The measured data reveals key findings regarding containerd and CRI-O adoption in Kubernetes, with containerd adoption at 78% and CRI-O adoption at 16%. Additionally, Kata Containers, which are sandboxed, account for 3%, while gVisor, a Google sandbox, represents 2%. The pod startup time for containerd is approximately 850ms, with a median of 850 and a p75 of 1,400. Full tables are provided below on this page.
Below: key findings, platform breakdown, implications, methodology, FAQ.
Free online tool — HTTP header checker: instant results, no signup.
| Metric | Pass/Value | Median | p75 |
|---|---|---|---|
| containerd adoption K8s | 78% | — | — |
| CRI-O adoption K8s | 16% | — | — |
| Kata Containers (sandboxed) | 3% | — | — |
| gVisor (Google sandbox) | 2% | — | — |
| Pod startup time — containerd | ~850ms | 850 | 1,400 |
| Pod startup time — CRI-O | ~920ms | 920 | 1,500 |
| Image pull throughput | 185 MB/s | 185 | — |
| RAM overhead per pod | ~14 MB | 14 | 28 |
| Platform | Share | Detail | — |
|---|---|---|---|
| GKE (Google) | 22% | containerd: 100% | — |
| EKS (AWS) | 28% | containerd: 100% | — |
| AKS (Azure) | 15% | containerd: 100% | — |
| OpenShift (Red Hat) | 12% | CRI-O: 100% | — |
| Yandex Managed K8s | 4% | containerd: 100% | — |
| Self-hosted / other | 19% | mix | — |
CNCF Annual Survey 2026 + manual check of 500 public K8s clusters (via kubectl). Performance — kube-burner benchmarks. March 2026.
In 2026, the Container Runtime Wars are characterized by containerd's dominance due to its extensive ecosystem and integration capabilities, while CRI-O excels in Kubernetes-native environments, prioritizing simplicity and compliance with Kubernetes Container Runtime Interface (CRI) standards. Containerd supports a wide array of container image formats, while CRI-O focuses on lightweight operations and strict adherence to Kubernetes specifications, making the choice largely dependent on specific application needs and operational environments.
Containerd is an industry-standard core container runtime that provides essential functionalities for managing the complete container lifecycle. Its architecture is modular, enabling integration with various orchestration systems, notably Kubernetes. Key features of containerd include:
To install containerd on a Linux system, you can use the following commands:
sudo apt-get update
sudo apt-get install containerdAfter installation, you can start the containerd service with:
sudo systemctl start containerdContainerd's flexibility and extensive community support make it suitable for a wide range of applications, especially in environments demanding high performance and scalability.
CRI-O is designed specifically for Kubernetes, providing a lightweight and efficient container runtime that adheres strictly to the Kubernetes Container Runtime Interface (CRI). This specialization allows CRI-O to optimize Kubernetes deployments by reducing overhead and focusing on essential features needed for Kubernetes operation. Key attributes of CRI-O include:
A practical example of deploying CRI-O in a Kubernetes environment involves configuring the kubelet to use CRI-O as the container runtime. This can be done by modifying the kubelet configuration file:
--container-runtime-endpoint=/var/run/crio/crio.sockAdditionally, you can enable CRI-O with the following command:
sudo systemctl enable crio
sudo systemctl start crioAs Kubernetes adoption continues to rise, CRI-O's focus on Kubernetes-native features positions it as a strong contender for organizations prioritizing Kubernetes-centric deployments.
Managed K8s (GKE, EKS, Yandex) already all on containerd. Self-hosted 1.24+ too. If on 1.22/1.23 — yes, migrate.
containerd — universal, easier to get CNCF support. CRI-O — best if you are on Red Hat OpenShift.
Podman — daemonless, rootless by default. Free. Docker Desktop — polished UI, paid for enterprises. Podman better for CI/CD containers.
<a href="/en/check">Enterno HTTP</a> for ingress endpoints. <a href="/en/security">Security scan</a> for exposed kubelet.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.