Understanding Container Runtimes in Kubernetes: Docker, containerd, and the CRI
Abu Bakkar Siddique
DevOps Engineer | AWS | Azure | Azure DevOps | GCP | Docker | Kubernetes | GitOps | Python | PowerShell | Bash | Terraform | Ansible | Linux
Many people think that Docker runs inside Kubernetes clusters. This is a common misunderstanding. In reality, Kubernetes uses containerd as its container runtime, not Docker.
What is containerd?
Containerd is a lightweight and efficient container runtime that manages the entire lifecycle of containers:
Where does containerd live in the cluster?
Containerd is installed on every node in the Kubernetes cluster. It runs in the background and works closely with the kubelet, which is the Kubernetes agent on each node. Together, they manage all the containers running on that node.
A bit of history
Originally, containerd was part of Docker. It was the core component responsible for running containers. In 2017, Docker decided to spin out containerd into a separate open-source project. This allowed containerd to become part of the Cloud Native Computing Foundation (CNCF) and the wider open-source community. By separating containerd from Docker, it became a standalone container runtime that other projects, like Kubernetes, could use directly.
领英推荐
Introduction to the Container Runtime Interface (CRI)
To support different container runtimes, Kubernetes introduced the Container Runtime Interface (CRI). The CRI is a plugin interface that allows Kubernetes to use any container runtime that implements it. This means Kubernetes doesn't need to know the details of the container runtime; it just communicates through the CRI. Containerd implements the CRI, which is why Kubernetes can use it directly without needing Docker.
Why isn't Docker needed?
Docker is a tool that includes many features for building and managing containers. However, Kubernetes only needs a container runtime to run containers. Containerd provides all the necessary functions without the extra features that come with Docker. Using containerd directly simplifies the system and improves efficiency.
Key Takeaway
Docker is not needed inside Kubernetes clusters. Instead, containerd handles all container operations on each node, communicating with Kubernetes through the CRI. Understanding this helps us better manage and optimize our Kubernetes environments.