Docker vs. containerd: A Comparison of Container Runtimes

Containers have become a popular way to package and run applications in isolated environments. Two major container runtimes are Docker and containerd. While Docker popularized containers, containerd is a lower-level runtime that Docker uses under the hood. Understanding the differences between the two can help developers pick the right runtime for their needs.

What is Docker?

Docker is an open-source platform that allows developers to build, share, and run applications within containers. Some key features of Docker include:

• Provides a client-server architecture to manage and run containerized applications. The Docker client talks to the Docker daemon which builds and runs containers.
• Includes Docker Hub for sharing container images. Developers can pull down images to use in their own containers.
• Automatically builds images via Dockerfiles. Dockerfiles define the steps to assemble an image.
• Manages resources and dependencies as containers are deployed from images.
• Provides an isolated environment for each container. Containers share the host OS kernel but run as isolated processes.

Docker makes it much easier for developers to create modular, portable applications that can run anywhere.

What is containerd?

containerd is a lower-level container runtime that Docker uses behind the scenes. containerd focuses on core container lifecycle operations like image transfer and storage, container execution, and supervision. Some key points about containerd:

• Designed to be a simple and stable runtime for managing containers. Prioritizes modularity and stability.
• Serves as a foundational runtime for Docker, Kubernetes and other container tools. These tools call on containerd to carry out core container actions.
• Connects to the OCI (Open Container Initiative) image format and runtime spec. This allows interoperability between container technologies.
• Focuses only on container execution, not building images or managing dependencies like Docker.
• Runs as a daemon on Linux and Windows systems. containerd daemons handle container actions.

containerd provides the core runtime functionality that Docker depends on to build and manage containers.

Key Differences Between Docker and containerd

While containerd powers key aspects of Docker, there are some notable differences between the two:

Scope - Docker provides a complete platform for containers including image building, distributed storage, networking, orchestration, etc. containerd is lower-level, focused only on container runtime actions.

Complexity - Docker aims to provide an easy-to-use tool for working with containers. containerd offers a minimal runtime with fewer features.

Deployment - Docker includes a daemon, CLI, and Hub. containerd is a daemon that other tools can leverage.

Portability - Docker traditionally relied on Linux-specific code, making Windows support difficult. containerd was designed for Linux and Windows portability.

Overhead - Docker's layered architecture introduces some overhead compared to the relatively low-footprint containerd runtime.

Docker provides a full suite of tools on top of containerd's runtime. Developers should choose Docker when they want an integrated container management platform. containerd is preferred when you want a minimal, portable container runtime to embed into other systems.

Docker kickstarted the container revolution by making it easy for developers to use containers. Under the hood, Docker relies on containerd's simple and stable runtime to actually pull, store, and run container images. containerd focuses on core container runtime actions while Docker builds a comprehensive management platform on top. Understanding the distinction helps developers pick the right technology for their use case.

Docker vs containerd: A Hands-on Tutorial

In this tutorial, we will walk through hands-on examples to understand the key differences between Docker and containerd. We will cover:

1. Running a container with Docker

First, we'll run a simple Docker container using the Docker CLI:

$ docker run -it ubuntu bash

root@d9b100f2f636:/#        

This pulls the ubuntu image and runs it interactively, dropping us into a bash shell. Docker handles downloading the image, creating the container, managing the filesystem, and starting the process.

Exit out of the container shell.

2. Understanding containerd

Next, let's run the same container with containerd.

First, make sure containerd is installed and running on your system:

$ sudo apt update
$ sudo apt install containerd
$ sudo systemctl start containerd        

containerd won't have access to images yet, so we need to pull the ubuntu image:

?$ ctr -n=k8s.io images pull docker.io/library/ubuntu:latest        

Now we can use ctr, the containerd CLI, to run a container:

$ ctr -n=k8s.io run --rm --tty docker.io/library/ubuntu:latest bash

root@2a88b5c80e4a:/#        

This looks very similar to Docker, but containerd is only handling container execution, not the image management, networking, storage, etc.

Exit out of the shell.

3. Layered architecture

In summary:

• Docker provides a complete container management platform.
• containerd focuses only on core container runtime operations.
• Docker layers on image management, networking, storage, etc to provide a full container environment.
• containerd just launches the isolated process using Linux namespaces and cgroups.

This layered architecture allows tooling like Docker to leverage containerd without reimplementing lower-level runtime code.

4. When to use each

Based on the differences, here are some guidelines on when to use each:

• Use Docker if you want an integrated container management solution.
• Use containerd if you need a minimal runtime embedded into your own tooling.
• Use Docker if you need advanced networking,volumes, image management, etc. \
• Use containerd if you only need basic container execution.

Conclusion

Docker and containerd both play important roles in the container ecosystem. Docker popularized containers with an easy-to-use toolchain for building, sharing and running containerized applications. Under the hood, Docker leverages containerd's robust container runtime to carry out lower-level storage, execution, and supervision of containers and images.

While Docker aims to provide a complete container management platform, containerd focuses specifically on industrial-grade container runtime operations. For end users looking for an opinionated, pre-packaged container solution, Docker remains the simplest option. But for platforms looking to tightly integrate containers, containerd offers a flexible and stable container runtime that avoids Docker's overhead and complexity. The two projects are also converging at the standards level around OCI image spec compliance.

Overall, Docker and containerd are complementary technologies. Understanding their differing roles and strengths allows developers to pick the right container engine for their use case. For a pre-built container platform, Docker shines. But for a robust embedded runtime, containerd fills that need. This division of responsibilities gives users greater choice in a heterogeneous container ecosystem.

?