Alauda Container Platform

Choosing a Container Runtime

TOC

Overview

Container Runtime is a core component of Kubernetes, responsible for managing the lifecycle of images and containers.

When creating clusters through the platform, you can choose either Containerd or Docker as your runtime component.

Note: Kubernetes version 1.24 and above no longer officially supports Docker runtime. The officially recommended runtime is Containerd. If you still need to use Docker runtime, you must first enable cri-docker in the feature gate before you can select Docker as the runtime component when creating a cluster. For details on using feature gates, see Feature Gate Configuration.

Quick Selection Guide

Choose ContainerdChoose Docker
  • Shorter call chain
  • Fewer components
  • More stable
  • Consumes fewer node resources
  • Supports docker-in-docker
  • Allows use of docker build/push/save/load commands on nodes
  • Can call Docker API
  • Supports docker compose or docker swarm

Differences Between Docker and Containerd

Common Commands

ContainerdDockerDescription
crictl psdocker psView running containers
crictl inspectdocker inspectView container details
crictl logsdocker logsView container logs
crictl execdocker execExecute commands in container
crictl attachdocker attachAttach to container
crictl statsdocker statsDisplay container resource usage
crictl createdocker createCreate container
crictl startdocker startStart container
crictl stopdocker stopStop container
crictl rmdocker rmRemove container
crictl imagesdocker imagesView image list
crictl pulldocker pullPull image
Nonedocker pushPush image
crictl rmidocker rmiDelete image
crictl podsNoneView pod list
crictl inspectpNoneView pod details
crictl runpNoneStart pod
crictl stoppdocker imagesView images
ctr images lsNoneStop pod
crictl stoppdocker load/saveImport/export images
ctr images import/exportNoneStop pod
ctr images pull/pushdocker pull/pushPull/push images
ctr images tagdocker tagTag images

Call Chain Differences

  • Docker as Kubernetes container runtime has the following call relationship:

    kubelet > cri-dockerd > dockerd > containerd > runC

  • Containerd as Kubernetes container runtime has the following call relationship:

    kubelet > cri plugin (in containerd process) > containerd > runC

Summary: Although dockerd adds features like swarm cluster, docker build, and Docker API, it can introduce bugs and adds an extra layer in the call chain. Containerd has a shorter call chain, fewer components, greater stability, and consumes fewer node resources.

Log and Parameter Comparison

ComparisonDockerContainerd
Storage PathWhen Docker serves as the Kubernetes container runtime, container logs are stored by Docker in directories like /var/lib/docker/containers/$CONTAINERID. Kubelet creates symbolic links in /var/log/pods and /var/log/containers pointing to the container log files in this directory.When Containerd serves as the Kubernetes container runtime, container logs are stored by Kubelet in the /var/log/pods/$CONTAINER_NAME directory, with symbolic links created in the /var/log/containers directory pointing to the log files.
Configuration ParametersSpecified in the Docker configuration file:
"log-driver": "json-file",
"log-opts": {"max-size": "100m","max-file": "5"}		Method 1: Specified in kubelet parameters:
--container-log-max-files=5
--container-log-max-size="100Mi"
Method 2: Specified in KubeletConfiguration:
"containerLogMaxSize": "100Mi",
"containerLogMaxFiles": 5,
Saving Container Logs to Data DiskMount the data disk to "data-root" (default is /var/lib/docker).Create a symbolic link /var/log/pods pointing to a directory under the data disk mount point.

CNI Network Comparison

ComparisonDockerContainerd
Who Calls CNIcri-dockerdcri-plugin built into Containerd (after containerd 1.1)
How to Configure CNIcri-dockerd parameters --cni-conf-dir --cni-bin-dir --cni-cache-dirContainerd configuration file (toml):
[plugins.cri.cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"