- Hands-On Kubernetes on Windows
- Piotr Tylenda
- 371字
- 2021-06-24 16:54:09
Container runtime
Kubelet is not directly coupled with Docker – in fact, as we mentioned in the introduction to this section, Docker is not the only container runtime that Kubernetes supports. To perform container-related tasks, for example, pulling an image or creating a new container, kubelet utilizes the Container Runtime Interface (CRI), which is a plugin interface that abstracts all common container operations for different runtimes.
Currently, there are numerous container runtimes that can be used with Kubernetes on Linux. The most popular are as follows:
- Docker: The traditional Docker runtime, abstracted by dockershim, which is the CRI implementation for kubelet.
- CRI-containerd: In short, containerd is a component of Docker that is responsible for the management of containers. Currently, CRI-containerd is the recommended runtime for Kubernetes on Linux. For more information, please visit https://containerd.io/.
- CRI-O: The container runtime implementation dedicated to CRI that follows the Open Containers Initiative (OCI) specification. For more information, please visit https://cri-o.io/.
- gVisor: The OCI-compatible sandbox runtime for containers that's integrated with Docker and containerd. For more information, please visit https://gvisor.dev/.
The difference between dockershim and CRI-containerd can be seen in the following diagram:
The CRI-containerd runtime offers a much simpler architecture with less communication between daemons and processes, thereby eliminating the traditional Docker Engine. This solution aims at providing a stripped down Docker runtime that exposes the crucial components for Kubernetes.
For Windows, the list is much shorter, and currently includes Docker (Enterprise Edition 18.09+, also abstracted by dockershim) and incoming support for CRI-containerd. This is expected to be available when a stable version of containerd, 1.3, is released and runhcs shim is fully supported. This will also come with new support for Hyper-V isolation for containers, which is currently (as of Kubernetes 1.17) implemented without CRI-containerd as a limited experimental feature.