Is there a simple guide to Dockershim deprecation?

Question

Developers in our company create Dockerfiles, these are built in an EKS pipeline and pushed to ECR.

They are then deployed to an EKS cluster.

We will have to upgrade the version of Kubernetes soon.

Are there any simple guides saying what needs doing to avoid problems with Dockershim deprecation.

I've read this https://docs.aws.amazon.com/eks/latest/userguide/dockershim-deprecation.html but this is not a 5 minute task.

It seems like you have to check your workloads to see if they're using the Docker socket using a plug-in: https://github.com/aws-containers/kubectl-detector-for-docker-socket

How does that deal with workloads that ran in the past but aren't currently running.

Or workloads that will run in the future?

Answer 1

Developers shouldn't have to do anything. Normal Docker images and registries will still work fine even if Kubernetes isn't using Docker proper under the hood. If your developers write Kubernetes manifests themselves, these are also completely unchanged.

You highlight the Docker socket. As a developer, that's not something you should try to gain access to in Kubernetes, for a couple of reasons (you can compromise the node and other workloads; you can overload a node by bypassing the Kubernetes scheduler; unmanaged containers aren't visible through kubectl or similar tools). Use the Kubernetes API instead. I'm not aware of an easy way to check for it beyond grepping through Kubernetes manifests.