Docker vs containerd: Which Runtime Should Power Your Next Cloud‑Native Apps?
This article introduces containerd, compares its features, architecture, data directories, logging, CNI integration, stream services, commands, and namespaces with Docker, and helps you decide which container runtime best fits your Kubernetes deployments.
Introduction
Docker is well known, so the article focuses on containerd. The official description from GitHub says:
containerd is an industry‑standard container runtime with an emphasis on simplicity, robustness and portability.
It is available as a daemon for Linux and Windows,
which can manage the complete container lifecycle of its host system: image transfer and storage,
container execution and supervision, low‑level storage and network attachments, etc.In short, containerd is a simple, robust, portable runtime that works on both Windows and Linux and manages the full container lifecycle.
Features
Supports OCI image format
OCI container runtime
Image push and pull
Container lifecycle management
Multi‑tenant image storage
Network management and namespace support, allowing containers to join existing namespaces
Comparison
The article compares Docker and containerd from several angles.
Call chain
When using Kubernetes, the call chain with Docker includes the dockershim layer, while containerd shortens the chain by removing dockershim.
Data directory
Docker stores data in /var/lib/docker, whereas containerd uses /var/lib/containerd.
Logging
With Docker, the Docker daemon writes container logs and links them under /var/log/pod and /var/log/container. With containerd, kubelet handles log files, linking /var/log/container to /var/log/pod, and log configuration is done via kubelet.
CNI
Docker relies on the docker‑shim in kubelet to invoke CNI plugins, while containerd uses the built‑in containerd‑cri component.
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"Stream services
Kubernetes commands like kubectl exec and kubelet log require stream services. Docker’s shim forwards streams via the Docker API; containerd needs explicit configuration.
[plugins."io.containerd.grpc.v1.cri"]
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_tls_streaming = falseCommands
Typical commands differ. For example:
List containers: docker ps -a vs ctr c list or ctr task list List images: docker images vs ctr images list containerd also supports the nerdctl tool, which provides Docker‑compatible commands using namespaces.
Namespaces
containerd introduces namespaces, allowing multiple users to share the same daemon without conflicts. Commands must include the -n flag to specify a namespace.
Namespaces allow multiple consumers to use the same containerd without conflicting with each other.
It has the benefit of sharing content but still having separation with containers and images.Conclusion
containerd and Docker differ in many aspects, but both aim to run containers. The choice between them in a Kubernetes environment depends on specific requirements and preferences.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Ops Development Stories
Maintained by a like‑minded team, covering both operations and development. Topics span Linux ops, DevOps toolchain, Kubernetes containerization, monitoring, log collection, network security, and Python or Go development. Team members: Qiao Ke, wanger, Dong Ge, Su Xin, Hua Zai, Zheng Ge, Teacher Xia.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.