-
-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarity around dockershim and CRI #899
Comments
ref an inbound FAQ Kubernetes is planning to publish: kubernetes/website#25360 |
Thanks Stephen |
Anytime, bud! 💕 |
Also, sent a note to the community to chat about how we can improve comms in future: https://groups.google.com/g/kubernetes-dev/c/B0mPMpDLVk4 |
I think you meant this link: coreos/fedora-coreos-tracker#767 for the Fedora CoreOS tracking issue. |
Considering Fedora CoreOS now has |
Flatcar Linux will move to |
@dghubble Not yet for Fedora CoreOS? Edit: Allright, this coreos/fedora-coreos-tracker#767 (comment) kind of answers my question but specifically for |
Yeah, there is still a large gap between getting |
* Migrate from `docker-shim` to `containerd` in preparation for Kubernetes v1.24.0 dropping `docker-shim` support * Much consideration was given to the container runtime choice. #899 provides relevant rationales
Hey folks. Typhoon for Fedora CoreOS will soon move from BackgroundKubernetes uses the Container Runtime Interface (CRI) to interact with container runtimes ( The pluggable abstraction was a success. Kubernetes decoupled itself from Docker, while Typhoon has used Kubernetes v1.24Kubernetes v1.24 will remove support for Fedora CoreOSFedora CoreOS (FCOS) is a container optimized distro. Today FCOS ships cri-oRed Hat emphasizes However, the decision is about the holisitic experience and about what I trust to run my own clusters and what's best for the distro. Concerns
Thematically, I'm sad to see containerdFedora CoreOS implicitly already ships Concerns
Mitigating Factors
FutureOn Fedora CoreOS, Flatcar LinuxFlatcar Linux officially supports both Notes
|
Thanks for providing clarity in your position and clearly stating the reasoning. While I'm disappointed about the decision as it stands, I hope to one day have the CRI-O packaging in a position that would cause you to reconsider.
Obviously there is a lot of work to do before this, but I would consider pushing the CRI-O community to release in a more timely manner--possibly even defining a SLA so we're guaranteed to release within e.g. 3 days of a kubernetes release. |
Small correction: This isn't the case. OpenShift (OCP) ships cri-o as part of RHEL CoreOS (and the same is currently the case for OKD, where FCOS is rebased to an OKD-specific rpm-ostree that includes cri-o): |
@LorbusChris thanks for the correction on how RHEL CoreOS / OKD include |
* Migrate from `docker-shim` to `containerd` in preparation for Kubernetes v1.24.0 dropping `docker-shim` support * Much consideration was given to the container runtime choice. #899 provides relevant rationales
This is already in the OS as a dependency of moby-engine, but Typhoon is now also relying on this and likely other people deploying Kubernetes on top of FCOS. Unlike cri-o, the versioning of containerd wrt CRI is less tight, which makes baking it into the host easier. Things may change here in the future, and it's likely we will recommend cri-o as an alternative runtime for k8s eventually. But for now, let's at least be more explicit that we're shipping containerd. For more information, see: coreos/fedora-coreos-tracker#767 poseidon/typhoon#899 (comment)
This is already in the OS as a dependency of moby-engine, but Typhoon is now also relying on this and likely other people deploying Kubernetes on top of FCOS. Unlike cri-o, the versioning of containerd wrt CRI is less tight, which makes baking it into the host easier. Things may change here in the future, and it's likely we will recommend cri-o as an alternative runtime for k8s eventually. But for now, let's at least be more explicit that we're shipping containerd. For more information, see: coreos/fedora-coreos-tracker#767 poseidon/typhoon#899 (comment)
This is already in the OS as a dependency of moby-engine, but Typhoon is now also relying on this and likely other people deploying Kubernetes on top of FCOS. Unlike cri-o, the versioning of containerd wrt CRI is less tight, which makes baking it into the host easier. Things may change here in the future, and it's likely we will recommend cri-o as an alternative runtime for k8s eventually. But for now, let's at least be more explicit that we're shipping containerd. For more information, see: coreos/fedora-coreos-tracker#767 poseidon/typhoon#899 (comment)
* Migrate from `docker-shim` to `containerd` in preparation for Kubernetes v1.24.0 dropping `docker-shim` support * Much consideration was given to the container runtime choice. poseidon#899 provides relevant rationales
This is already in the OS as a dependency of moby-engine, but Typhoon is now also relying on this and likely other people deploying Kubernetes on top of FCOS. Unlike cri-o, the versioning of containerd wrt CRI is less tight, which makes baking it into the host easier. Things may change here in the future, and it's likely we will recommend cri-o as an alternative runtime for k8s eventually. But for now, let's at least be more explicit that we're shipping containerd. For more information, see: coreos/fedora-coreos-tracker#767 poseidon/typhoon#899 (comment)
This is already in the OS as a dependency of moby-engine, but Typhoon is now also relying on this and likely other people deploying Kubernetes on top of FCOS. Unlike cri-o, the versioning of containerd wrt CRI is less tight, which makes baking it into the host easier. Things may change here in the future, and it's likely we will recommend cri-o as an alternative runtime for k8s eventually. But for now, let's at least be more explicit that we're shipping containerd. For more information, see: coreos/fedora-coreos-tracker#767 poseidon/typhoon#899 (comment)
Due to some sensationalistic messaging from upstream tweeters, there is a need to reassure end-user folks about docker.
Kubernetes uses the Container Runtime Interface (CRI) to interface with the container runtimes (dockershim+dockerd, containerd, cri-o). By default, the Kubelet provides a "dockershim" to interface with the dockerd daemon (which itself doesn't implement CRI). "Docker" consists of both the
dockerd
daemon andcontainerd
(which implements most of the core bits of what folks think of as docker) which is both a subcomponent and also a CRI implementation. Fedora CoreOS and Flatcar Linux providedockerd
(and thereforecontainerd
as well).In v1.20, Kubelet will emit a warning log about the dockershim being removed in the future (possibly v1.22). This is intended as a message to distro authors, not end-users. Kubernetes will continue to run container images, you can continue to build/develop container images with docker, write Dockerfiles, etc. End-users can stop reading/worrying now. The upstream Kubernetes motive is that it is simpler to just call
containerd
directly, rather thandockershim+dockerd
(which then usescontainerd
).Typhoon (as of v1.20.4) uses the Kubelet default dockershim wrapping the host's
dockerd
, will continue to in v1.20, and will internally switch to callingcontainerd
when it is safe to do so. However, the CRI interface (alpha2
) is still evolving towardv1
(kubernetes/kubernetes#96325 (comment)) and OSes will need to ship newcontainerd
releases for that event. Unlike Kubernetes bundling "dockershim" to handle compat with many DockerCE versions, Kubernetes CRI must be kept compatible with the hostcontainerd
CRI version, so it is advantageous to wait until these spec versions are sorted out.containerd
(orcri-o
)containerd
must stay ahead)Related:
The text was updated successfully, but these errors were encountered: