What is the difference between containerd and docker

Difference: 1. containerd does not need to go through dockershim, so the call chain is shorter, and docker needs to go through, so the call chain is longer; 2. docker calls cni "docker-shim", containerd calls cni "containerd- cri".

The operating environment of this tutorial: linux7.3 system, docker-1.13.1 version, Dell G3 computer.

What is the difference between containerd and docker

When using k8s, the call chain using docker and containerd is as follows:

It is not difficult to see that when using containerd, the call chain is shorter and there is no need to go through dockershim and docker

Data directory

I believe everyone knows that the default data directory of docker is in the /var/lib/docker directory; when switching to containerd, the data directory defaults to /var/lib/containerd

Log

When we use k8s, if docker is used as the runtime, docker is actually responsible for writing the container program logs to disk. The log files under /var/log/pod and /var/log/container will be soft-linked to the corresponding log files under /var/lib/docker. If you need to configure some parameters for the log, you can directly modify the docker configuration file. ;And if we now use containerd as the runtime, kubelet will be responsible for the placement of container logs. The log files under /var/log/container will be soft-connected to the log files under /var/log/pod. If adjustments are needed Log parameters, you need to modify the kubelet related configuration

CNI

When using docker as the runtime, the docker-shim in the kubelet is responsible for calling cni; and when using containerd as At runtime, the containerd-cri built in containerd is responsible for calling cni

[plugins."io.containerd.grpc.v1.cri".cni]       
bin_dir = "/opt/cni/bin"       
conf_dir = "/etc/cni/net.d"

Streaming service

Friends who are familiar with k8s know that commands such as kubectl exec and kubelet log need to be passed The apiserver communicates with the container, which involves streaming services. The docker API itself supports that the docker-shim in kubelet is forwarded through the docker API stream; but containerd needs to be configured separately

[plugins."io.containerd.grpc.v1.cri"]     
stream_idle_timeout = "4h0m0s"    
 stream_server_address = "127.0.0.1"    
 stream_server_port = "0"     
enable_tls_streaming = false

Recommended learning: "docker video tutorial"

The above is the detailed content of What is the difference between containerd and docker. For more information, please follow other related articles on the PHP Chinese website!