Hello everyone,
My question is related to the deprecation of the Docker runtime.
I am working on an application that runs on kubernetes (k3d in local development, and an organization-managed kubernetes in staging/production).
One part of this application pulls an image at runtime and executes it (among other things). To do that, I use a pod that looks like the following (I simplified it to keep only the relevant fields) :
apiVersion: v1
kind: Pod
metadata:
# ...
spec:
containers:
- image: <our private image (which contains the docker CLI, not the engine)>
name: <private container name>
- image: docker:dind
name: <docker daemon container name>
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/docker
name: docker-graph-storage
volumes:
- emptyDir: {}
name: docker-graph-storage
During its execution (and only when necessary), the “private” container connects to the docker daemon and essentially (but not exactly) executes docker run <another image>
(and sends input/retrieves files with docker cp
).
My question is : Is this approach affected by the deprecation of the Docker runtime, as it uses “docker:dind + privileged” ? My bet would be that it’s not, but I’d like to be sure.
Thanks in advance for your answers !
Note : I know this is a very edgy case, and that other solutions might be better. I’m open to suggestions/criticisms, but I’d like to avoid changing this part of the app if possible.