Why K8S removed support of Docker?

Acronyms Used:

• CT → Containerization Tool
• OCI → Open Container Initiative
• CRI → Container Runtime Interface
• K8S → Kubernetes

Back in 2014, when Kubernetes was introduced it only provided support for the legendary CT named “Docker”. In the same year a tool called libcontainer was launched and its objectives were to create processes into isolated environments and manage their lifecycle.

Moving forward more CT came up such as rkt, CRI-O, etc that made Kubernetes team to develop a “container runtime interface”(CRI) based on OCI that can support multiple CT. However, because Docker was introduced before K8S, it does not support this OCI. As a result, the K8S team produced dockershim — a solution to support Docker.

What is a OCI?

• When multiple CT were introduced community felt a need of a set of rules and standard that can be followed by all CT. Then OCI was introduced that has two specification (I) Runtime Specification (II) Image Specification.
• Runtime Specification → this specification outlines how to run a “filesystem bundle” that is unpacked on disk.
• Image Specification → this specification is to enable the creation of interoperable tools for building, transporting, and preparing a container image to run.
• At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.
• The libcontainer project was donated to OCI and the first standardized runtime following the runtime-spec was created — runc

RUNC

• runc is a low level container runtime supported by all CT and K8S CRI. Let’s take a look on the below image

Credit → KIRILL

• runc doesn’t support image spec that is runc run busybox:latest can not be executed instead it needs the filesystem bundle(Filesystem bundle is what you get when you download the container image and unpack it) and a config.json that describe how to unbundle the filesystem to create a container. Containerd and docker works on top of runc and resolve this image spec issue.
• runc also provides command to start, pause, stop and delete the container.

— — —

The image shows that Docker uses Containerd as a daemon behind the hood and that supports the K8S OCI specifications. As a result, the K8S community disabled Docker shim and Docker support by default.

Before Kubernetes v2.4

Even if you install docker and Kubernetes > V2.4, K8S will use Containerd as CRI.

ContainerD

• Containerd also comes with a CLI tool called ‘ctr’ which is mainly used for debugging purpose. It doesn’t have commands what Docker have and to resolve this another CLI tool called ‘nerdctl’ was introduced which is capable of doing what docker can do.

K8S CRI

• It also comes with a CLI tool called ‘crictl’ and has similar commands to docker. It needs to be installed separately.

Thanks for reading!!!

References

• https://mkdev.me/posts/the-tool-that-really-runs-your-containers-deep-dive-into-runc-and-oci-specifications
• https://blog.quarkslab.com/digging-into-runtimes-runc.html
• https://github.com/opencontainers/image-spec