A Try to Explain Docker / Kubernetes Jargons!
Facts & Definitions
- Docker: with capital D is the company that developed docker.
- docker: with small d is the tool (container runtime) to build & run containers
- container: is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. It runs directly on container runtime.
- container image: is the abstraction of a container. Considering OOP, container image is the Class and container is an Object of that class
- docker container: is a container. However, not all containers are docker containers :) There are other container runtimes.
- Kubernetes: is container-orchestration system for automating computer application deployment, scaling, and management. It run docker containers as well as other containers.
- You can run containerized applications on docker without Kubernetes.
- Also you can run containerized applications on Kubernetes without docker.
Please bear with me :) Things will get clearer soon!
A Bit of Standardization
Before we dive into the technologies and all the buzzwords, let me introduce the following definitions. We will need them to understand the rest of the post.
Open Container Initiative (OCI)
The OCI is a group of tech companies (including Google, Facebook & Microsoft) who maintain a specification for the container image format, and how containers should be run. Any vendor or open source project which conform the OCI specification can implement a new container runtime.
- docker is an OCI container runtime.
- CRI-O is another container runtime. It was born out of Red Hat, IBM, Intel, and others.
The “one standard, many implementations” concept is in use everywhere, from Bluetooth devices to programming languages.
Container Runtime Interface (CRI)
CRI is the API that Kubernetes uses to control the different runtimes that create and manage containers. It is an programming concept and makes it easier for Kubernetes to use different container runtimes. Instead of the Kubernetes project having to manually add support for each runtime.
Docker ,the company, kick-started the containerized deployment revolution. docker is the most popular developer tool for working with containers. And for a lot of people, the names Docker or docker itself is synonymous with the word container.
The docker tool can build container images, pull them from registries, create, start and manage containers. We need now to dive a bit into the main components of docker.
docker uses a client-server architecture. Let’s explain the components:
- docker-cli: is the command-line utility that you interact with using
- dockerd: is the server component. It’s also called the docker daemon. It is composed of many components (like security, networking & storage). Two of these components are the core to run containers:
- containerd: This is a daemon process that manages and runs containers. It pushes and pulls images, manages storage and networking, and supervises the running of containers.
- runc: This is the low-level container runtime (the thing that actually creates and runs containers).
In reality, when you run a container with
docker, you’re actually running it through the docker daemon, containerd, and then runc.
For more details about the internals of docker, I highly recommend this post from Docker Blog.
Containerd implements the Kubernetes Container Runtime Interface (CRI) so that we can run docker containers in Kubernetes. Let’s move to K8s now.
I will talk only about the part related to run containers. As mentioned before, K8s run containers through any container runtime which implements its Container Runtime Interface (CRI). But docker, being older than Kubernetes, doesn’t implement CRI. So that’s why the dockershim exists, to basically hook docker onto Kubernetes. Or Kubernetes onto docker, whichever way round you prefer to think of it.
Kubernetes will remove support for Docker directly, and prefer to use only container runtimes that implement its CRI.
However this doesn’t mean that Kubernetes won’t be able to run Docker-containers. Both containerd and CRI-O can run Docker-formatted (actually OCI-formatted) images, they just do it without having to use the
docker command or the Docker daemon.
Read more about dockershim deprecation
The Whole Picture
Your choice of runtime might be important if you pay to get support (security, bug fixes etc) from a vendor. For example, Red Hat’s OpenShift (which is another distribution of the standard Kubernetes) uses CRI-O, and offers support for it. Docker provides support for their own containerd.
Let’s categorize all mentioned buzzwords in a table and introduce new tools:
In this article we’ve seen that Docker is just one small part of the ecosystem of containers. There is a bunch of open standards which make it easier to swap out different implementations. This is where we get the standards CRI and OCI, and projects like containerd, runc and CRI-O.
If you like to start diving into the K8s world, you may check my post on the possible ways to run a K8s cluster locally :)