Skip to content

[Rancher] Operational Advisory, 20201210: Related to deprecation of dockershim in Kubernetes v1.20

This document (000020536) is provided subject to the disclaimer at the end of this document.

Resolution

Note:
This Rancher Labs operational advisory below was originally sent in December 2020.  It has been published here to continue SUSE Rancher customer conversations around this topic via support cases and for sharing any relevant updates around it.
For an update on this topic, please see [Rancher] Operational Advisory, 20220113: Related to removal of dockershim in Kubernetes v1.24.

Dear Rancher Customer,

This is an operational advisory from Rancher Support related to the deprecation of dockershim in Kubernetes v1.20

As announced on the official Kubernetes blog, the dockershim, which enables the use of the Docker Daemon as the container runtime in Kubernetes, will be deprecated with the upcoming Kubernetes v1.20 release.

What is dockershim?

The dockershim is built into Kubernetes to provide a Container Runtime Interface (CRI) compliant layer between the kubelet and the Docker Daemon. The shim is necessary because Docker Daemon is not CRI-compliant.

What does deprecation of dockershim in Kubernetes v1.20 mean?

The dockershim will only be deprecated in Kubernetes v1.20, and will not yet be removed from the kubelet. As a result, no immediate action needs to be taken and Kubernetes clusters can continue to operate with the Docker Daemon container runtime in Kubernetes v1.20. The only change at this time will be a deprecation warning printed in the kubelet logs when running on Docker.

What are Rancher's plans to ensure on-going container runtime support in future Kubernetes releases?

We are working on our roadmap to ensure that all Rancher provisioned clusters will continue to operate on a CRI-compliant runtime.

For existing RKE customers, users will continue to get Kubernetes updates until the shim is officially removed. The removal is currently targeted for late 2021 and will be supported with patches during the 12-month upstream maintenance window. Before the end of maintenance, we fully expect an upgrade path from RKE to RKE2.

Looking forward, containerd is already the default runtime in both K3s and RKE2, so any removal of dockershim will have zero impact on future releases. As with RKE, organizations currently using K3s with the Docker runtime will continue to get Kubernetes updates until the shim is officially removed. The dockershim deprecation schedule is tracked by the upstream Kubernetes community in Kubernetes Enhancement Proposal (KEP) 1985, Rancher will continue to keep you updated with related news on the roadmap from our product management, as well as information related to migration off of Docker.

Thanks,

Rancher Support Team

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.