All Products
Search
Document Center

Container Service for Kubernetes:Comparison of Docker, containerd, and Sandboxed-Container

Last Updated:Aug 23, 2023

Containers and images have become the industry standards for software packaging and delivery. Kubernetes has become a standard platform for building, developing, and managing containerized cloud-native applications. An increasing number of enterprises and customers choose to deploy their applications in Container Service for Kubernetes (ACK). ACK supports the following container runtimes: containerd, Docker, and Sandboxed-Container. This topic compares these runtimes in terms of implementations, limits, and deployment architectures. It also compares the commonly used commands provided by Docker Engine and containerd. This helps you select a container runtime based on your business requirements and scenarios.

Comparison in terms of implementations and limits

Feature

Containerd

Docker

Sandboxed-Container

Description

Cluster types

ACK managed clusters, ACK dedicated clusters, and ACK Edge clusters

All types

ACK managed clusters and ACK dedicated clusters

None

Kubernetes version

All versions

Kubernetes 1.22 and earlier

Note

We recommend that you upgrade Docker to containerd for your clusters. For more information, see Change the container runtime from Docker to containerd.

Kubernetes 1.24 and earlier

None

Node type

The following node types are supported:

  • ECS

  • EBM

  • Self-managed nodes (ACK Edge clusters)

The following node types are supported:

  • ECS

  • EBM

The following node types are supported:

EBM

None

Node operating system

The following operating systems are supported:

  • CentOS

  • Alibaba Cloud Linux

  • Windows for Kubernetes 1.20.4 and later

  • Ubuntu and CentOS (ACK Edge clusters)

The following operating systems are supported:

  • CentOS

  • Alibaba Cloud Linux

The following operating systems are supported:

Alibaba Cloud Linux Customized Edition

  • You cannot deploy both Docker and Sandboxed-Container on one node.

  • To deploy both Docker and Sandboxed-Container in the same cluster, you can create node pools that use different types of container runtimes.

Container engine

Containerd

Docker Engine

Containerd

None

Monitoring

Supported

Supported

Supported

None

Log collection

Supported

Supported

Manual configuration of sidecar containers is required to support log collection.

For more information about the sidecar configuration, see Use CRDs to collect container text logs in Sidecar mode.

Stdout collection

Supported

Supported

Supported

None

RuntimeClass

Not supported

Not supported

Supported (runV)

None

Pod scheduling

No configuration is required.

No configuration is required.

You must configure pods based on the following rules:

  • For Kubernetes 1.14.x, you must add the following configuration to the nodeSelector parameter:

    alibabacloud.com/sandboxed-container: Sandboxed-Container.runv
  • For Kubernetes 1.16.x and later, no configuration is required.

None

HostNetwork

Supported

Supported

Not supported

None

exec/logs

Supported

Supported

Supported

None

Node data disk

Optional

Optional

Required (at least 200 GiB)

None

Network plug-in

The following network plug-ins are supported:

  • flannel

  • Terway (excluding ACK Edge clusters)

The following network plug-ins are supported:

  • flannel

  • terway

The following network plug-ins are supported:

  • flannel

  • terway-eniip: Only terway-eniip that does not run in IPVLAN or Assign One ENI to Each Pod mode is supported.

None

Kube-proxy mode

The following kube-proxy modes are supported:

  • iptables

  • IPVS

The following kube-proxy modes are supported:

  • iptables

  • IPVS

The following kube-proxy modes are supported:

  • iptables

  • IPVS

None

Volume plug-in

CSI (excluding ACK Edge clusters)

CSI

CSI

None

Container root file system

OverlayFS

OverlayFS

OverlayFS with support for disk quotas

None

Comparison in terms of deployment architectures

Runtime

Deployment architecture

Docker

kubelet -> dockerd -> containerd -> containerd-shim -> runC containers

Containerd

kubelet -> containerd -> containerd-shim -> runC containers

Sandboxed-Container V2

kubelet->(CRI)containerd
\-> containerd-shim -> runC containers
\-> containerd-shim-rund-v2 -> runV sandboxed containers

Comparison of the commonly used commands provided by Docker Engine and containerd

Docker uses Docker Engine for container lifecycle management. Sandboxed-Container uses containerd for container lifecycle management. These tools provide different commands that can be used to manage images and containers. The following table describes the commonly used commands provided by Docker Engine and containerd.

Operation

Docker

Containerd

docker

crictl (recommended)

ctr

Query containers

docker ps

crictl ps

ctr -n k8s.io c ls

Query container details

docker inspect

crictl inspect

ctr -n k8s.io c info

Query container logs

docker logs

crictl logs

None

Run commands in containers

docker exec

crictl exec

None

Attach local stdin, stdout, and stderr to containers

docker attach

crictl attach

None

Query resource usage statistics

docker stats

crictl stats

None

Create containers

docker create

crictl create

ctr -n k8s.io c create

Start containers

docker start

crictl start

ctr -n k8s.io run

Stop containers

docker stop

crictl stop

None

Delete containers

docker rm

crictl rm

ctr -n k8s.io c del

Query images

docker images

crictl images

ctr -n k8s.io i ls

Query image details

docker inspect

crictl inspecti

None

Pull images

docker pull

crictl pull

ctr -n k8s.io i pull

Push images

docker push

None

ctr -n k8s.io i push

Delete images

docker rmi

crictl rmi

ctr -n k8s.io i rm

Query pods

None

crictl pods

None

Query pod details

None

crictl inspectp

None

Start pods

None

crictl runp

None

Stop pods

None

crictl stop

None