To learn how to work with container images and containers using containerd
In container runtime and runC hands-on lab, we have looked at the evolution of containers and their use cases with runC implementation. But with the help of runC, we can only create one container. If we have to manage multiple such runC containers we have a tool called containerd, and its command-line client called ctr.
In this hands-on lab, we will understand the basic working of containerd and ctr.
Containerd is a high-level core container runtime that Docker created. It was donated to CNCF later. It pulls images from registries, mounts storage, and creates container networking. It is a daemon process that starts, stops, and kills containers. Thus, it manages the lifecycle of containers. Software projects can use this to run containers and manage container images.
It has most of Docker’s functionality for managing containers and images, which makes it suitable for large-scale use as part of container orchestrators like Kubernetes.
Containerd follows and supports OCI standards. It also supports Container Runtime Interface (CRI), a Kubernetes specification, which helps run multiple container runtimes in a cluster.
Comparison between Containerd and Docker
Docker provides many features to run and manage containers, and one of them is Docker Engine, an advanced container runtime with developer tools.
Containerd is also a container runtime out of Docker, and Docker Engine uses containerd behind the scenes. Docker Engine is a high-level container engine, while containerd is a low-level container engine mainly suitable for automated mechanisms.
Installation of Containerd
Hands-on plays an important role to understand the concept thoroughly so you can Install containerd as compatible to your machine’s operating system and proceed further. Alternatively, you can also use VM on top of your OS and install ubuntu Linux distribution and follow this blog.
- For ubuntu-based distribution, install it via apt
apt update && apt install -y containerd
Now, confirm the installation by running the following command:
containerd --help
containerd installation comes with the following downstream dependencies:
- runC : to run containers
- ctr : A CLI for containerd
- containerd-shim : to support daemonless (containers can either be run as root or in rootless mode) containers
Managing Containerd
In Linux, Services are managed using the systemctl
command. We can use systemctl commands to manage our containers or pods as services. Run the following command to check the status of containerd service.
systemctl status containerd
On the successful start of containerd, you will see the following output on status
command.
Interaction with Containerd
Containerd contains a command-line tool ctr
that can issue commands against containerd daemon. To get started, we can look over the available ctr commands:
ctr --help
As we have installed containerd and its dependencies, we can now interact with it using ctr.
There are other CLI tools other than ctr to communicate with containers, such as crictl and nerdctl.
Image Operations with Containerd ctr
- Pull an image from the docker registry. While pulling the image, a fully-qualified repository URL is required, which must include a registry and tag.
ctr images pull docker.io/library/nginx:latest
ctr images pull docker.io/library/golang:latest
- List out the images
ctr images ls
For listing the images with names, then use the -q
flag with the above command.
ctr images ls -q
There are many complex cases where we need to explore the image itself. For that, we need to mount the image locally into the system.
- With ctr, we can also mount images for future exploration
mkdir /tmp/golang ctr images mount docker.io/library/golang:latest /tmp/golang ls -l /tmp/golang/
You can now see the library files and explore them easily.
If you are willing to unmount the image, then you can use the ctr images unmount /tmp/golang
command.
- To delete the images, use the
rm
command.
ctr images rm docker.io/library/golang:latest
Container Operations with Containerd ctr
- To create a container with containerd ctr
However, unlike docker, we need to provide a unique container ID. Run the following command to create a container.
ctr container create docker.io/library/nginx:latest nginx_ctr
This would create a container with container id, nginx_ctr, based on the image that we have used.
- List out the containers
ctr containers ls
- To run a container via containerd, create a task of the container, whereas in docker, the
docker start
command is used.
ctr task start nginx_ctr
- List the tasks
ctr task ls
It is interesting to know that we can use the ctr run
command as a shortcut for the ctr container create
+ ctr task start
. Try it by running the following command.
ctr run -d docker.io/library/nginx:latest nginx_web
You can execute the following commands to verify container and task creation.
ctr container ls
ctr task ls
- Like docker, we can interact with the container with ctr through the following command.
ctr task exec -t --exec-id bash_1 nginx_web bash
Now you are inside the container, run the following command to verify that the nginx server is running:
curl 127.0.0.1:80
You should be able to see the output as:
- To check the usage of the metrics by the task
ctr task metrics nginx_web
- Before removing a container, it is necessary to stop all the tasks. Run the following command to stop the task nginx_web.
ctr task kill nginx_web
Finally, to remove the container, run:
ctr container rm nginx_web
Conclusion
In this hands-on lab, we have seen the most widely used container runtime interface, containerd, its installation, and how to work with container images and containers using ctr.