@yuvalapidot, osquery's docker support specifically uses the docker engine APIs, so if you are thinking of running containerd without the rest of Docker, then the docker_XXX tables in osquery won't work. Of course, as you are probably very aware, containerd is part of the docker ecosystem - see here - https://blog.docker.com/2016/04/docker-containerd-integration/.

Hey Millan, thanks a lot for the response. My problem is that I am working with a Kubernetes cluster that is using containerd runtime and I have no control over it. I am not sure whether it is better to add support in osquery for containerd specifically, or add support for Kubernetes in general.