To learn how to work with container images and containers using containerd
In container runtime and runC hands-on lab, we have looked at the evolution of containers and their use cases with runC implementation. But with the help of runC, we can only create one container. If we have to manage multiple such runC containers we have a tool called containerd, and its command-line client called ctr.
In this hands-on lab, we will understand the basic working of containerd and ctr.
Containerd is a high-level core container runtime that Docker created. It was donated to CNCF later. It pulls images from registries, mounts storage, and creates container networking. It is a daemon process that starts, stops, and kills containers. Thus, it manages the lifecycle of containers. Software projects can use this to run containers and manage container images.
It has most of Docker’s functionality for managing containers and images, which makes it suitable for large-scale use as part of container orchestrators like Kubernetes.
Containerd follows and supports OCI standards. It also supports Container Runtime Interface (CRI), a Kubernetes specification, which helps run multiple container runtimes in a cluster.
Comparison between Containerd and Docker
Docker provides many features to run and manage containers, and one of them is Docker Engine, an advanced container runtime with developer tools.
Containerd is also a container runtime out of Docker, and Docker Engine uses containerd behind the scenes. Docker Engine is a high-level container engine, while containerd is a low-level container engine mainly suitable for automated mechanisms.
Installation of Containerd
Hands-on plays an important role to understand the concept thoroughly so you can Install containerd as compatible to your machine’s operating system and proceed further. Alternatively, you can also use VM on top of your OS and install ubuntu Linux distribution and follow this blog.
- For ubuntu-based distribution, install it via apt
apt update && apt install -y containerd
Now, confirm the installation by running the following command:
containerd installation comes with the following downstream dependencies:
- runC : to run containers
- ctr : A CLI for containerd
- containerd-shim : to support daemonless (containers can either be run as root or in rootless mode) containers
In Linux, Services are managed using the
systemctl command. We can use systemctl commands to manage our containers or pods as services. Run the following command to check the status of containerd service.
systemctl status containerd
On the successful start of containerd, you will see the following output on
Interaction with Containerd
Containerd contains a command-line tool
ctr that can issue commands against containerd daemon. To get started, we can look over the available ctr commands:
As we have installed containerd and its dependencies, we can now interact with it using ctr.
There are other CLI tools other than ctr to communicate with containers, such as crictl and nerdctl.
Image Operations with Containerd ctr
- Pull an image from the docker registry. While pulling the image, a fully-qualified repository URL is required, which must include a registry and tag.
ctr images pull docker.io/library/nginx:latest
ctr images pull docker.io/library/golang:latest
- List out the images
ctr images ls
For listing the images with names, then use the
-q flag with the above command.
ctr images ls -q
There are many complex cases where we need to explore the image itself. For that, we need to mount the image locally into the system.
- With ctr, we can also mount images for future exploration
mkdir /tmp/golang ctr images mount docker.io/library/golang:latest /tmp/golang ls -l /tmp/golang/
You can now see the library files and explore them easily.
If you are willing to unmount the image, then you can use the
ctr images unmount /tmp/golang command.
- To delete the images, use the
ctr images rm docker.io/library/golang:latest
Container Operations with Containerd ctr
- To create a container with containerd ctr
However, unlike docker, we need to provide a unique container ID. Run the following command to create a container.
ctr container create docker.io/library/nginx:latest nginx_ctr
This would create a container with container id, nginx_ctr, based on the image that we have used.
- List out the containers
ctr containers ls
- To run a container via containerd, create a task of the container, whereas in docker, the
docker startcommand is used.
ctr task start nginx_ctr
- List the tasks
ctr task ls
It is interesting to know that we can use the
ctr run command as a shortcut for the
ctr container create +
ctr task start. Try it by running the following command.
ctr run -d docker.io/library/nginx:latest nginx_web
You can execute the following commands to verify container and task creation.
ctr container ls
ctr task ls
- Like docker, we can interact with the container with ctr through the following command.
ctr task exec -t --exec-id bash_1 nginx_web bash
Now you are inside the container, run the following command to verify that the nginx server is running:
You should be able to see the output as:
- To check the usage of the metrics by the task
ctr task metrics nginx_web
- Before removing a container, it is necessary to stop all the tasks. Run the following command to stop the task nginx_web.
ctr task kill nginx_web
Finally, to remove the container, run:
ctr container rm nginx_web
In this hands-on lab, we have seen the most widely used container runtime interface, containerd, its installation, and how to work with container images and containers using ctr.