You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From Gardener side, the docker binary is no longer used/required on a Shoot Node: gardener/gardener#4673.
As Gardener no longer requires docker, we should no longer install and enable it due to security reasons.
Pay attention that the change might be breaking for end users and it has to be coordinated with them somehow - via announcement and/or feature gate. See gardener/gardener-extension-os-gardenlinux#221 (comment)
The breaking part would be that end user might want to rely on docker to be enabled for usage outside of Kubernetes (not recommended).
Why is this needed:
Faster machine boot, we would no longer install docker on the fly
How to categorize this issue?
/area os
/kind enhancement
What would you like to be added:
Right now, os-coreos as part of the init OperatingSystemConfig has:
gardener-extension-os-coreos/pkg/controller/operatingsystemconfig/actuator.go
Line 122 in bb5c534
docker
is being enabled and restarted.Similar to the reasoning in gardener/gardener-extension-os-gardenlinux#221:
As Gardener no longer requires
docker
, we should no longer install and enable it due to security reasons.Pay attention that the change might be breaking for end users and it has to be coordinated with them somehow - via announcement and/or feature gate. See gardener/gardener-extension-os-gardenlinux#221 (comment)
The breaking part would be that end user might want to rely on docker to be enabled for usage outside of Kubernetes (not recommended).
Why is this needed:
The text was updated successfully, but these errors were encountered: