Kubernetes Container Runtimes

I had a recent discussion with my colleagues about Container runtimes supported by Kubernetes, I realized that this topic is pretty complicated with many different technologies and layers of abstractions. As a Kubernetes user, we don’t need to worry about the container runtime used below Kubernetes for most practical purposes but as an engineer, its always good to know what’s happening under the hood.

Following picture shows the relationship between how Kubernetes and Containers are tied together through Container Runtime Interface(CRI)

Following are some notes around this:

  • Container runtime is a software that implements and manages containers.
  • OCI(Open container initiative) has released a standard for building container images and for running containers. runc is an implementation of OCI container runtime specification.
  • CRI layer allows Kubernetes to talk to any Container runtime including Docker, Rkt.
  • GKE supports Docker, Containerd as Container runtimes. Docker is an abstraction on top of Containerd.
  • GVisor project allows for running secure containers by providing and additional layer of kernel abstraction.
  • CRI-O is an CNCF project that leverages OCI standards for runtime, images and networking.

1 thought on “Kubernetes Container Runtimes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s