Mastering nerdctl & containerd: Image Packaging and Docker‑Compose‑Style Orchestration
This guide walks you through using nerdctl with containerd to package images, install required components, run containers, build images, and achieve Docker‑Compose‑like orchestration, providing step‑by‑step commands and tips for a smooth cloud‑native workflow.
Introduction
Containerization is reshaping software development and operations. Containerd, a lightweight Docker alternative, offers an efficient runtime and supports image packaging and Docker‑Compose‑like orchestration when paired with the Docker‑compatible CLI tool nerdctl.
nerdctl Introduction
Docker CLI compatibility – familiar commands work without learning new syntax.
Docker Compose support – can run multi‑container apps using Compose files.
Rootless mode – non‑root users can run containers for added flexibility and security.
Advanced features – image encryption (ocicrypt), P2P distribution (IPFS), signing and verification (cosign) not present in Docker.
nerdctl Installation
Besides containerd, install the following components:
CNI plugins – required for
nerdctl run. Use version 1.1.0 or newer.
BuildKit (optional) – needed for
nerdctl build. Use version 0.11.0 or newer.
RootlessKit and slirp4netns (optional) – for rootless mode. Recommended versions: RootlessKit ≥ v0.10.0 (prefer v2.0.0), slirp4netns ≥ v0.4.0 (prefer v1.1.7).
<code># Download nerdctl package
curl -SLO https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-amd64.tar.gz
# Extract and install
mkdir -p /tmp/nerdctl
tar xf nerdctl-1.7.6-linux-amd64.tar.gz -C /tmp/nerdctl
sudo cp /tmp/nerdctl/nerdctl /usr/bin
rm -rf /tmp/nerdctl</code>Install CNI plugins (skip if a Kubernetes network plugin is already present):
<code># Download CNI plugins
curl -SLO https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz
# Install binaries
sudo mkdir -p /opt/cni/bin
sudo tar xvf cni-plugins-linux-amd64-v1.5.1.tgz -C /opt/cni/bin/</code>Install BuildKit for image building:
<code># Download BuildKit
curl -SLO https://github.com/moby/buildkit/releases/download/v0.15.0/buildkit-v0.15.0.linux-amd64.tar.gz
# Extract and install
mkdir -p /tmp/buildkit
tar xvf buildkit-v0.15.0.linux-amd64.tar.gz -C /tmp/buildkit
sudo cp /tmp/buildkit/bin/* /usr/local/bin
rm -rf /tmp/buildkit
# Create systemd service files
cat <<-EOF | sudo tee /lib/systemd/system/buildkitd.service > /dev/null
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
After=buildkit.socket
[Service]
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
EOF
cat <<-EOF | sudo tee /lib/systemd/system/buildkit.socket > /dev/null
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Socket]
ListenStream=%t/buildkit/buildkitd.sock
[Install]
WantedBy=sockets.target
EOF
# Enable and start BuildKit
sudo systemctl daemon-reload
sudo systemctl enable --now buildkitd.service</code>Verification and Simple Usage
Validate the installation by running a container:
<code>sudo nerdctl run --rm docker.1panel.live/library/hello-world</code>Build a custom image using a Dockerfile:
<code># Create Dockerfile
cat >> Dockerfile <<EOF
FROM docker.1panel.live/library/hello-world
EOF
# Build the image
sudo nerdctl build -t jiaxzeng/hello-world:v1 .
# List the built image
sudo nerdctl images jiaxzeng/hello-world:v1</code>Conclusion
Containerd is a key component of the cloud‑native ecosystem, offering a lightweight, high‑performance runtime. Combined with tools like nerdctl, it enables image packaging and Docker‑Compose‑style orchestration, making it a foundational technology for modern application development.
Linux Ops Smart Journey
The operations journey never stops—pursuing excellence endlessly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.