BestHub
Sign in
Cloud Native 9 min read

Mastering nerdctl & containerd: Image Packaging and Docker‑Compose‑Style Orchestration

This guide walks you through using nerdctl with containerd to package images, install required components, run containers, build images, and achieve Docker‑Compose‑like orchestration, providing step‑by‑step commands and tips for a smooth cloud‑native workflow.

Linux Ops Smart Journey
Linux Ops Smart Journey
Linux Ops Smart Journey
Mastering nerdctl & containerd: Image Packaging and Docker‑Compose‑Style Orchestration

Introduction

Containerization is reshaping software development and operations. Containerd, a lightweight Docker alternative, offers an efficient runtime and supports image packaging and Docker‑Compose‑like orchestration when paired with the Docker‑compatible CLI tool nerdctl.

nerdctl diagram
nerdctl diagram

nerdctl Introduction

Docker CLI compatibility – familiar commands work without learning new syntax.

Docker Compose support – can run multi‑container apps using Compose files.

Rootless mode – non‑root users can run containers for added flexibility and security.

Advanced features – image encryption (ocicrypt), P2P distribution (IPFS), signing and verification (cosign) not present in Docker.

nerdctl Installation

Besides containerd, install the following components:

CNI plugins – required for nerdctl run. Use version 1.1.0 or newer.

BuildKit (optional) – needed for nerdctl build. Use version 0.11.0 or newer.

RootlessKit and slirp4netns (optional) – for rootless mode. Recommended versions: RootlessKit ≥ v0.10.0 (prefer v2.0.0), slirp4netns ≥ v0.4.0 (prefer v1.1.7).

# Download nerdctl package
curl -SLO https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-amd64.tar.gz

# Extract and install
mkdir -p /tmp/nerdctl
tar xf nerdctl-1.7.6-linux-amd64.tar.gz -C /tmp/nerdctl
sudo cp /tmp/nerdctl/nerdctl /usr/bin
rm -rf /tmp/nerdctl

Install CNI plugins (skip if a Kubernetes network plugin is already present):

# Download CNI plugins
curl -SLO https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz

# Install binaries
sudo mkdir -p /opt/cni/bin
sudo tar xvf cni-plugins-linux-amd64-v1.5.1.tgz -C /opt/cni/bin/

Install BuildKit for image building:

# Download BuildKit
curl -SLO https://github.com/moby/buildkit/releases/download/v0.15.0/buildkit-v0.15.0.linux-amd64.tar.gz

# Extract and install
mkdir -p /tmp/buildkit
tar xvf buildkit-v0.15.0.linux-amd64.tar.gz -C /tmp/buildkit
sudo cp /tmp/buildkit/bin/* /usr/local/bin
rm -rf /tmp/buildkit

# Create systemd service files
cat <<-EOF | sudo tee /lib/systemd/system/buildkitd.service > /dev/null
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
After=buildkit.socket

[Service]
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true

[Install]
WantedBy=multi-user.target
EOF

cat <<-EOF | sudo tee /lib/systemd/system/buildkit.socket > /dev/null
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit

[Socket]
ListenStream=%t/buildkit/buildkitd.sock

[Install]
WantedBy=sockets.target
EOF

# Enable and start BuildKit
sudo systemctl daemon-reload
sudo systemctl enable --now buildkitd.service

Verification and Simple Usage

Validate the installation by running a container:

sudo nerdctl run --rm docker.1panel.live/library/hello-world

Build a custom image using a Dockerfile:

# Create Dockerfile
cat >> Dockerfile <<EOF
FROM docker.1panel.live/library/hello-world
EOF

# Build the image
sudo nerdctl build -t jiaxzeng/hello-world:v1 .

# List the built image
sudo nerdctl images jiaxzeng/hello-world:v1

Conclusion

Containerd is a key component of the cloud‑native ecosystem, offering a lightweight, high‑performance runtime. Combined with tools like nerdctl, it enables image packaging and Docker‑Compose‑style orchestration, making it a foundational technology for modern application development.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

containerdnerdctlimage packagingdocker-compose
Linux Ops Smart Journey
Written by

Linux Ops Smart Journey

The operations journey never stops—pursuing excellence endlessly.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment