Open in app

Sign in

Write

Sign in

Dockershim / Container Runtime Interface in the Context of Kubernetes.

Saurabh Kumar
3 min readJan 7, 2021

What is Shim?

As per Wikipedia: In computer programming, a shim is a library that transparently intercepts API calls and changes the arguments passed, handles the operation itself, or redirects the operation elsewhere.[1][2] Shims can be used to support an old API in a newer environment or a new API in an older environment. Shims can also be used for running programs on different software platforms than they were developed for.

Shims for older APIs typically come about when the behavior of an API changes, thereby causing compatibility issues for older applications that still rely on the older functionality; in such cases, the older API can still be supported by a thin compatibility layer on top of the newer code. Shims for newer APIs are defined as: “a library that brings a new API to an older environment, using only the means of that environment.”[3]

Why Kubernetes used Dockershim?

Kubernetes uses Container runtime interface(CRI) to talk with the container, as docker does not have any in-built CRI, Kubernetes used dockershim/shim as CRI to talk with docker container. The CRI of docker (a.k.a. dockershim) is part of kubelet code, runs as part of kubelet, and is tightly coupled with kubelet’s lifecycle.

The architecture is as below:

  • The dockershim is an alternate for Docker’s UX developed by Kubernetes to act as a bridge between Kubelet and Docker
  • Docker engine is used as container runtime on the Kubernetes worker nodes .
  • The Kubelet communicates the container creation request to dockershim through gRPC as they run on the same host.
  • Dockershim forwards the request to Docker daemon, which again rerouted to containerd to invoke the OCI binary(runC) with an OCI bundle to create a container.

Why the deprecation of Dockershim now?

Kubernetes planned deprecation and later removal of Dockershim in Oct 2020. The reasons are:

  • To promote open container initiative(OCI) and not to treat docker as a special one.
  • Make releases of kubelet and other Kubernetes services independent of docker releases.
  • The Kubernetes community can focus and move faster on the new container runtime-related enhancements after dropping dockershim.

Kubernetes is going to remove Dockershim completely after the 1.22 release.

What else?

Please refer to the Kubernetes FAQ(https://kubernetes.io/blog/2020/12/02/dockershim-faq/) for more details.

References:

Dockershim Deprecation FAQ

This document goes over some frequently asked questions regarding the Dockershim deprecation announced as a part of the…

kubernetes.io

kubernetes/enhancements

Items marked with (R) are required prior to targeting to a milestone / release. CRI: Container Runtime Interface - a…

github.com

Open Container Initiative

A workflow enabling reliability, security, and performance Developers are increasingly contributing to and consuming…

opencontainers.org

What developers need to know about Docker, Docker Engine, and Kubernetes v1.20 - Docker Blog

The latest version of Kubernetes Kubernetes v1.20.0-rc.0 is now available. The Kubernetes project plans to deprecate…

www.docker.com

Mirantis to take over support of Kubernetes dockershim | Mirantis

The rumors of dockershim's demise have been greatly exaggerated. If you follow the Kubernetes ecosystem, you may have…

www.mirantis.com

Docker
Kubernetes
Dockershim
Containers
Open Container Initiative

--

--

Saurabh Kumar

Written by Saurabh Kumar

7 Followers

DevOps enthusiast, mentor, love to travel, always in learning mode.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams