Kubernetes is deprecating Docker as a container runtime after v1.20. But nobody cares. Why? Because images built with Docker will keep working on Kubernetes.
So does images created with Podman and most of the other build tools around. Why? Because of the great standardization effort called OCI!
OCI contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec).
But there is no such thing as Container Specification! I.e no one tells you what a standard container should look like. Only what a tool running containers should look like - the runtime.
There is a dominating OCI-compliant container runtime called runc. It used to be a part of Docker, but it's a standalone tool and project now. Containers created via runc are based on Linux namespaces and cgroups.
There is an alternative but similar runtime called crun. Same thing, but written in C.
However, there is also a gVisor project with a tool called runsc which also an OCI-compliant runtime. And a user-space Linux kernel implementation at the same time! Mind-blowing.
But there is more! Kata containers project offers an OCI-compliant runtime that is Hypervisor-based! I.e Kata containers are rather traditional (well, probably more lightweight) virtual machines!
By the way, the main difference between containers and VMs was supposed to be a virtualization layer. VMs provide hardware virtualization. Containers - operating system virtualization. But Kata containers are VMs. Wait, what?! 🤯
Getting back to the benefits of standardization. Kubernetes defines its own standard of container runtime - Container Runtime Interface (CRI). It's more high-level thingy than OCI runtime-spec. It also introduces the concept of Pod.
Kubelet (a Kubernetes node agent) can work with any CRI-compliant runtime. Containerd - is a CRI-compliant runtime. CRI-O is a CRI-compliant runtime. Docker is not. At least for now.
Both Containerd and CRI-O (theoretically) can operate any OCI-compliant runtime under the hood. Hence, kubelet -> CRI-O -> Kata runtime is a totally viable setup making VM-based Pods a reality. Standardization rules!
Kubernetes is a Distributed Operating System (thread):
1. One of the primary goals of a traditional operating system (e.g Linux) is to share a machine's resources between apps. While "Kubernetes is all about sharing machines between applications."
2. An operating system gives you a handy way to launch your apps. So does Kubernetes.
3. An operating system gives you a handy way to install apps. So does Kubernetes (through raw YAML or a package manager like Helm).
2.1. Networking on a single Node. How containers communicate within a Pod, how Pods talk to each other within a Node. Long story short, it's all about Linux namespaces and network virtualization capabilities.
2.2. Cross-node Pod-to-Pod networking. Kubernetes demands that every Pod should get its own IP. But it doesn't say how. Makes sense actually, because it's highly infra-specific. Use a plugin like Flannel or Calico instead. Keyword - overlay networks.