Containerd is yet another container runtime engine you can freely install on most Linux distributions and is often considered more efficient and secure than Docker. Containerd can:
- Limit memory and CPU shared allocated to containers using cgroups
- Prevent processes within a container from accessing host processes
- Extract a container image within an isolated portion of the host system
- Create UID namespaces that map to a different UID on the host
- Configure the environment variables within a container
SEE: Hiring kit: Back-end Developer (TechRepublic Premium)
By itself, containerd isn’t much help. To really make it useful as a means to deploy containers, you must add yet another piece to the puzzle: nerdctl. Let me show you how to both add nerdctl to a containerd-enabled system and then deploy a container with this combination.
What you’ll need to deploy a container with containerd and nerdctl
The only things you’ll need to make this work are a system with containerd installed — see my article on installing containerd here — and a user with sudo privileges.
How to install the necessary dependencies
There are a few dependencies to be taken care of first. First, we need to install the necessary components to allow rootless deployment. First, install uidmap with:
sudo apt-get install uidmap -y
Next, install RootlessKit with:
sudo apt-get install rootlesskit -y
How to install Nerdctl
Next, we need to install nerdctl. First, download nerdctl with:
Unpack the file with:
sudo tar Cxzvf /usr/local/bin nerdctl-0.22.2-linux-amd64.tar.gz
Test the nerdctl installation with:
It should report back:
How to configure the system for rootless
First, create a new systemd file with:
sudo nano /etc/sysctl.d/99-rootless.conf
In that file, paste the following content:
Finally, setup containerd rootless with the following command:
You should now be able to deploy your first container with containerd and nerdctl.
How to deploy a container with nerdctl
Deploying a container with nerdctl is very similar to that of Docker. For example, deploying the NXING container with Docker might look like this:
docker run --name docker-nginx -p 8080:80 -d nginx:alpine
To deploy an NGINX container with nerdctl, the command would be:
sudo nerdctl run --name nerdctl-nginx -p 8080:80 -d nginx:alpine
The biggest difference is that, out of the box, you must deploy nerdctl containers with sudo. We can avoid that by running the following two commands:
sudo sh -c "echo 1 > /proc/sys/kernel/unprivileged_userns_clone"
sudo sysctl --system
After running the above commands, you can then deploy the container with:
nerdctl run --name nerdctl-nginx -p 8080:80 -d nginx:alpine
And there you go, yet another method of deploying containers, thanks to the combination of containerd and nerdctl. Happy deploying!
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.