Getting Started With Containerd 2.0

Containerd is a software that helps run and manage containers on Linux and Windows systems. Containers are isolated environments that can run applications without affecting the rest of the system. Containerd provides a way to create, start, stop, and delete containers, as well as manage their images, networks, and storage. Containerd is designed to be fast, reliable, and compatible with different platforms and tools. Containerd is used by many projects, such as Kubernetes, Docker, and Azure, to run and orchestrate containers.

Containerd has seen rapid adoption in recent years, especially among Kubernetes users, who leverage its low-level features and compatibility with the Open Container Initiative (OCI) specification.

According to Datadog’s 2023 report on real-world container use, containerd is now the second most popular container runtime after Docker, with a 32 percent share of the market. Some of the reasons for containerd’s popularity include:

• Its lightweight and modular design, which allows users to focus on the core functionality of running containers, without the overhead of unnecessary features or user interfaces.
• Its support for various cloud platforms and services, such as AWS Fargate, Google Cloud Run, and Azure Container Instances, which enable users to run serverless containers with minimal management and cost.
• Its stability and performance, which make it suitable for running large-scale and complex containerized applications, such as AI and machine learning workloads, which often require GPU-based compute.

Containerd is expected to continue its growth and innovation, as more organizations adopt containers and leverage the benefits of containerd’s architecture and features. Containerd is a core component of the Kubernetes ecosystem and aims to provide a seamless and consistent experience for users and developers.

Raising the Bar with Version 2.0

Containerd version 2.0 was re-announced at the KubeCon North America event, promising improvements that enhance containerization in terms of efficiency, security, and user-friendliness.

• Enhanced Performance: Experience lightning-fast image pulls and container startups, thanks to optimizations under the hood.
• Streamlined Runtime Integration: Choose your favorite container runtime (like runC or Kata Containers) with ease and enjoy seamless interoperability.
• Boosted Security: Rest assured knowing your containers are shielded from vulnerabilities with improved sandboxing and isolation mechanisms.
• Simplified Management: Say goodbye to complex configurations! Containerd 2.0 makes managing containers and runtimes a breeze.
• Richer Ecosystem: Dive into a thriving community of plugins and extensions that extend containerd’s capabilities to meet your specific needs.

For both captains and newbies, the new possibilities with containerd version 2.0 are promising, and this article aims to guide you on getting started with containerd 2.0.

Prerequisites

To get started with Containerd, you will need the following:

• A basic understanding of what containerd is and how it works. Check Here to learn more.
• A Linux or Windows system where you can install and run containerd. You can choose from different installation options, such as the official binaries, the apt-get or dnf packages, or building from the source. For this tutorial, we will be using Ubuntu 20.04.
• A container runtime, such as runc, that implements the OCI runtime specification. You can download runc from its official site.
• A container image registry or repository where you can pull and push images. You can use any public or private registry that supports the OCI distribution specification, such as Docker Hub or GitHub Container Registry.

These are the main prerequisites for getting started with containerd in this guide.

Getting Started With Containerd

Installing Containerd

To install the latest version of containerd on Ubuntu 20.04:

Start by updating the apt database with the following command:

sudo apt-get update

Next, after updating the apt database, install the latest version of containerd with the following command:

sudo apt-get install containerd.io

Verify the installation by running the following commands:

containerd --version
sudo systemctl status containerd

That’s it! With containerd installed and verified, you’re ready to get into the next steps: managing images, running containers, and exploring the advanced features of containerd.

Working with Images

Now that the containerd engine is running, let’s focus on image management, registry exploration, and utilizing containerd CLI for these tasks.

Image Registries

Registries act as supermarkets for container images, providing repositories with pre-built containers resembling packages. These repositories offer the necessary components to seamlessly run your applications. Public registries, like Docker Hub, offer a vast array of options, while private registries allow tailored solutions to meet specific requirements.

Containerd provides two powerful tools for this task:

• ctr: The official containerd tool, built-in with most installations.
• nerdctl: A drop-in replacement for Docker CLI commands, offering additional features and compatibility.

For this guide, we’ll use the ctr command tool.

Here’s how to pull an image from Docker Hub using ctr:

ctr images pull docker.io/library/nginx:latest

This command retrieves the latest version of the popular web server “nginx” from Docker Hub and stores it locally in containerd’s image store.

Beyond Monoliths: Layering the Image Architecture

Container images are constructed layer upon layer, each adding functionality like the base operating system, application dependencies, and your custom code. This layered approach offers several benefits:

• Efficiency: Updates only require downloading changed layers, minimizing bandwidth consumption.
• Reproducibility: Each layer has a unique content address, guaranteeing precise image builds regardless of source.

Command-Line

Let’s explore how to utilize ctr to manage your images:

• Listing images:

ctr images ls

This command provides a summary of the images along with relevant details such as their IDs, names, and sizes.

• Inspecting image layers:

ctr images inspect nginx:latest

The ctr images inspect command allows you to inspect the layers and details of a specific container image. In the example above, nginx:latest is specified to retrieve comprehensive information about the latest version of the Nginx image.

• Tagging images for convenience:

ctr images tag nginx:latest my-custom-app

To simplify referencing and usage, the ctr images tag command is used. It associates a new tag, in this example, my-custom-app, with the existing image nginx:latest. This can be beneficial for managing and organizing images within a specific context.

• Deleting unwanted images:

ctr images rm nginx:latest

You can use the ctr images rm command to remove or delete a specific container image, in this example, nginx:latest. This is useful for freeing up storage space or removing images that are no longer needed.

Remember, nerdctl offers similar commands with the same syntax as Docker CLI, making it familiar for Docker users.

Beyond the Basics

Containerd offers advanced image management capabilities, such as importing existing images, exporting specific layers, and signing images for added security. Explore the full range of possibilities through the official documentation and experiment with advanced commands to craft and maintain your image ecosystem.

With this understanding of registries, image structure, and manipulation tools, you’re well-equipped to fuel your container applications with the right images.

Running Containers

With your image repository stocked and ready, it’s time to ignite the heart of the operation – container execution.

Now, you need to create a container from the image using the ctr container create command. Specify a unique name for the container and the image reference. For example, to create a container named mycontainer from the nginx image:

ctr container create docker.io/library/nginx:latest mycontainer

After creating the container, to start the container, use the ctr task start command. Provide the container name as the argument. For example, to start the mycontainer container:

ctr task start mycontainer

To stop the container, use the ctr task kill command. Provide the container name and the signal to send to the container:

ctr task kill --signal SIGTERM mycontainer

After stopping the container, if you want to restart it, use the ctr task start command again:

ctr task start mycontainer

When you no longer need a container, you can use the ctr container delete command. Provide the container name as the argument:

ctr container delete mycontainer

Advanced Container Control

Containerd offers even deeper control over your container fleet. You can:

• Attach to running containers: To interact with a running container’s shell or processes, use the ctr tasks exec command with the -t flag:

ctr -n k8s.io tasks exec -t --exec-id my-exec my-container /bin/sh

• Log monitoring: To stream the logs of a container, use the ctr tasks logs command with the -f flag:

ctr -n k8s.io tasks logs -f my-container

• Checkpoint and restore: To create a checkpoint of a container, use the ctr snapshot create command:

ctr -n k8s.io snapshot create my-container my-checkpoint

To restore a container from a checkpoint, use the ctr snapshot restore command:

ctr -n k8s.io snapshot restore my-checkpoint my-new-container

Explore these features and unleash the full potential of container management within containerd.

Next Steps

Now that we’ve covered some basic details of containerd, your engine is primed for exciting journeys. But the exploration doesn’t end here! Embark on further learning and unleash the true potential of your containerized applications with these invaluable resources:

• Official Documentation: Dive deeper into specific features and commands through the comprehensive containerd documentation.
• Tutorials and Guides: Get hands-on experience with step-by-step tutorials and guides: Getting Started.
• Community Resources: Join the vibrant containerd community for discussions, troubleshooting, and expert advice: containerd GitHub Repository.

Containerd’s versatility caters to a wide range of applications:

• Microservices Architecture: Break down complex applications into smaller, containerized services for improved scalability and agility.
• Cloud-Native Development: Seamlessly deploy and manage containerized applications across cloud platforms.
• Continuous Integration and Delivery (CI/CD): Automate container builds, deployments, and testing for rapid development cycles.
• Machine Learning and AI: Power machine learning models and AI applications with lightweight and portable container environments.

The possibilities are limitless! Use your newfound knowledge to explore these and other captivating applications of containerd, shaping the future of software development with containerized technology.

References:

• containerd GitHub Repository
• Introduction and Deep Dive into containerd – Michael Crosby & Derek McGowan, Phil Estes & Wei Fu
• What’s New in Containerd 2.0 – Phil Estes, AWS & Derek McGowan, Independent

Further Reading