Kubernetes - kind

Last Updated: 2022-12-05
> docker exec -it kind-control-plane bash
[email protected]:/# ps auxf

you will see

  • kube-apiserver, kube-scheduler, etc
  • kind uses containerd as a CRI implementation to deal with Pods (and hence - containers).
  • There is no docker command or dockerd inside this container to list the images

lists all the images

$ crictl images

crictl to any CRI runtime is what docker command-line tool to the dockerd daemon.

kind uses podman

Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode.

podman vs docker

The most significant difference between Docker and Podman is that Docker uses a client-server architecture, where a daemon runs on every host that needs to run containers, whereas Podman uses a single-process architecture. Because of this, pods and images are smaller. Also, because Podman is a single process, it can avoid the security issues related to the multi-process architecture, such as sharing PID namespace with all other containers.

Podman allows for non-root privileges for containers, where issues can be addressed quickly in a safe way.

The docker daemon runs as root by default, effectively giving an attacker root access to your machine.

Podman runs as a regular user and does not require root privileges.