Docker vs containerd

Runtime.

Overview

Docker and containerd are two container runtimes operating at different layers. Docker is the dev-first developer experience (Docker Desktop, Compose, image build, full-stack tooling); containerd is the lightweight runtime that Kubernetes actually uses (CRI-compatible, minimal surface, what runs underneath Docker too). The right answer depends on whether the workload is a developer laptop or a production Kubernetes node.

• Docker: dev-first. Docker Desktop, Compose, image build, full developer toolchain. Default for laptops and CI.
• containerd: K8s-default runtime. CRI-compatible, lightweight, what Kubernetes uses since the dockershim deprecation. Default in production clusters.
• Operational fit per team. Developer workflow biases toward Docker; production cluster runtime is containerd by default.
• Per-cluster choice. Cluster runtime per cluster. Most modern Kubernetes installs default to containerd already.

The approach

Docker for developer workflow, containerd for production Kubernetes runtime. They are not really competing for the same role; the choice is more about which layer of the stack is being discussed than which is "better."

• Workload-driven. Runtime per workload layer. Reality drives the answer.
• Docker for developer toolchain. Laptops, CI, local development. Default for the developer-experience layer.
• containerd for production K8s nodes. Cluster runtime in production. Default since dockershim removal.
• Documented choice per cluster. Per-cluster runtime captured. Supports operational reviews.

Why this compounds

The right runtime per layer compounds across years. Developer workflow and production runtime decouple cleanly; cross-cluster tooling (image scanning, runtime security) targets containerd directly. By year two the layer-appropriate runtime is automatic.

• Better operational fit. Runtime matches layer. Velocity stays high.
• Workload-driven decisions. Replaces tribal preference with documented rationale. Quality of choice improves.
• Better operational reliability. Right runtime means containers behave predictably at each layer. Incident MTTR drops.
• Year-one investment, year-two habit. First runtime choice is the investment; subsequent clusters inherit the patterns.