nerdctl: Docker-compatible CLI for contaiNERD
This month we contributed nerdctl
— Docker compatible CLI — to the containerd community.
The UI/UX of nerdctl
is same as docker
and podman
. So, if you are already familiar with docker
or podman
, you are already familiar with nerdctl
as well:
$ nerdctl run -d -p 8080:80 --name=nginx --restart=always nginx
But unlike Docker and Podman, nerdctl
has several interesting features, such as:
- Running a container ahead of the completion of pulling the image (lazy-pulling)
- Running a container from an encrypted image (ocicrypt)
nerdctl
supports rootless mode as well, of course.
Why another CLI?
containerd already has its own CLI called ctr
. However, ctr
was made only for testing very low-level functionality of containerd, and hence its CLI design is not friendly to humans. So we had to create another CLI with high-level functionalities and with human-friendly UI/UX.
Notably, ctr
lacks the equivalents of the following Docker CLI commands:
docker run -p <PORT>
docker run --restart=always
docker pull
with~/.docker/config.json
and credential helper binaries such asdocker-credential-ecr-login
docker logs
All these features are present in nerdctl
.
There is also another CLI called crictl
, but its functionality and UI/UX have restrictions similar to ctr
.
A new competitor for Docker?
No. While nerdctl
has same UI/UX as Docker, competing with Docker is not the goal of nerdctl
.
The goal of nerdctl
is to facilitate experimenting the cutting-edge features of containerd that are not present in Docker. Such features include, but not limited to, lazy-pulling (stargz) and encryption of images (ocicrypt).
These features are expected to be eventually available in Docker as well, however, it is likely to take several months, or perhaps years, as Docker is currently designed to use only a small portion of the containerd subsystems. Refactoring Docker to use the entire containerd would be possible, but not straightforward. So we decided to create a new CLI that fully uses containerd, but we do not intend to complete with Docker. We have been contributing to Docker/Moby as well as containerd, and will continue to do so.
Getting started with nerdctl
The latest binary release of nerdctl
can be downloaded from https://github.com/containerd/nerdctl/releases .
Two types of distributions are available:
nerdctl-<VERSION>-linux-amd64.tar.gz
: nerdctl only. Should be extracted under/usr/local/bin
.nerdctl-full-<VERSION>-linux-amd64.tar.gz
: nerdctl with dependencies (containerd, runc, CNI, …). Should be extracted under/usr/local
.
If you already have containerd, you should use the former one. Otherwise the latter one is the best choice.
To run containerd and nerdctl as the root user:
$ sudo systemctl enable --now containerd
$ sudo nerdctl run -d -p 80:80 --name=nginx --restart=always nginx
To run containerd and nerdctl as a non-root user:
$ containerd-rootless-setuptool.sh install
$ nerdctl run -d -p 8080:80 --name=nginx --restart=always nginx
For further information, please refer to the documentation.
NTT is hiring!
We NTT are looking for engineers who work in Open Source communities like containerd, Docker/Moby, Kubernetes, and their relevant projects. Visit https://www.rd.ntt/e/sic/recruit/ to see how to join us.
私たちNTTは、containerd 、Docker/Moby、 Kubernetes などのオープンソースコミュニティで共に活動する仲間を募集しています。ぜひ弊社採用情報ページをご覧ください: https://www.rd.ntt/sic/recruit/