Containers and images have become the industry standards for software packaging and delivery. Kubernetes has become a standard platform for building, developing, and managing containerized cloud-native applications. An increasing number of enterprises and customers choose to deploy their applications in Alibaba Cloud Container Service for Kubernetes (ACK). ACK supports two types of runtimes: Docker and Sandboxed-Container. This topic describes the differences between these runtimes in the following aspects: implementations and limits, commonly used commands provided by Docker Engine and Containerd, and deployment architectures. This provides references for you to select between Docker and Sandboxed-Container based on your requirements.
Differences between Docker and Sandboxed-Container in terms of implementations and limits
| Item | Docker | Sandboxed-Container | Description |
|---|---|---|---|
| Cluster type | All types | ACK Standard clusters and clusters of Standard ACK Proprietary Edition. | None |
| Node type |
|
ECS Bare Metal instances | None |
| Node operating system |
|
Aliyun Linux 2 Customized Edition |
|
| Container engine | Docker | Containerd | None |
| Monitoring | Supported | Supported | None |
| Container log collection | Supported | Sidecar: supported. Manual configuration is required. | For more information about sidecar configurations, see Use CRDs to collect Kubernetes container logs in the Sidecar mode. |
| Container stdout collection | Supported | Supported | None |
| RuntimeClass | Not supported | Supported (runV) | None |
| Pod scheduling | No configuration is required. |
|
None |
| HostNetwork | Supported | Not supported | None |
| exec/logs | Supported | Supported | None |
| Node data disk | Optional | Required. The data disk must be at least 200 GiB. | None |
| Network plug-in |
|
|
None |
| Kube-proxy mode |
|
|
None |
| Volume plug-in | CSI Plugin | CSI Plugin | None |
| Container root file system | OverlayFS | DeviceMapper | None |
Differences in the commonly used commands provided by Docker Engine and Containerd
Docker uses Docker Engine for container lifecycle management. Sandboxed-Container uses Containerd for container lifecycle management. These tools support different commands that can be used to manage images and containers. The following table lists the commonly used commands.
| Command | Docker | Containerd | |
|---|---|---|---|
| docker | crictl (recommended) | ctr | |
| Query containers | docker ps | crictl ps | ctr -n k8s.io c ls |
| Query container information | docker inspect | crictl inspect | ctr -n k8s.io c info |
| Query container logs | docker logs | crictl logs | None |
| Run a command in a container | docker exec | crictl exec | None |
| Attach local standard input, output, and error streams to a running container | docker attach | crictl attach | None |
| Query resource usage statistics | docker stats | crictl stats | None |
| Create one or more containers | docker create | crictl create | ctr -n k8s.io c create |
| Start one or more containers | docker start | crictl start | ctr -n k8s.io run |
| Stop one or more containers | docker stop | crictl stop | None |
| Remove one or more containers | docker rm | crictl rm | ctr -n k8s.io c del |
| Query images | docker images | crictl images | ctr -n k8s.io i ls |
| Query image information | docker inspect | crictl inspecti | None |
| Pull an image | docker pull | crictl pull | ctr -n k8s.io i pull |
| Push an image | docker push | None | ctr -n k8s.io i push |
| Remove one or more images | docker rmi | crictl rmi | ctr -n k8s.io i rm |
| Query pods | None | crictl pods | None |
| Query pod information | None | crictl inspectp | None |
| Start one or more pods | None | crictl runp | None |
| Stop one or more pods | None | crictl stopp | None |
Differences between Docker and Sandboxed-Container in terms of deployment architectures
| Runtime | Deployment architecture |
|---|---|
| Docker | |
| Sandboxed-Container V1 | |
| Sandboxed-Container V2 | |