Containers and images have become the industry standards for software packaging and delivery. Kubernetes has become a standard platform for building, developing, and managing containerized cloud-native applications. An increasing number of enterprises and customers choose to deploy their applications in Alibaba Cloud Container Service for Kubernetes (ACK). ACK supports two types of runtimes: Docker and Sandboxed-Container. This topic describes the differences between these runtimes in the following aspects: implementations and limits, commonly used commands provided by Docker Engine and Containerd, and deployment architectures. This provides references for you to select between Docker and Sandboxed-Container based on your requirements.
Differences between Docker and Sandboxed-Container in terms of implementations and limits
Item | Docker | Sandboxed-Container | Description |
---|---|---|---|
Cluster type | All types | ACK Standard clusters and clusters of Standard ACK Proprietary Edition. | None |
Node type |
|
ECS Bare Metal instances | None |
Node operating system |
|
Aliyun Linux 2 Customized Edition |
|
Container engine | Docker | Containerd | None |
Monitoring | Supported | Supported | None |
Container log collection | Supported | Sidecar: supported. Manual configuration is required. | For more information about sidecar configurations, see Use CRDs to collect Kubernetes container logs in the Sidecar mode. |
Container stdout collection | Supported | Supported | None |
RuntimeClass | Not supported | Supported (runV) | None |
Pod scheduling | No configuration is required. |
|
None |
HostNetwork | Supported | Not supported | None |
exec/logs | Supported | Supported | None |
Node data disk | Optional | Required. The data disk must be at least 200 GiB. | None |
Network plug-in |
|
|
None |
Kube-proxy mode |
|
|
None |
Volume plug-in | CSI Plugin | CSI Plugin | None |
Container root file system | OverlayFS | DeviceMapper | None |
Differences in the commonly used commands provided by Docker Engine and Containerd
Docker uses Docker Engine for container lifecycle management. Sandboxed-Container uses Containerd for container lifecycle management. These tools support different commands that can be used to manage images and containers. The following table lists the commonly used commands.
Command | Docker | Containerd | |
---|---|---|---|
docker | crictl (recommended) | ctr | |
Query containers | docker ps | crictl ps | ctr -n k8s.io c ls |
Query container information | docker inspect | crictl inspect | ctr -n k8s.io c info |
Query container logs | docker logs | crictl logs | None |
Run a command in a container | docker exec | crictl exec | None |
Attach local standard input, output, and error streams to a running container | docker attach | crictl attach | None |
Query resource usage statistics | docker stats | crictl stats | None |
Create one or more containers | docker create | crictl create | ctr -n k8s.io c create |
Start one or more containers | docker start | crictl start | ctr -n k8s.io run |
Stop one or more containers | docker stop | crictl stop | None |
Remove one or more containers | docker rm | crictl rm | ctr -n k8s.io c del |
Query images | docker images | crictl images | ctr -n k8s.io i ls |
Query image information | docker inspect | crictl inspecti | None |
Pull an image | docker pull | crictl pull | ctr -n k8s.io i pull |
Push an image | docker push | None | ctr -n k8s.io i push |
Remove one or more images | docker rmi | crictl rmi | ctr -n k8s.io i rm |
Query pods | None | crictl pods | None |
Query pod information | None | crictl inspectp | None |
Start one or more pods | None | crictl runp | None |
Stop one or more pods | None | crictl stopp | None |
Differences between Docker and Sandboxed-Container in terms of deployment architectures
Runtime | Deployment architecture |
---|---|
Docker |
|
Sandboxed-Container V1 |
|
Sandboxed-Container V2 |
|