DEV Community

Cover image for Container Engine Vs Container Runtime
Dorra ELBoukari
Dorra ELBoukari

Posted on

Container Engine Vs Container Runtime

During the last few days, I have been working on comparing container engines. I wanted to study separately popular container engines in order to highlight the vulnerabilities related to each product. To make an unbiased judgement and to have a very clear perspective, I went through a myriad of articles that are published online. I remarked something strange. Even some well-experienced technical writers can be confused about the difference between a "Container Engine" and a "Container Runtime". I remarked that many use these two terms as synonyms, which is not the case.

Container Runtime

Let's bring it this way:
The container runtime can be considered the core component of a container engine. It is the beating heart that enables and initiates containerization. In other terms, without the container runtime, the container engine cannot communicate with the operating system and the containerization process will never be launched. Thus, the container will be never brought to life. The container runtime is a low-level element that handles all the tasks related to running the containerization process. It mounts the container and clones system calls to communicate with the kernel of the operating system on which you intend to run the containers. Cloning system calls mean creating new processes in a way similar to fork() system call ) that host the containerization mission.
We can specify two types of Container Runtimes:
CRI-Compliant Container Runtime:
are those who support CRI (Container Runtime Interface ) . CRI is the API that Kubernetes uses to manage container runtimes. How Kubernetes should communicate with a container runtime is outlined in the CRI API. Consequently, CRI is an interface that can be used with any supported runtime, whereas containerd and Cri-O are the specialized container runtime.

OCI-Compliant Container Runtime:
Are runtimes that obey the OCI standard. OCI is a framework for specifying how container images are organized.OCI images can be run on any container runtime that supports OCI since they have a standard format such as runC.

Container Engine

On the other side, container engines are software programs that handle user inputs, including those from the command line interfaces (CLI), fetches images, and executes the container. To fulfil some of its functionalities, a container engine uses container runtime. In other words, the architecture container engine contains a container runtime along with other elements for networking, orchestration capabilities , etc.
Some container runtime such as Containerd can be viewed as no more than low-level container engines with the most basic functionalities.


Here is a figure that illustrates how container engines work through a simplified example.

Image description

Top comments (0)