How Do I Select a Container Runtime?
Introduction to Container Runtime
Container runtime, one of the most important components of Kubernetes, manages the lifecycle of images and containers. kubelet interacts with a container runtime through the Container Runtime Interface (CRI) to manage images and containers.
CCE allows you to select containerd or Docker as the container runtime.
- containerd has a shorter tracing and fewer components is fewer, which is more stable and occupies fewer node resources. It is recommended that you select containerd as your container runtime.
- Docker is suitable in the following scenarios:
- Docker-in-Docker needs to be used.
- Commands such as docker build/push/save/load need to be run on the CCE node.
- Docker APIs need to be called.
- Docker Compose or Docker Swarm needs to be used.
Common Commands of containerd and Docker
containerd does not support Docker APIs and Docker CLI, but you can run crictl commands to implement similar functions.
|
No. |
Docker Command |
containerd Command |
Remarks |
|---|---|---|---|
|
1 |
docker images [Option] [Image name[:Tag]] |
crictl images [Option] [Image name[:Tag]] |
List local images. |
|
2 |
docker pull [Option] Image name[:Tag|@DIGEST] |
crictl pull [Option] Image name[:Tag|@DIGEST] |
Pull images. |
|
3 |
docker push |
None |
Push an image. |
|
4 |
docker rmi [Option] Image... |
crictl rmi [Option] Image ID... |
Delete a local image. |
|
5 |
docker inspect Image ID |
crictl inspect Image ID |
Check a container. |
|
No. |
Docker Command |
containerd Command |
Remarks |
|---|---|---|---|
|
1 |
docker ps [Option] |
crictl ps [Option] |
List containers. |
|
2 |
docker create [Option] |
crictl create [Option] |
Create a container. |
|
3 |
docker start [Option] Container ID... |
crictl start [Option] Container ID... |
Start a container. |
|
4 |
docker stop [Option] Container ID... |
crictl stop [Option] Container ID... |
Stop a container. |
|
5 |
docker rm [Option] Container ID... |
crictl rm [Option] Container ID... |
Delete a container. |
|
6 |
docker attach [Option] Container ID |
crictl attach [Option] Container ID |
Connect to a container. |
|
7 |
docker exec [Option] Container ID Startup command [Parameter...] |
crictl exec [Option] Container ID Startup command [Parameter...] |
Access the container. |
|
8 |
docker inspect [Option] Container name|ID... |
crictl inspect [Option] Container ID... |
Query container details. |
|
9 |
docker logs [Option] Container ID |
crictl logs [Option] Container ID |
View container logs. |
|
10 |
docker stats [Option] Container ID... |
crictl stats [Option] Container ID |
Check the resource usage of the container. |
|
11 |
docker update [Option] Container ID... |
crictl update [Option] Container ID... |
Update container resource limits. |
|
No. |
Docker Command |
containerd Command |
Remarks |
|---|---|---|---|
|
1 |
None |
crictl pods [Option] |
List pods. |
|
2 |
None |
crictl inspectp [Option] Pod ID... |
View pod details. |
|
3 |
None |
crictl start [Option] Pod ID... |
Start a pod. |
|
4 |
None |
crictl runp [Option] Pod ID... |
Run a pod. |
|
5 |
None |
crictl stopp [Option] Pod ID... |
Stop a pod. |
|
6 |
None |
crictl rmp [Option] Pod ID... |
Delete a pod. |
Containers created and started by containerd are immediately deleted by kubelet. containerd does not support suspending, resuming, restarting, renaming, and waiting for containers, nor Docker image build, import, export, comparison, push, search, and labeling. containerd does not support file copy. You can log in to the image repository by modifying the configuration file of containerd.
Differences in Tracing
- When Docker is used as the container runtime, the tracing is as follows:
kubelet --> docker shim (in the kubelet process) --> dockerd --> containerd
- When containerd is used as the container runtime, the tracing is as follows:
kubelet --> cri plugin (in the containerd process) --> containerd
Although Docker has added functions such as swarm cluster, docker build, and Docker APIs, it also introduces bugs. Compared with containerd, Docker has one more layer of calling.
Last Article: Configuring Domain Name Resolution for CCE Containers
Next Article: Using Dual-Architecture Images (x86 and Arm) in CCE
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.