https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Sat, 16 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-16-container-runtime-alternatives-2026-containerd-cri-o-podman-runc-gvisor-kata-youki-wasmedge-firecracker-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-container-runtime-alternatives-2026-containerd-cri-o-podman-runc-gvisor-kata-youki-wasmedge-firecracker-deep-dive.en The container runtime landscape in 2026 is no longer Docker-centric. Kubernetes removed dockershim in 1.24, and containerd 2.0 and CRI-O 1.31 have become the cluster default. On developer workstations Podman 5 and Docker 27 coexist, and on Mac, Orbstack and Rancher Desktop are taking share. Multi-tenant SaaS uses gVisor and Kata Containers for hardened isolation, while serverless platforms boot AWS Firecracker MicroVMs in ~125 ms. WebAssembly runtimes WasmEdge, Wasmtime and Wasmer entered Kubernetes via the runwasi shim, and Confidential Containers now encrypt memory using AMD SEV-SNP and Intel TDX. This guide covers OCI 1.2, youki (Rust), crun (C), gVisor user-space kernel, Cloud Hypervisor, Spin, WasmCloud, and Edera Protect — and explains which runtime to choose for which workload. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) englishcontainer-runtimecontainerdcri-opodmanruncgvisorkata-containersyoukiwasmedgefirecrackerdockerkubernetes https://www.youngju.dev/blog/culture/2026-05-16-container-runtime-alternatives-2026-containerd-cri-o-podman-runc-gvisor-kata-youki-wasmedge-firecracker-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-container-runtime-alternatives-2026-containerd-cri-o-podman-runc-gvisor-kata-youki-wasmedge-firecracker-deep-dive.ja 2026年のコンテナランタイムはもう Docker 一強ではない。Kubernetes は 1.24 で dockershim を取り外し、containerd 2.0 と CRI-O 1.31 がクラスタ標準となった。ローカル開発では Podman 5 と Docker 27 が並走し、Mac では Orbstack と Rancher Desktop がシェアを伸ばす。マルチテナント SaaS は gVisor と Kata Containers で隔離を厚くし、サーバーレスは AWS Firecracker MicroVM 上で 125ms 起動を実現する。WebAssembly ランタイム WasmEdge・Wasmtime・Wasmer は runwasi shim 経由で Kubernetes に正式に入り、Confidential Containers は AMD SEV-SNP と Intel TDX でメモリまで暗号化する。本稿は OCI 1.2 仕様から youki(Rust)・crun(C)・gVisor ユーザ空間カーネル・Cloud Hypervisor・Spin・WasmCloud・Edera Protect まで、どのランタイムをいつ選ぶかを一気に整理する。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) 日本語container-runtimecontainerdcri-opodmanruncgvisorkata-containersyoukiwasmedgefirecrackerdockerkubernetes https://www.youngju.dev/blog/culture/2026-05-16-container-runtime-alternatives-2026-containerd-cri-o-podman-runc-gvisor-kata-youki-wasmedge-firecracker-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-container-runtime-alternatives-2026-containerd-cri-o-podman-runc-gvisor-kata-youki-wasmedge-firecracker-deep-dive 2026년 컨테이너 런타임 세계는 더 이상 Docker 일변도가 아니다. Kubernetes는 1.24에서 dockershim을 제거했고, containerd 2.0과 CRI-O 1.31이 클러스터 표준이 됐다. 로컬 개발에서는 Podman 5와 Docker 27이 공존하고, Mac에서는 Orbstack과 Rancher Desktop이 인기다. 멀티테넌트 SaaS는 gVisor와 Kata Containers로 격리를 강화하고, 서버리스는 AWS Firecracker MicroVM 위에서 125ms 부팅을 달성한다. WebAssembly 런타임 WasmEdge·Wasmtime·Wasmer는 runwasi shim을 통해 K8s에 들어왔고, Confidential Containers는 AMD SEV-SNP와 Intel TDX로 메모리까지 암호화한다. 이 글은 OCI 1.2 스펙부터 youki(Rust) · crun(C) · gVisor 유저스페이스 커널 · Cloud Hypervisor · Spin · WasmCloud · Edera Protect까지, 어떤 런타임을 언제 골라야 하는지 한 번에 정리한다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) container-runtimecontainerdcri-opodmanruncgvisorkata-containersyoukiwasmedgefirecrackerdockerkubernetes https://www.youngju.dev/blog/culture/2026-05-16-container-runtimes-containerd-runc-podman-cri-o-kata-gvisor-firecracker-wasm-2026-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-container-runtimes-containerd-runc-podman-cri-o-kata-gvisor-firecracker-wasm-2026-deep-dive.en A full-stack tour of production container runtimes as of May 2026. We cover containerd (de facto Kubernetes CRI), low-level OCI runtimes runc, crun, and youki, the alternative CRI CRI-O, the rootless/daemonless trio Podman + Buildah + Skopeo, lightweight-VM isolation with Kata Containers 3.x, Google userspace kernel gVisor, AWS microVM Firecracker, Wasm runtimes WasmEdge, wasmtime, and runwasi entering Kubernetes, image builders BuildKit, kaniko, buildah, jib, ko, and Buildpacks, plus real adoption stories from Korea and Japan. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) container-runtimecontainerdruncpodmancri-okata-containersgvisorfirecrackerwasmwasmedgebuildkitocidockerrootless https://www.youngju.dev/blog/culture/2026-05-16-container-runtimes-containerd-runc-podman-cri-o-kata-gvisor-firecracker-wasm-2026-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-container-runtimes-containerd-runc-podman-cri-o-kata-gvisor-firecracker-wasm-2026-deep-dive.ja 2026年5月時点の本番コンテナランタイムをフルスタックで整理する。Kubernetes の事実上の標準 containerd、低レベル OCI ランタイム runc・crun・youki、代替 CRI である CRI-O、ルートレス・デーモンレスの三点セット Podman + Buildah + Skopeo、軽量 VM 隔離の Kata Containers 3.x、Google のユーザー空間カーネル gVisor、AWS のマイクロ VM Firecracker、Kubernetes に入ってきた Wasm ランタイム WasmEdge・wasmtime・runwasi、イメージビルダー BuildKit・kaniko・buildah・jib・ko・Buildpacks、そして韓国と日本の実例までを一本でまとめる。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) container-runtimecontainerdruncpodmancri-okata-containersgvisorfirecrackerwasmwasmedgebuildkitocidockerrootless https://www.youngju.dev/blog/culture/2026-05-16-container-runtimes-containerd-runc-podman-cri-o-kata-gvisor-firecracker-wasm-2026-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-container-runtimes-containerd-runc-podman-cri-o-kata-gvisor-firecracker-wasm-2026-deep-dive 2026년 5월 기준 프로덕션 컨테이너 런타임 풀스택을 끝까지 본다. Kubernetes의 사실상 표준 containerd, OCI 저수준 런타임 runc · crun · youki, 대안 CRI인 CRI-O, 데스크톱·서버에서 도커 엔진을 대체한 Podman + Buildah + Skopeo, 경량 VM 격리 Kata Containers 3.x, Google의 사용자공간 커널 gVisor, AWS의 마이크로 VM Firecracker, K8s에 진입한 Wasm 런타임 WasmEdge·wasmtime·runwasi, 이미지 빌드 BuildKit·kaniko·buildah·jib·ko·Buildpacks, 그리고 한국·일본 사례까지 한 글에서 정리한다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) container-runtimecontainerdruncpodmancri-okata-containersgvisorfirecrackerwasmwasmedgebuildkitocidockerrootless