Questions concerning Dockershim Deprecation

I have a few questions concerning the Dockershim Deprecation

  1. If I understand correctly, deprecating the dockershim means that I’ll need to have a different container runtime installed on my nodes. If this is correct, Can I have dockerd and another container runtime installed on my node? I’m asking because I want to understand if I’ll still be able to use DooD (docker outside of docker) container on my cluster?

  2. If the answer for question number is no (and I’ll be glad to understand why), will I still be able to use DinD (docker inside of docker) on my cluster? I understand that privileged flag is not recommended (although I read that there’s an option to use with this flag) but still would like to know if it’ll still work and if not why

You can continue to use docker, but you’ll have to configure k8s to use cri-dockerd (essentially an external CRI for docker)

You can also have multiple runtimes on the same host if you like. Docker actually uses containerd under the hood.

Not exactly DinD, but you can run a runtime within a runtime if you want to. It just takes some time to tease out what needs to be mounted into the container for it to work correctly.

Why wouldn’t I be able to use DinD? From what I understand, DinD doesn’t need to mount anything from the host in order to run properly. When it is in privileged mode, it has access to the host’s kernel but I’m not sure if what it uses there, has to do with docker installation on the host.

BTW, I had a typing error in my first message. What I meant inside the parentheses is that there’s an option to run DinD not in privileged mode. https://github.com/nestybox/sysbox

But if I can have both containerd and docker on my cluster’s hosts, I can basically use docker in my cluster even without DinD. I can, just, mount the docker.sock to my container

Thanks a lot for the answer!