nerdctl is a Docker-compatible CLI for containerd.
To run a container with the default CNI network (10.4.0.0/16):
# nerdctl run -it --rm alpineTo build an image using BuildKit:
# nerdctl build -t foo .
# nerdctl run -it --rm fooTo list Docker containers:
# nerdctl --namespace moby ps -aTo list Kubernetes containers:
# nerdctl --namespace k8s.io ps -aBinaries are available for amd64, arm64, and arm-v7: https://github.com/AkihiroSuda/nerdctl/releases
In addition to containerd, the following components should be installed (optional):
- CNI plugins: for internet connectivity.
- BuildKit: for using
nerdctl build. BuildKit daemon (buildkitd) needs to be running.
The goal of nerdctl is to facilitate experimenting the cutting-edge features of containerd that are not present in Docker.
Such features includes, but not limited to, lazy-pulling and encryption of images.
Also, nerdctl might be potentially useful for debugging Kubernetes clusters, but it is not the primary goal.
ctr: incompatible with Docker, and not friendly to userscrictl: incompatible with Docker, not friendly to users, and does not support non-CRI features- k3c: needs an extra daemon, and does not support non-CRI features
- PouchContainer: needs an extra daemon
Run:
nerdctl run-i-t(WIP: currently -t requires -i, and conflicts with -d)-d--restart=(no|always)--rm--network=(bridge|host|none)-p, --publish(WIP: currently TCP only)--dns-h, --hostname--pull=(always|missing|never)--cpus--memory--pids-limit--cgroupns=(host|private)-u, --user--security-opt seccomp--security-opt apparmor--security-opt no-new-privileges--privileged--runtime-v, --volume--read-only-w, --workdir
Container management:
-
nerdctl ps-a, --all: Show all containers (default shows just running)--no-trunc: Don't truncate output-q, --quiet: Only display container IDs
-
nerdctl rm-f
-
nerdctl stop
Build:
nerdctl build-t, --tag--target--build-arg--no-cache--progress--secret--ssh
Image management:
-
nerdctl images-q, --quiet: Only show numeric IDs--no-trunc: Don't truncate output
-
nerdctl pull -
nerdctl load -
nerdctl tag -
nerdctl rmi
System:
nerdctl infonerdctl version
Lots of commands and flags are currently missing. Pull requests are highly welcome.
- Namespacing as in
kubectl --namespace=<NS>:nerdctl --namespace=<NS> ps - Lazy-pulling using Stargz Snapshotter:
nerdctl --snapshotter=stargz run
Features ported from Podman:
- Specifying a non-image rootfs:
nerdctl run -it --rootfs <ROOTFS> /bin/sh
Run make && sudo make install.
Using go get github.com/AkihiroSuda/nerdctl is possible, but unrecommended because it does not fill version strings printed in nerdctl version
- Please certify your Developer Certificate of Origin (DCO), by signing off your commit with
git commit -sand with your real name.