Regarding oci-runtime, like runc/crun/kata/etc, does containerd use 1 oci-runtime per container or multiple containers share with a single oci-runtime?
Eg. In this graph, is it right or left in general condition?
I don’t know how the second would work. Runc can run one container, not two and not three.
Containerd runs as a deamon and starts a containerd-shim process which uses runc to create a container, but the containerd-shim becomes the parent of the container process.
For example:
pstree -p -s -T 7678
systemd(1)───containerd-shim(7656)───httpd(7678)─┬─httpd(7692)
├─httpd(7693)
└─httpd(7694)
On your diagram the “container” circles are the processes isolated using kernel namespaces. “runc” rectangles would exist only temporarily and the “containerd-shim-runc-v2” processes are missing from the diagram as final parents of the container processes.
1 Like