Container Runtimes

What Is a Container Runtime?

A container runtime, one of the most important components of Kubernetes, manages the lifecycle of images and containers. kubelet interacts with a container runtime through the Container Runtime Interface (CRI).

CCE supports Docker or containerd (only available for clusters v1.23 or later) as the container runtime. containerd offers a shorter call chain, fewer components, higher stability, and lower node resource consumption.

The Kubernetes community removed dockershim in v1.24, discontinuing support for the Docker container runtime. To align with the Kubernetes community roadmap and improve cluster stability and resource efficiency, CCE has updated its container runtime support policy:

New CCE clusters running Kubernetes v1.34 or later do not support Docker.
Existing CCE clusters upgraded to Kubernetes v1.34 or later will continue running Docker. However, use containerd when creating new nodes or node pools. Migration from Docker to containerd is required before upgrading to v1.35, as Docker support will be dropped.

Use containerd when creating new nodes because it is more lightweight and secure. Additionally, gradually migrate existing nodes to containerd. For details, see Changing the Container Runtime from Docker to containerd.

**Table 1** Container runtime comparison
Item	containerd	Docker
Tracing	kubelet --> CRI plugin (in the containerd process) --> containerd	Docker (Kubernetes v1.23 and earlier versions): kubelet --> dockershim (in the kubelet process) --> docker --> containerd Docker (community solution for Kubernetes v1.24 or later): kubelet --> cri-dockerd (kubelet uses CRI to connect to cri-dockerd) --> docker--> containerd
Command	crictl/ctr	docker
Kubernetes CRI	Native support	Support through dockershim or cri-dockerd
Delayed pod startup	Minor	High
kubelet CPU/memory usage	Minor	High
Runtime's CPU/memory usage	Minor	High

Mapping Between Node OSs and Container Runtimes

VPC network clusters v1.23 or later versions support containerd. Tunnel network clusters v1.23.2-r0 or later versions support containerd.

**Table 2** Node OSs and container runtimes in CCE clusters
OS	Kernel Version	Upper-layer Container Runtime	Lower-layer Container Runtime	Container Storage rootfs
CentOS 7.6	3.x	Docker Clusters v1.23 and later support containerd.	runC	Clusters v1.19.16 and earlier use Device Mapper. Clusters v1.19.16 and later use OverlayFS.
EulerOS 2.3	3.x	Docker	runC	Device Mapper
EulerOS 2.5	3.x	Docker	runC	Device Mapper
EulerOS 2.9	4.x	Docker Clusters v1.23 and later support containerd.	runC	OverlayFS
Ubuntu 18.04	4.x	Docker Clusters v1.23 and later support containerd.	runC	OverlayFS
Ubuntu 22.04	5.x	Docker Clusters v1.23 and later support containerd.	runC	OverlayFS
Ubuntu 22.04.cgroup2	5.x	containerd	runC	OverlayFS
Huawei Cloud EulerOS 1.1	3.x	Docker containerd	runC	OverlayFS
Huawei Cloud EulerOS 2.0	5.x	Docker containerd	runC	OverlayFS

**Table 3** Node OSs and container runtimes in CCE Turbo clusters
Node Type	OS	Kernel Version	Upper-layer Container Runtime	Lower-layer Container Runtime	Container Storage rootfs
ECS (VM)	CentOS 7.6	3.x	Docker containerd	runC	OverlayFS
	Ubuntu 18.04	4.x
	Ubuntu 22.04	5.x
	EulerOS 2.9	4.x
	Huawei Cloud EulerOS 1.1	3.x
	Huawei Cloud EulerOS 2.0	5.x
	Ubuntu 22.04.cgroup2	5.x	containerd	runC	OverlayFS
ECS (PM)	EulerOS 2.10	4.x	containerd	Kata runC	Device Mapper

**Table 4** Kunpeng Node OSs and container runtimes in CCE
OS	Kernel Version	Upper-layer Container Runtime	Lower-layer Container Runtime	Container Storage rootfs
Huawei Cloud EulerOS 2.0	5.x	Docker containerd	runC	OverlayFS
EulerOS 2.9	4.x	Docker containerd	runC	OverlayFS
EulerOS 2.8	4.x	Docker	runC	OverlayFS

Common Commands of containerd and Docker

containerd does not support Docker APIs and Docker CLI, but you can run crictl commands to implement similar functions.

**Table 5** Image-related commands
Operation	Docker Command	containerd Command
Operation	docker	crictl	ctr
List local images.	docker images	crictl images	ctr -n k8s.io i ls
Pull images.	docker pull	crictl pull	ctr -n k8s.io i pull
Push images.	docker push	None	ctr -n k8s.io i push
Delete local images.	docker rmi	crictl rmi	ctr -n k8s.io i rm
Check images.	docker inspect	crictl inspect	None

**Table 6** Container-related commands
Operation	Docker Command	containerd Command
Operation	docker	crictl	ctr
List containers.	docker ps	crictl ps	ctr -n k8s.io c ls
Create a container.	docker create	crictl create	ctr -n k8s.io c create
Start a container.	docker start	crictl start	ctr -n k8s.io run
Stop a container.	docker stop	crictl stop	None
Delete a container.	docker rm	crictl rm	ctr -n k8s.io c del
Connect to a container.	docker attach	crictl attach	None
Access the container.	docker exec	crictl exec	None
Query container details.	docker inspect	crictl inspect	ctr -n k8s.io c info
View container logs.	docker logs	crictl logs	None
Check the resource usage of the container.	docker stats	crictl stats	None
Update container resource limits.	docker update	crictl update	None

**Table 7** Pod-related commands
Operation	Docker Command	containerd Command
Operation	docker	crictl	ctr
List pods.	None	crictl pods	None
Query pod details.	None	crictl inspectp	None
Start a pod.	None	crictl start	None
Run a pod.	None	crictl runp	None
Stop a pod.	None	crictl stopp	None
Delete a pod.	None	crictl rmp	None

Containers created and started by containerd are immediately deleted by kubelet. containerd does not support suspending, resuming, restarting, renaming, and waiting for containers, nor Docker image build, import, export, comparison, push, search, and labeling. containerd does not support file copy. You can log in to the image repository by modifying the configuration file of containerd.

Differences in Tracing

Docker (Kubernetes v1.23 and earlier versions):
kubelet --> dockershim (in the kubelet process) --> docker --> containerd
Docker (community solution for Kubernetes v1.24 or later):
kubelet --> cri-dockerd (kubelet uses CRI to connect to cri-dockerd) --> docker--> containerd
containerd:
kubelet --> CRI plugin (in the containerd process) --> containerd

Although Docker has added functions such as swarm cluster, docker build, and Docker APIs, it introduces bugs. Also, Docker offers a longer call chain than containerd. Therefore, containerd is more resource-saving and secure.

Container Runtime Versions

Table 8 lists only the runtime versions for the OSs in the latest cluster versions. For historical cluster versions, log in to the target node and check their runtime versions.

Docker

# Huawei Cloud EulerOS, EulerOS, and CentOS
rpm -q docker-engine
# Ubuntu
dpkg -s docker-ce

containerd

# Huawei Cloud EulerOS, EulerOS, and CentOS
rpm -q containerd
# Ubuntu
dpkg -s containerd

**Table 8** Latest runtime versions for each OS
Cluster Version	Architecture	OS	Latest Docker Version	Latest containerd Version
v1.36	x86	Huawei Cloud EulerOS 2.0	-	containerd-2.2.1-26.04.130941168.gitb72de14b.x86_64
		Ubuntu 22.04		2.2.1-26.04.130941156.gitb72de14b
		Ubuntu 22.04.cgroup2		2.2.1-26.04.130941156.gitb72de14b
	Arm	Huawei Cloud EulerOS 2.0		containerd-2.2.1-26.04.130941168.gitb72de14b.aarch64
v1.35	x86	Huawei Cloud EulerOS 2.0	-	containerd-2.2.1-26.03.129169267.git9985da87.x86_64
		Ubuntu 22.04
		Ubuntu 22.04.cgroup2
	Arm	Huawei Cloud EulerOS 2.0		containerd-2.2.1-26.03.129169267.git9985da87.aarch64
v1.34	x86	Huawei Cloud EulerOS 2.0	New Kubernetes clusters of v1.34 or later do not support Docker. For details, see Updates to Docker Support Policy for CCE Clusters.	containerd-1.7.29-25.11.121763183.git9859417d.x86_64
		EulerOS 2.9
		Huawei Cloud EulerOS 1.1
		CentOS 7.6
		Ubuntu 22.04		1.7.29-25.11.121763188.git9859417d
	Arm	Huawei Cloud EulerOS 2.0		containerd-1.7.29-25.11.121763183.git9859417d.aarch64
	Arm	EulerOS 2.9		containerd-1.7.29-25.11.121763183.git9859417d.aarch64
v1.28-v1.33	x86	Huawei Cloud EulerOS 2.0	docker-engine-18.09.0-311.r62.48.46.hce2.x86_64	containerd-1.7.29-25.11.121763183.git9859417d.x86_64
		EulerOS 2.9	docker-engine-18.09.0.129-1.h94.43.29.eulerosv2r9.x86_64
		Huawei Cloud EulerOS 1.1	docker-engine-18.09.0.101-1.h70.28.24.eulerosv2r7.x86_64
		CentOS 7.6	docker-engine-18.09.0.101-1.h70.28.24.eulerosv2r7.x86_64
		Ubuntu 22.04	27.5.1-25.11.121586247.git4c9b3b011a	1.7.29-25.11.121763188.git9859417d
	Arm	Huawei Cloud EulerOS 2.0	docker-engine-18.09.0-311.r62.48.46.hce2.aarch64	containerd-1.7.29-25.11.121763183.git9859417d.aarch64
	Arm	EulerOS 2.9	docker-engine-18.09.0.129-1.h94.43.29.eulerosv2r9.aarch64	containerd-1.7.29-25.11.121763183.git9859417d.aarch64
v1.27	x86	Huawei Cloud EulerOS 2.0	docker-engine-18.09.0-311.r50.46.43.hce2.x86_64	containerd-1.6.14-25.08.114880342.gita270719c.x86_64
		EulerOS 2.9	docker-engine-18.09.0.129-1.h91.43.27.eulerosv2r9.x86_64
		Huawei Cloud EulerOS 1.1	docker-engine-18.09.0.101-1.h70.28.24.eulerosv2r7.x86_64
		CentOS 7.6	docker-engine-18.09.0.101-1.h70.28.24.eulerosv2r7.x86_64
		Ubuntu 22.04	27.5.1-25.05.108320057.git4c9b3b011a	1.6.14-25.05.109434323.gite7077850
	Arm	Huawei Cloud EulerOS 2.0	docker-engine-18.09.0-311.r50.46.43.hce2.aarch64	containerd-1.6.14-25.08.114880342.gita270719c.aarch64
	Arm	EulerOS 2.9	docker-engine-18.09.0.129-1.h91.43.27.eulerosv2r9.aarch64	containerd-1.6.14-25.08.114880342.gita270719c.aarch64
v1.25	x86	Huawei Cloud EulerOS 2.0	docker-engine-18.09.0-311.r50.46.43.hce2.x86_64	containerd-1.6.14-25.08.114880342.gita270719c.x86_64
		EulerOS 2.9	docker-engine-18.09.0.129-1.h91.43.27.eulerosv2r9.x86_64
		Huawei Cloud EulerOS 1.1	docker-engine-18.09.0.101-1.h70.28.24.eulerosv2r7.x86_64
		CentOS 7.6	docker-engine-18.09.0.101-1.h70.28.24.eulerosv2r7.x86_64
		Ubuntu 22.04	27.5.1-25.05.108320057.git4c9b3b011a	1.6.14-25.05.109434323.gite7077850
		Ubuntu 18.04	5:18.09.9~3-0~ubuntu-bionic	1.6.14-25.05.109434323.gite7077850
	Arm	Huawei Cloud EulerOS 2.0	docker-engine-18.09.0-311.r50.46.43.hce2.aarch64	containerd-1.6.14-25.08.114880342.gita270719c.aarch64
		EulerOS 2.9	docker-engine-18.09.0.129-1.h91.43.27.eulerosv2r9.aarch64
		EulerOS 2.8	docker-engine-18.09.0.101-1.h69.28.24.eulerosv2r8.aarch64

Parent Topic: Nodes

Previous topic: Node Overview

Next topic: Node OSs

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot