As one of the most important components of Kubernetes (K8s), a container runtime manages the lifecycle of images and containers. Kubelet interacts with the container runtime through the Container Runtime Interface (CRI)
to manage images and containers.
You can choose Containerd and Docker as container runtime components:
Note:Modifications on the runtime component and version only take effect for added nodes that are not assigned to any node pool. The existing nodes are not affected.
Containerd does not support docker API or docker CLI. However, you can get similar features with the cri-tool
command.
Image Feature | Docker | Containerd |
---|---|---|
Display the local image list | docker images | crictl images |
Download an image | docker pull | crictl pull |
Upload an image | docker push | None |
Delete a local image | docker rmi | crictl rmi |
View image details | docker inspect IMAGE-ID | crictl inspect IMAGE-ID |
Container Feature | Docker | Containerd |
---|---|---|
Display the container list | docker ps | crictl ps |
Create a container | docker create | crictl create |
Start a container | docker start | crictl start |
Stop a container | docker stop | crictl stop |
Delete a container | docker rm | crictl rm |
View container details | docker inspect | crictl inspect |
attach | docker attach | crictl attach |
exec | docker exec | crictl exec |
logs | docker logs | crictl logs |
stats | docker stats | crictl stats |
Pod Feature | Docker | Containerd |
---|---|---|
Display the Pod list | None | crictl pods |
View Pod details | None | crictl inspectp |
Run a Pod | None | crictl runp |
Stop a Pod | None | crictl stopp |
kubelet --> docker shim (in the kubelet process) --> dockerd --> containerd
kubelet --> cri plugin (in the containerd process) --> containerd
Although Docker offers more features such as swarm cluster, docker build, and docker API, it may also introduce some bugs and requires one more calling step than containerd.
Note:Commands such as
kubectl exec
andkubectl logs
require the establishment of a stream forwarding tunnel between the apiserver and the container runtime.
The docker API itself provides a stream service, and the docker-shim inside the Kubelet forwards streams through the docker API.
The stream service of Containerd needs to be configured separately:
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_tls_streaming = false
The stream service of Containerd has different configurations for different versions of K8s.
Item | Docker | Containerd |
---|---|---|
Storage path |
If Docker serves as the K8s container runtime, it saves container logs to a directory such as /var/lib/docker/containers/$CONTAINERID . Kubelet will create a soft link under /var/log/pods and /var/log/containers , pointing to the container log files in the /var/lib/docker/containers/$CONTAINERID directory.
|
If Containerd serves as the K8s container runtime, Kubelet saves container logs to the /var/log/pods/$CONTAINER_NAME directory, and creates a soft link under /var/log/containers , pointing to the log files.
|
Configuration parameters |
Specify in the Docker configuration files:
"log-driver": "json-file",
"log-opts": {"max-size": "100m","max-file": "5"}
|
|
Save container logs to the data disk | Mount the data disk to `data-root` (/var/lib/docker by default). |
Create a soft link /var/log/pods to point to a directory under the data disk mounting point. Selecting "Store containers and images in the data disk" in TKE will automatically create the soft link /var/log/pods .
|
Item | Docker | Containerd |
---|---|---|
Component responsible for calling CNI | docker-shim inside Kubelet | Containerd's built-in cri-plugin (in containerd v1.1 or later) |
How to configure CNI | Kubelet parameters --cni-bin-dir and --cni-conf-dir |
Containerd configuration file (toml):[plugins.cri.cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" |
Was this page helpful?