Comparison among Docker, containerd, and Sandboxed-Container - Container Service for Kubernetes

Containers and images have become the industry standards for software packaging and delivery. Kubernetes has become a standard platform for building, developing, and managing containerized cloud-native applications. An increasing number of enterprises and customers deploy their applications in Container Service for Kubernetes (ACK). ACK supports the following container runtimes: containerd, Docker, and Sandboxed-Container. This topic compares these runtimes in terms of implementations, limits, and deployment architectures. This topic also compares the commonly used commands provided by Docker Engine and containerd. This helps you select a container runtime based on your business requirements and scenarios.

Comparison in terms of implementations and limits

Feature	containerd	Docker	Sandboxed-Container	Description
Cluster types	ACK managed clusters ACK dedicated clusters ACK Edge clusters	All types of of ACK clusters	ACK managed clusters ACK dedicated clusters	None
Kubernetes version	Kubernetes 1.31 and earlier	Kubernetes 1.22 and earlier Note We recommend that you upgrade Docker to containerd for your clusters. For more information, see Change the container runtime from Docker to containerd.	Kubernetes 1.31 and earlier	None
Node type	Elastic Compute Service (ECS) instance ECS Bare Metal instance Self-managed nodes (ACK Edge clusters)	ECS instance ECS Bare Metal instance	ECS Bare Metal	None
Node operating system	CentOS Alibaba Cloud Linux Windows for ACK 1.20.4 and later Ubuntu and CentOS (ACK Edge clusters)	CentOS Alibaba Cloud Linux	Alibaba Cloud Linux Customized Edition	You cannot deploy both Docker and Sandboxed-Container on one node. To deploy both Docker and Sandboxed-Container in the same cluster, you can create node pools that use different types of container runtimes.
Container engine	containerd	Docker Engine	containerd	None
Monitoring	Supported	Supported	Supported	None
Log collection	Supported	Supported	Manual configuration of sidecar containers is required to support log collection.	For more information about the sidecar configuration, see Use CRDs to collect container text logs in Sidecar mode.
Stdout collection	Supported	Supported	Supported	None
RuntimeClass	Not supported	Not supported	Supported (runV)	None
Pod scheduling	No configuration is required.	No configuration is required.	You must configure pods based on the following rules: For Kubernetes 1.14.x, you must add the following configuration to the nodeSelector parameter: `alibabacloud.com/sandboxed-container: Sandboxed-Container.runv` For Kubernetes 1.16.x and later, no configuration is required.	None
HostNetwork	Supported	Supported	Not supported	None
exec/logs	Supported	Supported	Supported	None
Node data disk	Optional	Optional	Required (at least 200 GiB)	None
Network plug-in	Flannel Terway (excluding ACK Edge clusters)	Flannel Terway	Flannel terway-eniip: Only terway-eniip that does not run in IPVLAN or Assign One ENI to Each Pod mode is supported.	None
Kube-proxy mode	iptables IPVS	iptables IPVS	iptables IPVS	None
Volume plug-in	CSI (excluding ACK Edge clusters)	CSI	CSI	None
Container root file system	OverlayFS	OverlayFS	OverlayFS with support for disk quotas	None

Comparison in terms of deployment architectures

Runtime	Deployment architecture
Docker	`kubelet -> dockerd -> containerd -> containerd-shim -> runC containers`
containerd	`kubelet -> containerd -> containerd-shim -> runC containers`
Sandboxed-Container V2	`kubelet->(CRI)containerd \-> containerd-shim -> runC containers \-> containerd-shim-rund-v2 -> runV sandboxed containers`

Comparison of the commonly used commands provided by Docker Engine and containerd

Docker uses Docker Engine for container lifecycle management. Sandboxed-Container uses containerd for container lifecycle management. These tools provide different commands that can be used to manage images and containers. The following table describes the commonly used commands provided by Docker Engine and containerd.

Operation	Docker	containerd
Operation	docker	crictl (recommended)	ctr
Query containers	`docker ps`	`crictl ps`	`ctr -n k8s.io c ls`
Query container details	`docker inspect`	`crictl inspect`	`ctr -n k8s.io c info`
Query container logs	`docker logs`	`crictl logs`	None
Run commands in containers	`docker exec`	`crictl exec`	None
Attach local stdin, stdout, and stderr to containers	`docker attach`	`crictl attach`	None
Query resource usage statistics	`docker stats`	`crictl stats`	None
Create containers	`docker create`	`crictl create`	`ctr -n k8s.io c create`
Start containers	`docker start`	`crictl start`	`ctr -n k8s.io run`
Stop containers	`docker stop`	`crictl stop`	None
Delete containers	`docker rm`	`crictl rm`	`ctr -n k8s.io c del`
Query images	`docker images`	`crictl images`	`ctr -n k8s.io i ls`
Query image details	`docker inspect`	`crictl inspecti`	None
Pull images	`docker pull`	`crictl pull`	`ctr -n k8s.io i pull`
Push images	`docker push`	None	`ctr -n k8s.io i push`
Delete images	`docker rmi`	`crictl rmi`	`ctr -n k8s.io i rm`
Query pods	None	`crictl pods`	None
Query pod details	None	`crictl inspectp`	None
Start pods	None	`crictl runp`	None
Stop pods	None	`crictl stopp`	None