcra
plug-in.
You
know
aligning
with
what
cryo
came
up,
so
this
cra
plugin
interacts
with
container
d
through
direct
function
calls.
A
So
this
new
architecture
makes
the
integration
more
stable
and
efficient
and
eliminates
another
grpc
hop
in
the
stack
and
user
can
now
use
kubernetes
and
container
d
1.1
or
cryo
directly.
You
know-
and
you
know,
kubernetes
talks
directly
via
the
cri
to
pull
an
image
launch
the
low
level
runtime
to
set
up
name
spaces
c
groups,
root
file,
system,
storage.
Everything
you
know
could
be
done
directly
from
cubelet
to
the
abstraction
level
of
continuity
and
cri
and
cryo
through
this
cra
plugin.
That
has
come
up
with
so
now
we
need
to
understand.
A
You
know
this
container,
runtime
and
container
built
environment
are
completely
different
things.
You
know
we
can
still
build
our
container
on
docker
and
it
it
can
still,
you
know,
run
on
different
environment
and
any
any
container
that
is
oci
compliant
would
be
able
to
would
be
able
to
be
supported
by
orchestration
tools
like
communities.
A
This
again,
you
know,
as
I
said
in
the
first
slide
as
soon
as
humanity's
announced
docker
sim
removal,
folks
that
were
unaware
of
oci
and
cry.
You
know
this
thing
basically
came
up.
You
know
docker
produced
images.
What
will
happen
to
them?
This
was
the
question.
Will
it
continue
to
work
in
your
cluster
with
all
the
runtimes?
A
Yes,
it
will
will
be
able
to
work
and
because,
because
of
what
work
docker
has
done,
along
with
other
foundations,
to
build
this
open
container
initiative,
you
know,
which
is
an
open
governance
structure
for
express
purpose
of
creating
open
industry
standards
for
container
formats
and
run
times,
so
it
was
established
by
docker
in
2015,
and
everyone
follows
the
runtime
specification
and
the
image
specification,
and
you
know
these
these
two
paragraphs.
Basically,
I
took
it
directly
from
the
ocm
website
to
introductory
paragraphs.
A
You
could
read
more
about
the
foundation,
this
open
governance
structure
and
how
it
is.
It
is
creating
the
ecosystem
more
and
more
inclusive,
for
the
tools
that
are
at
a
higher
abstraction
level
than
the
controller.
That
is
the
orchestration
tools.
A
So
when
we
talked
about
you
know,
docker
docker,
which
started
as
a
monolithic
tool,
started
to
scale
itself
and
build
different
parts
of
it.
So
container
d
became
the
container
runtime
part
of
the
docker,
which
was
you
know,
donated
to
cncf,
and
it's
an
open
source
project
and
shifting
from
native
docker
engine
to
container
d
won't
be.
A
You
know
much
of
a
change
for
for
you
or
for
any
kubernetes
users,
especially
for
the
folks
who
have
who
are
you
know
using
enterprise
kubernetes
like
from
aws
from
gcp
from
vmware
or
red
hat.
They
did
not
have
to
worry
because
they
have
this
default
option
of
converting
their
clusters
or
putting
container
d
by
default
in
their
clusters,
and
even
these
enterprise
folks
are
making
people
aware
you
know,
and
we,
as
communities
of
student
debt
community
are
trying
to
put
up.
A
Surveys
know
how
much
prepared
everyone
for
this
docker
simulator.
So,
yes,
as
I
said,
you
know
migrating
from
docker
sim
to
other
cris.
We
have.
We
have
direct
technical
blogs
which
no
technical
documentation
which
highlights
the
processes.
You
need
to
shift
your
node
from
docker
engine
to
cryo
or
container
d,
how
to
drain
the
node
or
you
know,
stop
the
node
and
shift
from
one
docker
engine
to
other
cris.
A
So
you
know,
as
we
saw
in
all
these
slides,
you
know,
the
lower
abstraction
level
is
run
c
that
is
uniform
throughout
from
cryo
to
container
d
to
docker.
There
is
just
an
increase
in
abstraction
level
and
increase
of
features
as
we
go
up
higher
in
the
affection
level
and
the
value
chain.
A
So
there
are
a
few
differences
around
the
edges
which
you
need
to
take
care
of,
like
logging
configuration,
runtime
resource
limitations,
node
provisioning
scripts
that
called
docker
or
used
blocker
wires
control,
socket
cube,
ctl
plug-ins
that
require
docker
cli,
basically,
which
is
an
added
feature
to
docker
on
top
of
the
controller
abstraction.
So
the
configuration
of
functionality
like
registry
mirrors
and
insecure
registries
other
support
scripts.
So
these
whole,
all
things
are
mentioned
in
the
updated
faqs
of
our
document,
application
that
is
available
in
kids.io
website.
A
You
could
go
and
read
those
things,
and
these
are
the
resources
which
majorly,
unless
all
things
you
know,
basically
the
faqs
and
first
of
all,
you
should
know
whether
docker
shift
application
affects
you
or
not,
because
continuity
has
been
part
of
cncf
since
a
large
amount
of
time
and
people
have
shifted
to
continentally,
even
before
the
docker
shield
application
was
announced
or
in
even
after
docker,
symptoms
was
announced.
A
So
you
don't
have
to
worry
about
docker
removal
now,
if
you
have
already
sticked
to
so,
you
need
to
check
whether
docker
synthetication
affects
you
or
not,
and
this
block
is
very
important
for
everyone,
and
there
is
an
list
of
our
articles
on
docker,
sim
removal
and
on
using
other
cri
compatible
runtimes.
Those
are
available
in
case.I
o
website,
so
we
saw
you
know
how
a
container
runtime
is
evolving
with
time
with
container
technologies
are
evolving.
A
New
and
new
container
runtimes
are
coming
up
and
using
container
runtime
interface,
cri
plug-in
kubernetes
could
interact
with
any
oci
compliant
containers,
and
until
this
oci
compliant
containers
are
present
in
the
market
or
are
coming
up,
you
need
not
worry
about
what
will
happen
to
your
clusters.
You
know
it.
It
won't
stop.
A
Working
and
kubernetes
will
be
able
to
manage
everything
in
your
clusters
using
this
container
runtime
plugin,
but
for
now,
since
docker
has
docker
engine
has
been
an
inherent
part
since
the
early
days
of
communities,
and
yet
it's
still
a
part.
We
are
still
supporting
any
container.
A
Runtime
and
docker
qualifies
as
a
container
runtime
electrons
container
d
inherently,
but
the
additional
tools
support
like
the
cli
and
all
those
things
that
will
drop
off
with
this
docker
server
mobile
and
it's
it's
in
the
long
run,
it's
beneficial
for
as
as
upstream
kubernetes
developers
as
we
don't
have
to
maintain
that
part
of
the
code
and
more
and
more
features
that
used
to
you
know
break
that
part
of
the
code.
A
Now
that
would
be
a
head
deck
for
us
so
hope
this
wasn't
wick
was
on
1.2
for
release.
It
goes
smooth
for
you
and
you
are
adapting
well
to
the
docker
similar
weapon.
Thank
you.
That's
all
from.