Who Manages Container Lifecycle – Docker Engine vs containerd?

---

✅ Simple Answer:

Task	Docker-Only World	With containerd (modern Docker)
docker run	Docker Engine	Docker Engine → containerd
container create	Docker Engine	Docker Engine → containerd
container start	Docker Engine	Docker Engine → containerd
container stop	Docker Engine	Docker Engine → containerd
container delete	Docker Engine	Docker Engine → containerd

---

🔥 Key Insight:
Docker Engine delegates these tasks to containerd. Docker used to do this directly pre-1.11, but now it offloads container lifecycle to containerd for modularity and better performance.

---

📦 Timeline of Evolution

🔙 Before Docker 1.11

• Docker Engine = monolith
  
  

• dockerd did everything:
  
  

• Image mgmt
  
  

• Network
  
  

• Volume
  
  

• Container create/start/stop/delete
  
  

• Directly used runc
  
  

🔄 After Docker 1.11 (modular)

• Docker split into layers:
  
  

• Docker CLI/REST → dockerd (Engine) → containerd → runc
  
  

• dockerd now calls containerd for all container lifecycle events
  
  

---

🔁 Lifecycle Explained with Components

🔨 Container Creation

docker create alpine

1. docker CLI → REST call to dockerd
   
   

2. dockerd uses containerd client API
   
   

3. containerd:
   
   

• Unpacks image
  
  

• Prepares bundle (rootfs + config.json)
  
  

• Initializes metadata (but doesn't run)
  
  

---

🚀 Container Start

docker start <id>

1. dockerd tells containerd
   
   

2. containerd invokes runc to:
   
   

• Set up namespaces
  
  

• Apply cgroups
  
  

• Call execve()
  
  

---

🛑 Container Stop

docker stop <id>

• dockerd → containerd → send SIGTERM / SIGKILL to container's PID
  
  

• containerd tracks container PIDs, and reaps process after exit
  
  

---

❌ Container Delete

docker rm <id>

• containerd deletes container metadata + resources
  
  

• Removes cgroup folders, release network bridges
  
  

---

🧩 Why Did Docker Outsource to containerd?

Problem With Monolithic Docker	Solution With containerd
Difficult to integrate with Kubernetes	containerd is CRI-compliant
Hard to replace runtime like runc	containerd is runtime-agnostic
Tightly coupled container logic	Modular, reusable architecture

---

📘 So, What Exactly Is Docker Engine Today?

It’s a wrapper/orchestrator that does:

1. Image Build → buildkit
   
   

2. Lifecycle Management → containerd
   
   

3. Execution → runc via containerd
   
   

4. API → REST interface for CLI, tools
   
   

---

🧠 Interview Summary Answer

"In modern Docker, the container lifecycle (create, start, stop, delete) is technically managed by containerd. Docker Engine orchestrates the flow, and delegates these tasks to containerd, which in turn invokes a low-level OCI runtime like runc to actually create and run containers."

---

🔁 Visual Recap

[docker CLI] ─────→ [dockerd]                     |                     ↓             [containerd API]                     ↓             [containerd-shim-runc-v2]                     ↓                 [runc]                     ↓         [Linux kernel: namespaces, cgroups]

---

✅ Final Takeaway

Layer	Role
Docker CLI	Interface for user
Docker Engine	Delegator & API manager
containerd	Real container lifecycle manager
runc	Actual container executor

---

More Info:

• https://www.wallarm.com/cloud-native-products-101/docker-vs-containerd-container-runtimes
• https://www.theknowledgeacademy.com/blog/containerd-vs-docker/
• https://bluelight.co/blog/containerd-vs-docker
• https://spacelift.io/blog/containerd-vs-docker
• https://www.opcito.com/blogs/from-the-ceos-desk-deciphering-containerd