2.2.1.5 Containerd Kubernetes Integration
A focused guide to Containerd Kubernetes Integration, connecting core concepts with practical Docker and container operations.
Containerd Kubernetes integration is the relationship between containerd and Kubernetes, where containerd serves as one of the most common container runtimes Kubernetes uses directly to manage containers on each node, without Docker itself being involved at all.
Kubernetes' Container Runtime Interface
Kubernetes defines a standard interface, the Container Runtime Interface (CRI), that any compatible container runtime can implement. containerd includes a built-in CRI plugin, allowing Kubernetes' node-level agent (the kubelet) to talk to it directly.
crictl ps
crictl images
These commands query containerd through the CRI, showing the same kind of information docker ps and docker images would show, but without Docker being installed or involved at all.
Why Kubernetes Moved Away From Using Docker Directly
Earlier versions of Kubernetes used Docker as their default runtime, which meant the kubelet talked to the Docker daemon, which itself talked to containerd, which then talked to runc — an extra, unnecessary layer once containerd could implement the CRI directly. Kubernetes removed direct Docker support, since talking to containerd directly was simpler and avoided depending on Docker-specific behavior.
Old: kubelet -> dockershim -> dockerd -> containerd -> runc
New: kubelet -> containerd (CRI) -> runc
What This Means for Existing Workflows
Removing direct Docker support from Kubernetes did not mean Docker-built images stopped working — images remain in the same OCI-compliant format regardless of which tool built them, and containerd runs them the same way whether they were built with docker build or another OCI-compliant builder.
docker build -t myapp:1.0 .
docker push registry.example.com/myapp:1.0
kubectl create deployment myapp --image=registry.example.com/myapp:1.0
Building with Docker and deploying to a Kubernetes cluster running containerd directly works without any compatibility issue, since the image format itself is the shared standard.
Why This Integration Matters
Understanding that Kubernetes nodes typically run containerd directly, not Docker, clarifies why some Docker-specific commands have no equivalent on a Kubernetes node, and why troubleshooting container issues on a Kubernetes cluster often involves crictl rather than docker commands.