SlideShare a Scribd company logo

[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose implementation, based on containerd

A
Akihiro Suda

nerdctl is a Docker-compatible CLI for containerd that provides the same UI/UX as Docker and Docker Compose. It supports features like lazy pulling via Stargz and encrypted images via OCIcrypt that are not yet available in Docker. While containerd includes ctr and crictl for debugging, nerdctl aims to be a full-featured CLI for container and image management with Docker-like usability. It can run on Linux, macOS via Lima virtual machines, and is working on native Windows support.

Software
1 of 23
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
nerdctl: yet another Docker & Docker Compose implementation, based on containerd Akihiro Suda, NTT Paris Container Day (June 2-3, 2021) github.com/containerd/nerdctl
What is nerdctl? • Docker-compatible CLI for containerd • Same UI/UX as Docker & Docker Compose • Supports lazy-pulling (Stargz) • Supports encrypted images (OCIcrypt) • Also supports rootless mode, of course ☺ 2
Demo 3 $ nerdctl run … $ nerdctl compose up …
What is containerd? • The universal container runtime • Used by Docker, Kubernetes, BuildKit, faasd, etc. 4 Docker Kubernetes nerdctl runc Linux kernel
Why another Docker-like CLI? 5 • Docker partially uses containerd, but not fully • Docker cannot support recent innovations in the containerd ecosystem • Lazy-pulling (Stargz) • Encryption (OCIcrypt) • …
Why another Docker-like CLI? 6 Runtime Subsystem Image Subsystem Docker nerdctl runc Stargz OCIcrypt Unavailable for Docker
Why another Docker-like CLI? 7 • So we had to create a new CLI for the containerd-native ecosystem • Designed to be Docker-compatible so that users do not need to learn something new
What about ctr? crictl? 8 • ctr: the CLI included in containerd • crictl: the CLI for Kubernetes CRI API • Unlike nerdctl, ctr and crictl were made solely for debugging purpose
What about ctr? crictl? 9 • ctr lacks lots of features • docker run -p • docker run --restart=always • docker pull, with ~/.docker/config.json • docker logs … • crictl has similar restrictions, too • nerdctl provides all these features
The goal is to defeat Docker…? • No • The goal is to provide a comfortable environment for playing around with the modern ecosystem of containerd • Lazy-pulling, OCIcrypt, … • These features are expected to be available in Docker as well, eventually (but not soon) https://github.com/moby/moby/pull/41002 10
Lazy-pulling • Lazy-pulling means running a container ahead of completion of pulling its image from the registry • With a new image format: eStargz • Forked from Stargz: Seekable tar gz ( https://github.com/google/crfs ) • Compatible with the legacy Docker/OCI format • https://github.com/containerd/stargz-snapshotter 11
Lazy-pulling 12 https://github.com/containerd/stargz-snapshotter/blob/v0.6.1/docs/images/benchmarking-result-ecdb227.png
Demo: lazy-pulling 13 $ nerdctl --snapshotter=stargz …
OCIcrypt • Transparently encrypt and decrypted images • Tolerant to leakage of private images on a registry • https://github.com/containers/ocicrypt 14
nerdctl on macOS (for Linux containers) • Lima: Linux virtual machines on macOS (The name may change in future) https://github.com/AkihiroSuda/lima • Made for containerd & nerdctl • Supports filesystem sharing & port forwarding • Similar to WSL2 15
Demo: nerdctl on macOS 16 $ lima start $ lima nerdctl run …
nerdctl on macOS (for Linux containers) • Hypervisor: QEMU with HVF accelerator • Intel Mac: no patch is needed • ARM Mac: QEMU needs to be patched https://lists.gnu.org/archive/html/qemu-devel/2021-05/msg06220.html • File system sharing • Current implementation: “Reverse SSHFS” (sshfs –o slave) • Future: virtio-9p-pci • Port forwarding • The guest agent daemon watches /proc/net/tcp, per 3 seconds • The host agent runs `ssh –L` on demand to set up port forwarding 17
nerdctl on Windows • Known to work on WSL2 for running Linux containers • Native support for Windows is in progress (Thanks to James Sturtevant) https://github.com/containerd/nerdctl/pull/197 18
Recap 19 • Docker-compatible CLI for containerd • Same UI/UX as Docker & Docker Compose • Supports lazy-pulling (Stargz) • Supports encrypted images (OCIcrypt) • Also supports rootless mode, of course ☺
Getting started 20 • https://github.com/containerd/nerdctl/releases • nerdctl-full-<VERSION>-linux-amd64.tar.gz contains all the dependencies (containerd, runc, …)
Getting started 21 $ sudo systemctl enable --now containerd $ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine Rootful : Rootless (more secure) : $ containerd-rootless-setuptool.sh install $ nerdctl run -d --name nginx -p 8080:80 nginx:alpine 80:80 is typically prohibited for non-root users, so use 8080:80
Further information 22 • https://github.com/containerd/nerdctl • #containerd channel of CNCF slack ( https://slack.cncf.io )
• Fahed Dorgaa • Shishir Mahajan • Sho Haraki • Wei Fu • Dax McDonald • Kohei Tokunaga • Jack Kelly • Andrey Platonov • James Sturtevant • Sherif Mowafy • Alex Ellis • Matt Thalman • Hu Shuai • Jian Zeng • Harshvardhan Karn • Gaurav Gahlot Thanks to contributors! 23 https://github.com/containerd/nerdctl/graphs/contributors

More Related Content

PDF
Containerd + buildkit breakout
Docker, Inc.
 
PDF
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
PDF
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Nalee Jang
 
PDF
오픈스택 멀티노드 설치 후기
영우 김
 
PDF
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
PPTX
Kubernetes 101 for Beginners
Oktay Esgul
 
PDF
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
PDF
Ansible
Rahul Bajaj
 
Containerd + buildkit breakout
Docker, Inc.
 
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Nalee Jang
 
오픈스택 멀티노드 설치 후기
영우 김
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
Kubernetes 101 for Beginners
Oktay Esgul
 
Continuous Lifecycle London 2018 Event Keynote
Weaveworks
 
Ansible
Rahul Bajaj
 

What's hot (20)

PDF
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
PDF
Rootless Containers
Akihiro Suda
 
PPTX
Docker and kubernetes_introduction
Jason Hu
 
ODP
Introduction to Ansible
Knoldus Inc.
 
PDF
Kubernetes
erialc_w
 
PPT
Red Hat Ansible 적용 사례
Opennaru, inc.
 
PDF
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
PDF
OpenStackトラブルシューティング入門
VirtualTech Japan Inc.
 
PPTX
Nginx勉強会
Yuji Otani
 
PDF
Kubernetes - A Comprehensive Overview
Bob Killen
 
PDF
Persistent Storage with Containers with Kubernetes & OpenShift
Red Hat Events
 
PDF
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
PDF
Introduction to eBPF
RogerColl2
 
PDF
Linux Profiling at Netflix
Brendan Gregg
 
PDF
Ansible Automation to Rule Them All
Tim Fairweather
 
PPTX
쿠버네티스 ( Kubernetes ) 소개 자료
Opennaru, inc.
 
PDF
Ansible - Introduction
Stephane Manciot
 
PDF
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
HostedbyConfluent
 
PDF
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
Open Source Consulting
 
PDF
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
Jo Hoon
 
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
Rootless Containers
Akihiro Suda
 
Docker and kubernetes_introduction
Jason Hu
 
Introduction to Ansible
Knoldus Inc.
 
Kubernetes
erialc_w
 
Red Hat Ansible 적용 사례
Opennaru, inc.
 
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
OpenStackトラブルシューティング入門
VirtualTech Japan Inc.
 
Nginx勉強会
Yuji Otani
 
Kubernetes - A Comprehensive Overview
Bob Killen
 
Persistent Storage with Containers with Kubernetes & OpenShift
Red Hat Events
 
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
Introduction to eBPF
RogerColl2
 
Linux Profiling at Netflix
Brendan Gregg
 
Ansible Automation to Rule Them All
Tim Fairweather
 
쿠버네티스 ( Kubernetes ) 소개 자료
Opennaru, inc.
 
Ansible - Introduction
Stephane Manciot
 
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
HostedbyConfluent
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
Open Source Consulting
 
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
Jo Hoon
 
Ad

Similar to [Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose implementation, based on containerd (20)

PDF
[Container Plumbing Days 2023] Why was nerdctl made?
Akihiro Suda
 
PDF
20240320 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
PDF
containerdの概要と最近の機能
Kohei Tokunaga
 
PDF
20241113 [KubeCon NA Pavilion] containerd.pdf
Akihiro Suda
 
PDF
[KubeConNA2023] containerd pavilion
Akihiro Suda
 
PDF
20250403 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
PDF
[KubeCon EU 2020] containerd Deep Dive
Akihiro Suda
 
PDF
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
Akihiro Suda
 
PDF
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
PDF
[KubeConEU2023] containerd pavilion
Akihiro Suda
 
PPTX
containerd the universal container runtime
Docker, Inc.
 
PDF
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
PPTX
Docker containerd Kubernetes sig node
Patrick Chanezon
 
PDF
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud
 
PDF
Docker_AGH_v0.1.3
Witold 'Ficio' Kopel
 
PDF
The internals and the latest trends of container runtimes
Akihiro Suda
 
PPTX
ABCs of docker
Sabyrzhan Tynybayev
 
PDF
Leveraging the Power of containerd Events - Evan Hazlett
Docker, Inc.
 
PDF
Introduction to Docker and Containers
Docker, Inc.
 
PDF
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
dotCloud
 
[Container Plumbing Days 2023] Why was nerdctl made?
Akihiro Suda
 
20240320 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
containerdの概要と最近の機能
Kohei Tokunaga
 
20241113 [KubeCon NA Pavilion] containerd.pdf
Akihiro Suda
 
[KubeConNA2023] containerd pavilion
Akihiro Suda
 
20250403 [KubeCon EU Pavilion] containerd.pdf
Akihiro Suda
 
[KubeCon EU 2020] containerd Deep Dive
Akihiro Suda
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
Akihiro Suda
 
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
[KubeConEU2023] containerd pavilion
Akihiro Suda
 
containerd the universal container runtime
Docker, Inc.
 
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
Docker containerd Kubernetes sig node
Patrick Chanezon
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud
 
Docker_AGH_v0.1.3
Witold 'Ficio' Kopel
 
The internals and the latest trends of container runtimes
Akihiro Suda
 
ABCs of docker
Sabyrzhan Tynybayev
 
Leveraging the Power of containerd Events - Evan Hazlett
Docker, Inc.
 
Introduction to Docker and Containers
Docker, Inc.
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
dotCloud
 
Ad

More from Akihiro Suda (20)

PDF
20250616 [KubeCon JP 2025] VexLLM - Silence Negligible CVE Alerts Using LLM.pdf
Akihiro Suda
 
PDF
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
PDF
20250402 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
PDF
20241115 [KubeCon NA Pavilion] Lima.pdf_
Akihiro Suda
 
PDF
【情報科学若手の会 (2024/09/14】なぜオープンソースソフトウェアにコントリビュートすべきなのか
Akihiro Suda
 
PDF
【Vuls祭り#10 (2024/08/20)】 VexLLM: LLMを用いたVEX自動生成ツール
Akihiro Suda
 
PDF
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
Akihiro Suda
 
PDF
20240321 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
PDF
20240201 [HPC Containers] Rootless Containers.pdf
Akihiro Suda
 
PDF
[Podman Special Event] Kubernetes in Rootless Podman
Akihiro Suda
 
PDF
[KubeConNA2023] Lima pavilion
Akihiro Suda
 
PDF
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
Akihiro Suda
 
PDF
[CNCF TAG-Runtime] Usernetes Gen2
Akihiro Suda
 
PDF
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
Akihiro Suda
 
PDF
[KubeConEU2023] Lima pavilion
Akihiro Suda
 
PDF
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
Akihiro Suda
 
PDF
[CNCF TAG-Runtime 2022-10-06] Lima
Akihiro Suda
 
PPTX
Dockerからcontainerdへの移行
Akihiro Suda
 
PDF
[Docker Tokyo #35] Docker 20.10
Akihiro Suda
 
PDF
DockerとPodmanの比較
Akihiro Suda
 
20250616 [KubeCon JP 2025] VexLLM - Silence Negligible CVE Alerts Using LLM.pdf
Akihiro Suda
 
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
20250402 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
20241115 [KubeCon NA Pavilion] Lima.pdf_
Akihiro Suda
 
【情報科学若手の会 (2024/09/14】なぜオープンソースソフトウェアにコントリビュートすべきなのか
Akihiro Suda
 
【Vuls祭り#10 (2024/08/20)】 VexLLM: LLMを用いたVEX自動生成ツール
Akihiro Suda
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
Akihiro Suda
 
20240321 [KubeCon EU Pavilion] Lima.pdf_
Akihiro Suda
 
20240201 [HPC Containers] Rootless Containers.pdf
Akihiro Suda
 
[Podman Special Event] Kubernetes in Rootless Podman
Akihiro Suda
 
[KubeConNA2023] Lima pavilion
Akihiro Suda
 
[DockerConハイライト] OpenPubKeyによるイメージの署名と検証.pdf
Akihiro Suda
 
[CNCF TAG-Runtime] Usernetes Gen2
Akihiro Suda
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
Akihiro Suda
 
[KubeConEU2023] Lima pavilion
Akihiro Suda
 
[FOSDEM2023] Bit-for-bit reproducible builds with Dockerfile
Akihiro Suda
 
[CNCF TAG-Runtime 2022-10-06] Lima
Akihiro Suda
 
Dockerからcontainerdへの移行
Akihiro Suda
 
[Docker Tokyo #35] Docker 20.10
Akihiro Suda
 
DockerとPodmanの比較
Akihiro Suda
 

Recently uploaded (20)

PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 

[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose implementation, based on containerd

  • 1. nerdctl: yet another Docker & Docker Compose implementation, based on containerd Akihiro Suda, NTT Paris Container Day (June 2-3, 2021) github.com/containerd/nerdctl
  • 2. What is nerdctl? • Docker-compatible CLI for containerd • Same UI/UX as Docker & Docker Compose • Supports lazy-pulling (Stargz) • Supports encrypted images (OCIcrypt) • Also supports rootless mode, of course ☺ 2
  • 3. Demo 3 $ nerdctl run … $ nerdctl compose up …
  • 4. What is containerd? • The universal container runtime • Used by Docker, Kubernetes, BuildKit, faasd, etc. 4 Docker Kubernetes nerdctl runc Linux kernel
  • 5. Why another Docker-like CLI? 5 • Docker partially uses containerd, but not fully • Docker cannot support recent innovations in the containerd ecosystem • Lazy-pulling (Stargz) • Encryption (OCIcrypt) • …
  • 6. Why another Docker-like CLI? 6 Runtime Subsystem Image Subsystem Docker nerdctl runc Stargz OCIcrypt Unavailable for Docker
  • 7. Why another Docker-like CLI? 7 • So we had to create a new CLI for the containerd-native ecosystem • Designed to be Docker-compatible so that users do not need to learn something new
  • 8. What about ctr? crictl? 8 • ctr: the CLI included in containerd • crictl: the CLI for Kubernetes CRI API • Unlike nerdctl, ctr and crictl were made solely for debugging purpose
  • 9. What about ctr? crictl? 9 • ctr lacks lots of features • docker run -p • docker run --restart=always • docker pull, with ~/.docker/config.json • docker logs … • crictl has similar restrictions, too • nerdctl provides all these features
  • 10. The goal is to defeat Docker…? • No • The goal is to provide a comfortable environment for playing around with the modern ecosystem of containerd • Lazy-pulling, OCIcrypt, … • These features are expected to be available in Docker as well, eventually (but not soon) https://github.com/moby/moby/pull/41002 10
  • 11. Lazy-pulling • Lazy-pulling means running a container ahead of completion of pulling its image from the registry • With a new image format: eStargz • Forked from Stargz: Seekable tar gz ( https://github.com/google/crfs ) • Compatible with the legacy Docker/OCI format • https://github.com/containerd/stargz-snapshotter 11
  • 13. Demo: lazy-pulling 13 $ nerdctl --snapshotter=stargz …
  • 14. OCIcrypt • Transparently encrypt and decrypted images • Tolerant to leakage of private images on a registry • https://github.com/containers/ocicrypt 14
  • 15. nerdctl on macOS (for Linux containers) • Lima: Linux virtual machines on macOS (The name may change in future) https://github.com/AkihiroSuda/lima • Made for containerd & nerdctl • Supports filesystem sharing & port forwarding • Similar to WSL2 15
  • 16. Demo: nerdctl on macOS 16 $ lima start $ lima nerdctl run …
  • 17. nerdctl on macOS (for Linux containers) • Hypervisor: QEMU with HVF accelerator • Intel Mac: no patch is needed • ARM Mac: QEMU needs to be patched https://lists.gnu.org/archive/html/qemu-devel/2021-05/msg06220.html • File system sharing • Current implementation: “Reverse SSHFS” (sshfs –o slave) • Future: virtio-9p-pci • Port forwarding • The guest agent daemon watches /proc/net/tcp, per 3 seconds • The host agent runs `ssh –L` on demand to set up port forwarding 17
  • 18. nerdctl on Windows • Known to work on WSL2 for running Linux containers • Native support for Windows is in progress (Thanks to James Sturtevant) https://github.com/containerd/nerdctl/pull/197 18
  • 19. Recap 19 • Docker-compatible CLI for containerd • Same UI/UX as Docker & Docker Compose • Supports lazy-pulling (Stargz) • Supports encrypted images (OCIcrypt) • Also supports rootless mode, of course ☺
  • 20. Getting started 20 • https://github.com/containerd/nerdctl/releases • nerdctl-full-<VERSION>-linux-amd64.tar.gz contains all the dependencies (containerd, runc, …)
  • 21. Getting started 21 $ sudo systemctl enable --now containerd $ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine Rootful : Rootless (more secure) : $ containerd-rootless-setuptool.sh install $ nerdctl run -d --name nginx -p 8080:80 nginx:alpine 80:80 is typically prohibited for non-root users, so use 8080:80
  • 22. Further information 22 • https://github.com/containerd/nerdctl • #containerd channel of CNCF slack ( https://slack.cncf.io )
  • 23. • Fahed Dorgaa • Shishir Mahajan • Sho Haraki • Wei Fu • Dax McDonald • Kohei Tokunaga • Jack Kelly • Andrey Platonov • James Sturtevant • Sherif Mowafy • Alex Ellis • Matt Thalman • Hu Shuai • Jian Zeng • Harshvardhan Karn • Gaurav Gahlot Thanks to contributors! 23 https://github.com/containerd/nerdctl/graphs/contributors