There is a good free course with informative visualization for containerd: link, I will redirect some images from it in this blog for personal learning purpose.
Core Concepts
-
Containerd uses namespaces to provide isolation for different sets of containers and resources.
-
A task represents a running process within a container. A single container can have one init task running inside it.
-
Containerd maintains a local store (usually a SQLite database) to keep track of the state of all the objects it manages: namespaces, containers, images, tasks, and snapshots.
-
Containerd has a plugin-based architecture. This allows for extending its functionality and integrating with other systems.
Runc to Containerd
The containerd cannot run containers on its own, to put it simply, runc is a command-line tool that knows how to create, start, stop, and delete containers given a container configuration and a root filesystem.
Docker (through containerd), Podman, Kubernetes, and other “higher-level” container runtimes and orchestrators under the hood rely on runc (or an alternative OCI Runtime implementation) to run containers.
CNI to Containerd
CNI is network plugin used for containerd.