Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider removing the enablement of the docker unit #151

Open
ialidzhikov opened this issue Dec 17, 2024 · 0 comments
Open

Consider removing the enablement of the docker unit #151

ialidzhikov opened this issue Dec 17, 2024 · 0 comments
Labels
area/os Operation system related kind/enhancement Enhancement, improvement, extension

Comments

@ialidzhikov
Copy link
Member

How to categorize this issue?

/area os
/kind enhancement

What would you like to be added:
Right now, os-coreos as part of the init OperatingSystemConfig has:

systemctl enable docker && systemctl restart docker

docker is being enabled and restarted.

Similar to the reasoning in gardener/gardener-extension-os-gardenlinux#221:

From Gardener side, the docker binary is no longer used/required on a Shoot Node: gardener/gardener#4673.

As Gardener no longer requires docker, we should no longer install and enable it due to security reasons.

Pay attention that the change might be breaking for end users and it has to be coordinated with them somehow - via announcement and/or feature gate. See gardener/gardener-extension-os-gardenlinux#221 (comment)
The breaking part would be that end user might want to rely on docker to be enabled for usage outside of Kubernetes (not recommended).

Why is this needed:

@gardener-robot gardener-robot added area/os Operation system related kind/enhancement Enhancement, improvement, extension labels Dec 17, 2024
@ialidzhikov ialidzhikov changed the title Consider removing the enablement of the docker unit Consider removing the enablement of the docker unit Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/os Operation system related kind/enhancement Enhancement, improvement, extension
Projects
None yet
Development

No branches or pull requests

2 participants