Why containerd Matters: Architecture, Installation, and Go Demo

Docker can be abstracted as shown in the diagram (image from the internet), where container management is primarily handled by containerd .

What is containerd?

Containerd is an industrial‑grade, standard container runtime emphasizing simplicity, robustness, and portability. It manages the full container lifecycle, including image transfer and storage, execution, storage, and networking.

Manage container lifecycle (create to destroy)

Pull/push container images

Storage management for images and container data

Interact with runC to run containers

Manage container network interfaces and networking

Note: Containerd is designed to be embedded in larger systems, not used directly by developers or end users.

Why containerd is needed

Extracted as a separate project from the Docker engine (open‑source approach)

Can be used by projects such as Kubernetes CRI (standardization)

Lays the foundation for broad industry collaboration, similar to runC

Technical direction and goals

Simple gRPC‑based API and client library

Full OCI support (runtime and image spec)

Well‑defined core functions with stability and high performance

Decoupled system enabling plugin‑style extensions for image, filesystem, and runtime

Installation and running containerd

Install the latest containerd (v1.1.0) on Ubuntu 16.04. First install runC, then download and extract the containerd package:

$ sudo tar -C /usr/local -xf containerd-1.1.0.linux-amd64.tar.gz

The package provides five binaries installed to /usr/local/bin:

containerd – the runtime exposing OCI‑compliant gRPC APIs

containerd‑release and containerd‑stress – release and stress‑test tools

containerd‑shim – per‑container shim used by Docker

ctr – simple CLI for debugging containerd

Generate a default configuration file:

$ sudo su
$ mkdir /etc/containerd
$ containerd config default > /etc/containerd/config.toml

Create a systemd service file /lib/systemd/system/containerd.service with the following content:

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target

[Service]
ExecStartPre=/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Delegate=yes
KillMode=process
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity

[Install]
WantedBy=multi-user.target

Enable and start the service:

$ sudo systemctl daemon-reload
$ sudo systemctl enable containerd.service
$ sudo systemctl start containerd.service
$ sudo systemctl status containerd.service

Containerd is now installed and running.

Demo: Using containerd with Go

The following Go program demonstrates connecting to the containerd daemon, pulling a Redis image, creating a container, running it, and cleaning up.

package main

import (
    "log"
    "github.com/containerd/containerd"
)

func main() {
    if err := redisExample(); err != nil {
        log.Fatal(err)
    }
}

func redisExample() error {
    client, err := containerd.New("/run/containerd/containerd.sock")
    if err != nil {
        return err
    }
    defer client.Close()
    return nil
}

After creating the client, a namespace is set to isolate resources:

ctx := namespaces.WithNamespace(context.Background(), "demo")

Pull the Redis image from Docker Hub:

image, err := client.Pull(ctx, "docker.io/library/redis:alpine", containerd.WithPullUnpack)
if err != nil {
    return err
}

Create a container with a new snapshot and OCI spec:

container, err := client.NewContainer(
    ctx,
    "redis-server",
    containerd.WithImage(image),
    containerd.WithNewSnapshot("redis-server-snapshot", image),
    containerd.WithNewSpec(oci.WithImageConfig(image)),
)
if err != nil {
    return err
}
defer container.Delete(ctx, containerd.WithSnapshotCleanup)

Start a task for the container:

task, err := container.NewTask(ctx, cio.NewCreator(cio.WithStdio))
if err != nil {
    return err
}
defer task.Delete(ctx)

Let the container run briefly, then terminate it:

time.Sleep(3 * time.Second)
if err := task.Kill(ctx, syscall.SIGTERM); err != nil {
    return err
}
status := <-exitStatusC
code, _, err := status.Result()
if err != nil {
    return err
}
fmt.Printf("redis-server exited with status: %d
", code)

Finally, delete the task:

_, err = task.Delete(ctx)

Compile and run the demo:

$ go build main.go
$ sudo ./main

Conclusion

As container technologies become standardized, containerd will play a crucial role in the stack, likely becoming the de‑facto standard for low‑level container management, with higher‑level platforms building directly on its services.