►
From YouTube: Docker we still love you
Description
With dockershim removal scheduled in v1.24 release of Kubernetes, there have been a lot of confusion regarding this. In this talk, I will majorly discuss the "why dockershim removal" was necessary and discuss how the "shim" and container runtime are quite unrelated will further focus on the container ecosystem and the readily available options.
The talk will also focus on how CRI makes it easier for Kubernetes to use different container runtimes. It will include adequate links to available resources to help people understand the migration and make necessary changes.
A
This
means
is
defective
of
what
happened
last
year.
When
you
know
docker
announced
it
is
deprecating
a
docker
ship.
You
know,
and
there
was
a
havoc
along
the
depths
community,
especially
the
sre
and
devops.
They
thought
and
those
people,
especially
who
weren't
aware
about
things
like
container
run
time,
oci
and
other
things
they
thought
you
know.
A
So,
in
this
talk
I'll
give
you
a
context
of
what
is
what
is
happening
and
how
you
know
this.
Whole
things
are
interlinked
how
cubelet
talks
to
containers
and
how
they
occur.
In
turn,
orchestrate
helps
in
orchestration
of
cuban
the
occupation
of
the
containers
for
communities.
We
will
be
seeing
what
is
what
is
happening
in
communities
1.24
and
there's
no
need
to
panic,
it's
time
to
adapt
and
the
resources.
A
So,
as
we
know
at
the
lower
layers
at
the
lowest
layers,
the
fundamental
accumulation
node
is
the
software
that,
among
other
things,
starts
and
stops
contacting
the
basic
things
and
the
thing
that
does
this.
We
call
this
container
run
time.
Basically,
and
you
know,
tubelet
communicates
with
the
container
run
time
over
unix
sockets,
using
grpc
framework,
where
cubelet
acts
as
a
client
and
cra
seem
acts
as
a
server
and
inherently
when
docker
started
doc.
The
docker
started.
It
was
a
monolithic
service
and
kubernetes.
A
When
it
started,
docker
was
the
only
container
runtime
that
was
prevalent
in
the
market,
so
they
came
up
with
something
called
docker
shim
to
support
the
container
runtime
interface
for
docker,
because
docker
inherently
didn't
hide.
This
container
runtime
interface,
but
with
you
know,
with
more
and
more
container
runtime
container
runtimes
coming
up
in
kubernetes
1.5
release,
with
the
reason
of
being
more
inclusive,
providing
developers
more
options
of
using
various
container
runtimes.
A
A
As
I
have
said,
you
know
modulated
tool
that
contained
the
ability
to
set
up
containers
along
with
a
myriad
of
developers,
tool,
including
you
know,
cli
logging,
storage
management,
network
building
tools
and
many
other
features
outside
the
core
capacity
to
create
a
container
and
in
the
vein
of
unix
philosophy.
However,
docker
eventually
broke
up.
You
know
these
components
and
contributed
the
container
d.
A
If
you
could
see
in
the
first
thing,
this
container
d
is
the
container
runtime
component
of
docker
and
it
has
been
developed
as
an
open
source
project
and
have
been
donated
to
cncf,
so
the
default
configuration
in
kubernetes
kept
docker
as
the
abstraction
layer
on
the
top
of
continuity.
As
as
we
started,
you
know.
As
I
say
in
initial
days,
we
used
docker
as
the
abstraction
layer
on
top
of
alternative,
which
in
turn
was
an
abstraction
layer.
A
On
top
of
parenthesis,
this
additional
layers
and
all
of
the
additional
layers
that
docker
includes
obviously
creates
maintenance,
attack,
headaches,
significant
overhead
and
larger
attack
surface
of
exploits,
and
this
is
not
ideal
in
the
future
environment.
But
teams
are,
you
know,
deploying
code
multiple
times
a
day,
so
the
additional
layer
also
introduces
serious
security
implications
and,
at
the
same
time
of
when
other
container
runtimes
begin
popping
up,
kubernetes
maintainer
came
up
with
this
standard
called
the
container
runtime
interface
in
the
1.5
version,
which
you
prompt
in
the
last
slide.
A
That
would
be
a
common
language
for
communication
between
cubelets
and
container
runtimes
and
as
docker
wasn't
compliant
with
the
standard
it
required.
A
middle
layer
sim
to
operate,
obviously
that's
the
reason
why
docker
sim
is
there
and
if
it
would
have
inherently
supported
this
cri,
we
wouldn't
have
needed
this
document
and
you
know
kubernetes
and
container
demand
maintainers,
and
it
is
here.
A
I
seem
for
communities
to
talk
directly
to
content
id
which
you
could
find
in
container
d
1.0,
so
this
allowed
now
this
allowed
kubernetes
to
cut
out
docker
and
use
container
directly,
so
this
technically
reduce
the
container
capabilities.
Obviously,
the
the
reason
why
docker
is
famous
among
developers
is
its
other
capabilities
of
logging
and
the
cli.
It
provides
inherent
cli
and
other
things,
but
you
know
those
capabilities
are
quite
unnecessary
for
an
orchestration
tool
like
communities,
because
you
know,
containers
managed
by
communities,
for
example,
does
doesn't
need
access.
A
However,
cri
sim,
you
know
this,
this
demon
added
another
complexity
and
another.
You
know
attack
surface
for
so-called
developers,
so
you
know
how
this
thing
functioned
in
container
d.
1.0
is
you
know
this
daemon
called
cra
container
d
was
required
to
operate
between
cubelet
and
cartel
d
and
cri
continuously
handled
the
container
runtime
interface
service,
requests
from
cubelet
and
used
container
d
to
manage
containers
and
category
images
correspondingly
so
compared
to
docker
sim,
you
know
docker
sim,
the
docker
cr
implementation.
A
This
eliminated
one
extra
hop
up
stack,
but
in
container
continuity,
1.1,
which
came
up
after
you
know
in
2016
cryo.
When
came
up
with
an
alternative
to
docker.
It
jumped
ahead
of
the
continuity's
evolution,
evolution
and
included
a
native
cra
plug-in
from
the
beginning,
and
following
this
in
continental
1.1,
you
will
find
the
cra
container.
D1
is
now
refactored
to
be
a
container
dcra
plug-in.
You
know
aligning
with
what
cryo
came
up,
so
this
cra
plugin
interacts
with
container
d
through
direct
function
calls.
A
So
this
new
architecture
makes
the
integration
more
stable
and
efficient
and
eliminates
another
grpc
hop
in
the
stack
and
user
can
now
use
kubernetes
and
container
d
1.1
or
cryo
directly.
You
know-
and
you
know,
kubernetes
talks
directly
via
the
cri
to
pull
an
image
launch
the
low
level
runtime
to
set
up
name
spaces
c
groups,
root
file,
system,
storage.
Everything
you
know
could
be
done
directly
from
cubelet
to
the
abstraction
level
of
continuity
and
cri
and
cryo
through
this
cra
plugin.
That
has
come
up
with
so
now
we
need
to
understand.
A
You
know
this
container,
runtime
and
container
built
environment
are
completely
different
things.
You
know
we
can
still
build
our
container
on
docker
and
it
it
can
still,
you
know,
run
on
different
environment
and
any
any
container
that
is
oci
compliant
would
be
able
to
would
be
able
to
be
supported
by
orchestration
tools
like
communities.
A
This
again,
you
know,
as
I
said
in
the
first
slide
as
soon
as
humanity's
announced
docker
sim
removal,
folks
that
were
unaware
of
oci
and
cry.
You
know
this
thing
basically
came
up.
You
know
docker
produced
images.
What
will
happen
to
them?
This
was
the
question.
Will
it
continue
to
work
in
your
cluster
with
all
the
runtimes?
A
Yes,
it
will
will
be
able
to
work
and
because,
because
of
what
work
docker
has
done,
along
with
other
foundations,
to
build
this
open
container
initiative,
you
know,
which
is
an
open
governance
structure
for
express
purpose
of
creating
open
industry
standards
for
container
formats
and
run
times,
so
it
was
established
by
docker
in
2015,
and
everyone
follows
the
runtime
specification
and
the
image
specification,
and
you
know
these
these
two
paragraphs.
Basically,
I
took
it
directly
from
the
ocm
website
to
introductory
paragraphs.
A
A
So
when
we
talked
about
you
know,
docker
docker,
which
started
as
a
monolithic
tool,
started
to
scale
itself
and
build
different
parts
of
it.
So
container
d
became
the
container
runtime
part
of
the
docker,
which
was
you
know,
donated
to
cncf,
and
it's
an
open
source
project
and
shifting
from
native
docker
engine
to
container
d
won't
be.
A
You
know
much
of
a
change
for
for
you
or
for
any
kubernetes
users,
especially
for
the
folks
who
have
who
are
you
know
using
enterprise
kubernetes
like
from
aws
from
gcp
from
vmware
or
red
hat.
They
did
not
have
to
worry
because
they
have
this
default
option
of
converting
their
clusters
or
putting
container
d
by
default
in
their
clusters,
and
even
these
enterprise
folks
are
making
people
aware
you
know,
and
we,
as
communities
of
student
debt
community
are
trying
to
put
up.
A
Surveys
know
how
much
prepared
everyone
for
this
docker
simulator.
So,
yes,
as
I
said,
you
know
migrating
from
docker
sim
to
other
cris.
We
have.
We
have
direct
technical
blogs
which
no
technical
documentation
which
highlights
the
processes.
You
need
to
shift
your
node
from
docker
engine
to
cryo
or
container
d,
how
to
drain
the
node
or
you
know,
stop
the
node
and
shift
from
one
docker
engine
to
other
cris.
A
A
So
there
are
a
few
differences
around
the
edges
which
you
need
to
take
care
of,
like
logging
configuration,
runtime
resource
limitations,
node
provisioning
scripts
that
called
docker
or
used
blocker
wires
control,
socket
cube,
ctl
plug-ins
that
require
docker
cli,
basically,
which
is
an
added
feature
to
docker
on
top
of
the
controller
abstraction.
So
the
configuration
of
functionality
like
registry
mirrors
and
insecure
registries
other
support
scripts.
So
these
whole,
all
things
are
mentioned
in
the
updated
faqs
of
our
document,
application
that
is
available
in
kids.io
website.
A
So
you
don't
have
to
worry
about
docker
removal
now,
if
you
have
already
sticked
to
so,
you
need
to
check
whether
docker
synthetication
affects
you
or
not,
and
this
block
is
very
important
for
everyone,
and
there
is
an
list
of
our
articles
on
docker,
sim
removal
and
on
using
other
cri
compatible
runtimes.
Those
are
available
in
case.I
o
website,
so
we
saw
you
know
how
a
container
runtime
is
evolving
with
time
with
container
technologies
are
evolving.
A
New
and
new
container
runtimes
are
coming
up
and
using
container
runtime
interface,
cri
plug-in
kubernetes
could
interact
with
any
oci
compliant
containers,
and
until
this
oci
compliant
containers
are
present
in
the
market
or
are
coming
up,
you
need
not
worry
about
what
will
happen
to
your
clusters.
You
know
it.
It
won't
stop.