Container Service for Kubernetes (ACK) supports the following container runtimes: containerd, Sandboxed-Container, and Docker. This topic compares these runtimes in terms of implementations, limits, and deployment architectures, to help you select a container runtime based on your business requirements and scenarios.
Comparison in terms of implementations and limits
Feature | containerd | Sandboxed-Container | Docker (discontinued maintenance) |
Feature | containerd | Sandboxed-Container | Docker (discontinued maintenance) |
Cluster types | ACK managed clusters ACK dedicated clusters ACK Edge clusters
| ACK managed clusters ACK dedicated clusters
| All types of of ACK clusters |
Kubernetes version | Kubernetes 1.32 and earlier | Kubernetes 1.32 and earlier | Kubernetes 1.22 and earlier |
Node type | | ECS Bare Metal instance | ECS instance |
Node operating system | ACK provides public images for operating systems, including: ContainerOS Alibaba Cloud Linux 3 Ubuntu Windows
For more information, see OS images. | Alibaba Cloud Linux Customized Edition | Alibaba Cloud Linux CentOS
|
Container engine | containerd | containerd | Docker |
Monitoring | Supported | Supported | Supported |
Log collection | Supported | Manual configuration of sidecar containers is required to support log collection. | Supported |
Stdout collection | Supported | Supported | Supported |
RuntimeClass | Not supported | Supported (runV) | Not supported |
Pod scheduling | No configuration is required. | You must configure pods based on the following rules: For Kubernetes 1.14.x, you must add the following configuration to the nodeSelector parameter:
alibabacloud.com/sandboxed-container: Sandboxed-Container.runv
For Kubernetes 1.16.x and later, no configuration is required.
| No configuration is required. |
HostNetwork | Supported | Not supported | Supported |
Node data disk | Optional | Required (at least 200 GiB) | Optional |
Network plug-in | | | |
Kube-proxy mode | | | |
Volume plug-in | CSI (excluding ACK Edge clusters) | CSI | CSI |
Container root file system | OverlayFS | OverlayFS with support for disk quotas | OverlayFS |
Note
You cannot deploy both Docker and Sandboxed-Container on the same node.
To deploy both Docker and Sandboxed-Container in the same cluster, you can create node pools that use different types of container runtimes.
For more information about the sidecar configuration, see Use CRDs to collect container text logs in Sidecar mode.
Comparison in terms of deployment architectures
Runtime | Deployment architecture |
Runtime | Deployment architecture |
Docker |
kubelet
└── dockerd
└── containerd
└── containerd-shim
└── runC containers
|
containerd |
kubelet
└── containerd
└── containerd-shim
└── runC containers
|
Sandboxed-Container V2 |
kubelet
├── (CRI) containerd
│ ├── containerd-shim
│ │ └── runC containers
│ └── containerd-shim-runv2
│ └── runV sandboxed containers
|
Comparison of the commonly used commands provided by Docker Engine and containerd
Docker uses Docker Engine for container lifecycle management. Sandboxed-Container uses containerd for container lifecycle management. Both runtimes provide their own unique CLI tools for managing images and containers. The following table describes the commonly used commands provided by Docker Engine and containerd.
Operation | containerd | Docker |
crictl (recommended) | ctr | docker |
Operation | containerd | Docker |
crictl (recommended) | ctr | docker |
Query containers | crictl ps
| ctr -n k8s.io c ls
| docker ps
|
Query container details | crictl inspect <container>
| ctr -n k8s.io c info <container>
| docker inspect <container>
|
Query container logs | crictl logs <container>
| N/A | docker logs <container>
|
Run commands in containers | crictl exec <container>
| N/A | docker exec <container>
|
Attach local stdin, stdout, and stderr to containers | crictl attach <container>
| N/A | docker attach <container>
|
Query resource usage statistics | crictl stats <container>
| N/A | docker stats <container>
|
Create containers | crictl create <container>
| ctr -n k8s.io c create <container>
| docker create <container>
|
Start containers | crictl start <container>
| ctr -n k8s.io run <container>
| docker start <container>
|
Stop containers | crictl stop <container>
| ctr -n k8s.io task pause <container> | docker stop <container>
|
Delete containers | crictl rm <container>
| ctr -n k8s.io c del <container>
| docker rm <container>
|
Query images | crictl images
| ctr -n k8s.io i ls <image>
| docker images
|
Query image details | crictl inspecti <image>
| N/A | docker inspect <image>
|
Pull images | crictl pull <image>
| ctr -n k8s.io i pull <image>
| docker pull <image>
|
Push images | N/A | ctr -n k8s.io i push <image>
| docker push <image>
|
Delete images | crictl rmi <image>
| ctr -n k8s.io i rm <image>
| docker rmi <image>
|
Query pods | crictl pods
| N/A | N/A |
Query pod details | crictl inspectp <pod name>
| N/A | N/A |
Start pods | crictl runp <pod name>
| N/A | N/A |
Stop pods | crictl stopp <pod name>
| N/A | N/A |