Frequently Asked Question

Docker, Podman, LXC, containerd, what's the difference?

They are at different layers of the stack and serve different audiences. Docker is a full container platform, CLI, daemon (dockerd), build system, networking, registry client, designed for application packaging. Podman is Red Hat's drop-in CLI replacement for Docker that runs containers without a central daemon and has had rootless support from the start; if you alias docker=podman most workflows keep working. containerd is the lower-level runtime that Docker itself uses under the hood and that Kubernetes talks to directly; it does not have a friendly user- facing CLI by design. CRI-O is a similar lower-level runtime built specifically for Kubernetes. LXC, the oldest of them, predates Docker (2008) and is aimed at "system containers", long-lived containers that look more like lightweight VMs with their own init system, rather than Docker's "one process per container" model.

All five share the same OCI image format and the same kernel primitives, so they are interoperable: an image built with docker build runs unchanged under Podman, on containerd, or in a Kubernetes pod. The choice between them is mostly about workflow and operational style, daemon vs daemonless, root vs rootless, application containers vs system containers, rather than about technical compatibility.