Interview Kubernetes, Docker, Helm & Podman

What is the difference between Docker and containerd?

Kubernetes, Docker, Helm & Podman · Advanced level

Answer

Docker is a full developer-facing container platform with CLI, API, build, networking, and image management. containerd is a lower-level container runtime used by Kubernetes through CRI and by Docker under the hood for container lifecycle.

Technical explanation

Kubernetes removed direct Docker runtime dependence in favor of CRI runtimes, which is why containerd is common on modern clusters.

Developers can still use Docker to build images that run on containerd because both use OCI image/runtime standards.

Container image quality affects supply chain, startup time, vulnerability surface, rollout reliability, and debugging workflows.

Prefer reproducible builds: pinned dependencies, small build context, deterministic Dockerfile order, non-root runtime, and immutable image references.

Understand the runtime boundary: an image is not a VM, and container isolation depends on kernel, namespaces, cgroups, capabilities, seccomp, and mounts.

Hands-on example

1. Create a tiny sample app and Dockerfile for this exercise: compare Docker CLI workflow with containerd/CRI usage in Kubernetes nodes.

2. Build and inspect it with docker build or podman build, docker history, image inspect, and a vulnerability or size scan if available.

3. Run it locally with explicit env vars, ports, user, volumes, and signal tests depending on the question.

4. Convert the final runtime assumptions into Kubernetes fields such as image, command, args, ports, securityContext, probes, and volumeMounts.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More Kubernetes, Docker, Helm & Podman interview questions

← All Kubernetes, Docker, Helm & Podman questions