// the find
containerd/containerd
An open and reliable container runtime
containerd is the container runtime that sits underneath Docker and Kubernetes — it handles image pulls, container lifecycle, snapshotting, and the CRI interface that kubelets talk to. It's not something you use directly; it's something you embed or integrate with when you're building platforms, orchestrators, or dev tools that need to run containers without pulling in all of Docker.
The plugin architecture is genuinely well-designed — snapshotters (overlay, btrfs, devmapper, zfs) and runtimes (runc shim v2, kata, etc.) slot in without touching core code. The separation between ttrpc (for shim communication) and gRPC (for client-facing APIs) shows careful thought about performance on the hot path. It has real Windows support, not token Windows support — hcsshim integration and a separate Windows build pipeline. The lease system for garbage collection is one of the better solutions to the 'delete image while pulling' race condition problem.
The Go client API is stable but verbose — creating and starting a container takes 15+ lines and you have to understand snapshots, leases, and tasks as separate concepts before anything works. The ctr CLI is explicitly documented as a debugging tool, not a user-facing one, which means there's no good batteries-included story for anyone who wants containerd without Kubernetes. Documentation is scattered across docs/, the website, and the API protos with no single authoritative getting-started path for embedders. The shim protocol versioning (v2 ttrpc vs v3 gRPC) is a real compatibility headache if you're maintaining a custom runtime.