Docker is the most popular and widely used free and open-source container management system. Docker helps in building, deploying, and shipping software applications in an isolated environment; known as a container. A container contains the libraries, dependencies, and configurations required for the software package to run and work properly.
In the past, Docker has been the only go-to easy-to-use containerization technology. Many projects have come as Docker alternative and competitors in the market over the past few years. Some of the common Docker alternatives in the market are listed as follows.
A good docker alternative these days is Podman, which a free and open-source container engine released under the Apache-2.0 license. Podman helps in building, deploying, and managing container images and volumes. It is a daemon-less service, which means it doesn't require any centralized daemon running to manage the containers and images.
In Podman, we can manage containers from both root and non-root users. But by default, it requires to run as the root user. Podman command lines are compatible with the docker cli command interfaces. So, one who is familiar with docker can easily use Podman.
Currently, it is only available in GNU/Linux systems whereas remote clients are available for both Windows and Mac OS. An additional feature by Podman is that we can easily generate Kubernetes compatible YAML file based on the running container so that one can easily run the containers through Kubernetes.
- Podman is a daemon-less service, doesn't require any centralized daemon.
- It can be run as both root and non-root users.
- Docker users can easily use Podman as the commands are the same.
- The Podman backend is only available in GNU/Linux distributions.
Linux Containers (LXC) is a well-known and battle-tested low-level Linux container runtime. It is an operating system-level virtualization method for running multiple Linux systems known as containers using a single Linux kernel host machine.
With LXC, one can get an isolated environment close to a VM but without the overhead that comes with executing a separate Linux kernel and simulating the hardware. LXC was developed and maintained before Docker. But as Docker was fairly easy to use, it got more popular and interest in the community.
- LXC is a battle-tested low-level Linux container runtime.
- It is lightweight and is better for running I/O intensive software applications.
- It is suitable for running multiple Linux systems and is a good alternative to traditional hypervisor-based virtualization.
- As it is primarily maintained for Ubuntu, LXC has inconsistent feature support across different GNU/Linux distros.
Initially, Containerd started as a part of the Docker open source project but later, it started out as an independent project. Containerd is a simple, portable daemon used for managing the complete lifecycle of the container in the host machine. It is used for supervision of low-level storage to network attachments and even more in GNU/Linux and Windows machines.
The API of containerd makes managing the environment quite easy through API calls instead of system calls. Currently, Containerd is regarded as the industry-standard container runtime manager and is used in container orchestration and managing containers in major projects such as Docker, Kubernetes, and more in the popular cloud providers. It is a robust high-level standalone container runtime manager and well optimized for low memory, low CPU spikes, and low storage minimizing overheads for better performance.
- Containerd the industry-standard container runtime manager and is OCI compliant.
- It is well optimized for low memory, low CPU spikes, and better performance with minimal overhead.
- It is used as a major component in Kubernetes, Docker, and other container orchestration systems.
- Containerd is all about managing containers but doesn't deal with networking and other stuff.
4) Rocket (rkt)
Rocket ( also known as rkt) is a container runtime developed by the CoreOS project, which was later acquired by Red Hat. Before CRI, Rocket was the only container runtime that was built to integrate with Kubernetes's kubelet. It is a high-level container runtime, providing low-level capabilities, and can run without a daemon. In Feb 2020, the rkt project was discontinued and is not maintained anymore.
- Rocket can run without a daemon.
- It is compatible with init systems like systemd and upstart.
- The project rkt is discontinued and is not maintained anymore.
Container runtime is an important block of a container lifecycle whose primary responsibility is to run and manage containers in a host machine. Broadly, container runtimes can be classified into major two groups in a spectrum, they are low-level runtimes and high-level runtimes.
Kubernetes is a container orchestration management system, and it requires an implementation of the Container Runtime Interface for the Container Runtimes to communicate with Kubelet. Some of the popular container runtimes compatible with Kubernetes CRI are as follows.
CRI-O is a well-optimized lightweight container runtime, developed for Kubernetes as an alternative to Docker. It is an implementation of Kubernetes's Container Runtime Interface (CRI) to enable using OCI compatible runtimes. It has the ability to pull from any container registry.
CRI-O uses Runc and Kata Containers as the default low-level container runtimes but any OCI-conformant runtime can be used in principle.
Suggested Read: How to Install Kubernetes on Ubuntu 20.04
Rktlet is another container runtime implementation of Kubernetes Container Runtime Interface with Rocket (rkt). It uses rkt as the primary container runtime with Kubernetes. All containers running with rktlet run with rkt container runtime. Kubernetes (kubelet) communicates with rktlet via gRPC. The CRI is the interface by which kubelet and rktlet communicate with each other. The project rktlet has been discontinued, thus end of life (EOL).
Frakti is a lightweight and portable hypervisor-based container runtime for Kubernetes. It enables Kubernetes to run and manage pods and containers directly inside hypervisors with runV. HyperContainer is a hypervisor-agnostic docker runtime used as the API wrapper on runV. It provides much stronger isolation with every pod with independent kernels than Linux namespace based container runtimes.
Docker CRI shim
Dockershim is an implementation of container runtime interface for Docker integration using Kubernetes. Dockershim was maintained by Kubernetes but was recently depreciated. It was never intended to be maintained for a longterm hence, the word "shim". It was actually created to help Docker to integrate with Kubernetes, but it always ended up being an extra hop, which led Docker to the development of Containerd runtime, and now as a part of the Open Container Initiative (OCI).
Recently, dockershim is depreciated with Kubernetes version v1.20.0, despite this major change, it doesn't affect the end developers and DevOps engineers whereas the operators and sysadmins that take care of the underlying Kuberenetes infrastructure may have to switch from dockershim to other CRI compliant container runtimes like CRI-O, Containerd, etc.
In the world of containerization, different technologies are evolving on time. In the past, it was docker that introduced the power of containers in software applications to the community. We didn't have much choice with the container manager and orchestration, docker was the only goto for DevOps and containerization technology. But things have changed in the past few years, there are several systems and docker alternative or that works in docker and container technology. If you have any questions, suggestions, feedback please write them in the comment box below.