A container is a lightweight, portable environment that packages an application along with everything it needs to run. Unlike Virtual Machine Virtualization, a container shares the host operating system’s kernel, since they only virtualize the OS layer.
Runtimes
A container runtime is the software responsible for running and managing containers. Runtimes come in different forms, from low-level tools to higher level platforms.
runC is one of those runtimes; in a Linux context, it is like the engine for a container: it runs the container itself but doesn’t to much else. Access and management is often accomplished via containerd. On the high level end of the spectrum there are tools like Docker, which is a full platform that interacts with the other tools.
runC
runC is a lightweight command-line tool that creates and runs containers directly from the command line. In comparison with stuff like Docker et al., runC strips away all automation and uses the raw process of starting a container, although it is rarely used in production workloads beyond troubleshooting or custom image solutions.
containerd
containerd is a runtime that handles the entire lifecycle of a container, including pulling images, managing storage, containers, and even network interfaces. It uses runC under the hood, but provides a higher level API and runs as a daemon. It is also not generally accessed directly, but interfaced with via applications like Docker or Kubernetes.
Docker
Docker is the most well-known container platform that includes everything needed to build, run, and manage containers. See Docker.
Podman
Podman is similar to Docker, and even has a similar command structure. The primary difference is that Podman allows for running containers as a regular user (without root privileges). This enhances the security of the system.
Additionally, Podman works well with systemd, which allows containers to be managed like traditional Linux services.