Containers have transformed modern software delivery, but the tools and terms can be confusing. Docker started the container revolution and remains the most popular container platform for developers. Yet the ecosystem is much more than just Docker, with containerd providing a crucial foundation for many technologies — including Docker, Kubernetes, and many more.
Docker and containerd are closely related, but they’re separate projects with different specialisms. Docker is a complete containerization platform that provides an easy-to-use interface, whereas containerd is a lightweight container runtime that focuses solely on managing container lifecycles without additional tooling.
In this article, we’ll explore their differences, features, and use cases to help you better understand today’s container landscape.
Docker is a complete platform for building and running containers. It’s positioned as an end-to-end developer-oriented container engine.
It includes everything needed to use containers on a host, including image management, storage, networking, and a CLI. However, it doesn’t implement all this functionality itself. Docker is a high-level tool that invokes a lower-level container runtime to handle many tasks, including starting and running containers. This is where containers step in.
Key features of Docker
- Containerization: Docker allows you to package applications and their dependencies into lightweight, portable containers that run consistently across environments.
- Portability: Containers can run on any system that supports Docker, ensuring a seamless transition between development, testing, and production environments.
- Resource efficiency: Docker containers share the host OS kernel, making them more lightweight and efficient than traditional virtual machines.
- Scalability: Docker makes it easy to scale applications horizontally by spinning up or down multiple container instances.
- Version control and image reuse: Docker images support versioning and can be reused or shared, promoting consistency and rapid deployment.
Containerd is a portable container runtime. It provides a daemon that orchestrates lower-level container management functions such as starting containers, pulling images, and configuring networking environments. Higher-level tools like Docker can use containerd to achieve key container tasks, without having to reimplement basic functionality themselves.
Containerd was originally part of Docker, but this caused problems as the container ecosystem began to grow. Other tools like Kubernetes needed a Docker installation to run containers, even though they only used low-level components.
Splitting containerd into a separate project provided the solution. It’s a standalone runtime that enables core container functionality to be shared between Docker, Kubernetes, Rancher, and the rest of the ecosystem.
Containerd is still a relatively heavyweight solution. Internally, it calls a lower-level runtime component, runc, to actually start containers. Runc abstracts the Linux system components that make containerization possible, including cgroups and user namespaces.
What can containerd do?
Containerd powers the container operations you can access through Docker and other tools. It’s installed as a system daemon that exposes a container management API. Higher-level tools can use the API to interact with containers and images on the containerd host.
Key containerd features include:
- Starting containers on the host (via runc or another OCI container runtime)
- Container lifecycle management, including restarts and deletions
- Container isolation and security management
- Control of the CPU and memory resources available to containers
- Container cloning and restoration via snapshots
- Pulling and pushing of container images
- Creation of basic host-to-container networks
- Full compatibility with OCI container runtimes and images
Containerd bundles a simple CLI called CTR, but the optional nerdctl utility adds a Docker-compatible interface. You can use this to interact directly with containerd using commands that will feel familiar from Docker. Commands like nerdctl run replace docker run, allowing you to start containers without installing Docker or another higher-level tool.
Containerd is the low-level container runtime that Docker is built upon. Whereas Docker focuses on providing a streamlined user experience, containerd implements the system daemon that lets Docker actually start and run containers.
Containerd focuses on providing a stable foundation for other container tools, but Docker is a complete platform for building and operating containers. It’s a developer-oriented solution that includes many complementary features not found in containerd.
Docker allows you to build new images, perform security scans, and manage multi-container stacks, for example. It also supports Swarm mode, an integrated container orchestration solution that lets you achieve high availability by creating a cluster of Docker hosts.
Containerd has a much smaller scope, but this is intentional. It implements features common to all container platforms only. It’s evolved independently of Docker to meet the ecosystem’s technological requirements, whereas Docker is designed to serve end users.
Docker vs. containerd: comparison table
You can use the following table to quickly compare the key features of Containerd and Docker.
| Containerd | Docker | |
| Use case | Container runtime that other tools interface with | End-to-end container operations for developers |
| Tool type | Low-level container runtime | High-level container platform |
| Capabilities | Running containers and managing their lifecycles | Building images, running containers, and supporting all aspects of container development workflows |
| Modularisation | Self-contained component with few external dependencies | Complete platform with many additional components included |
| Interfaces | API, basic CLI (ctr), optional Docker-compatible CLI (Nerdctl) | Fully-featured CLI (docker), optional Desktop interface, support for container orchestration via Swarm and Compose |
| Image build support | Not included | Included via BuildKit |
| Multi-container management | Not included | Supported via Docker Compose |
| Orchestration support | Not included (orchestrators use containerd to run containers) | Supported via Docker Swarm |
| Support | Open-source, maintained within the CNCF ecosystem | Open-source with optional commercial components maintained by Docker Inc. |
Containerd vs CRI
CRI often crops up in conversations about containerd. CRI (Container Runtime Interface) is a Kubernetes-specific API that provides an abstraction layer for different container runtimes.
Kubernetes doesn’t call container runtimes like containerd directly. Instead, it uses CRI as an extra level between the Kubernetes cluster and the runtime. Containerd is often used with CRI, but other runtimes like CRI-O (a Red Hat-backed runtime designed for Kubernetes) can be chosen instead.
Docker uses containerd as its core container runtime. Starting with Docker 1.11, Docker integrated containerd to handle container lifecycle tasks such as creation, execution, and management. This integration was part of a broader effort to improve modularity and performance within the container ecosystem, allowing Docker to focus on higher-level functionalities while leveraging containerd for lower-level operations
Yes — containerd can run images created with Docker. Containerd supports any OCI-compatible container image. When you run docker build, Docker uses BuildKit to complete the build. This outputs an OCI image that works with containerd and all other OCI-compliant runtimes.
In general, you don’t need to worry about which images will work with different container tools and platforms. The modern container landscape revolves around the OCI image and container specifications, ensuring excellent interoperability within the ecosystem.
Images built with popular tools like Docker, Podman, Buildah, and Kaniko are all fully interchangeable. You can run them with any OCI runtime and freely push them to OCI registries including Docker Hub, GitHub Container Registry, and Amazon ECR.
Kubernetes primarily uses containerd as its container runtime but previously supported Docker through the Dockershim interface.
Since Kubernetes 1.20, Docker has been deprecated as a runtime, and as of 1.24, Kubernetes uses container runtimes that implement the Container Runtime Interface (CRI), such as containerd or CRI-O, which provide more efficient and standardized management of containers.
Docker is the best option if you want a complete container solution that’s easy to set up and use. It bundles containerd with the BuildKit image builder and high-level CLI tools for creating and managing containers. There’s an optional Desktop interface and extremely active community support.
Standalone containerd implements essential container runtime capabilities that other tools can use. Installing containerd lets you prepare a node to join a Kubernetes cluster, for example. You don’t need Docker’s CLIs, image builders, and extensions for this use case — Kubernetes only requires a basic interface that lets it start containers.
Realistically, it’s likely you’ll use both Docker and Containerd if you’re working as a DevOps engineer:
- Docker for developer-facing tasks
- Containerd for infrastructure that runs Kubernetes, CI/CD services, and self-hosted serverless platforms
Containerd and Nerdctl can also be used as a lightweight Docker alternative. The Nerdctl CLI gives you a Docker-like development experience that’s directly powered by containerd. This makes it unnecessary to install Docker and allows access to new containerd features that Docker doesn’t yet expose.
Containerd supports encrypted images, image signing, and lazy pulls, for example. However, Nerdctl requires you to install other tools to build new images and set up complex networking configurations.
We encourage you to explore the ways Spacelift offers full flexibility when it comes to customizing your workflow. You can bring your own Docker image and use it as a runner to speed up deployments that leverage third-party tools. Spacelift’s official runner image can be found here.
If you want to learn more about what you can do with Spacelift, check out this article, create a free account today, or book a demo with one of our engineers.
Containerd and Docker are two key container technologies. Containerd is a leading container runtime that allows higher-level tools like Docker and Kubernetes to start containers, while Docker is a complete platform for building and using containers.
Splitting containerd out of Docker promoted the diversification of the container ecosystem. It enables tools, including Kubernetes, PaaS solutions, and serverless cloud platforms, to scale efficiently without needing Docker to exist in their environments. By focusing solely on container execution, containerd is much lighter than Docker as it implements only the features common to all container solutions.
Want to learn more about Docker and containers? Check out our guide to the top Docker alternatives or learn how to use Terraform to automate Docker container deployments.
Solve your infrastructure challenges
Spacelift is a flexible orchestration solution for IaC development. It delivers enhanced collaboration, automation, and controls to simplify and accelerate the provisioning of cloud-based infrastructures.
![How to Create a CI/CD Pipeline with Docker [Tutorial]](/_next/image?url=https%3A%2F%2Fspaceliftio.wpcomstaging.com%2Fwp-content%2Fuploads%2F2024%2F04%2F367.docker-ci-cd.png&w=3840&q=75)
