Why nerdctl even if we have docker already?

nerdctl is yet another implementation of docker and docker-compose based and nerdctl is sub project of containerd.
It is a Docker-compatible CLI for containerd, which has same UI/UX as Docker and docker-compose have.
As we know that docker is going to be a paid subscription based on its terms and conditions, Hence lol! we have to be ready with alternate knowledge :)

If we have a knowledge of docker, then nerdctl is similar to docker but have an extra features, not only limited to this, such as Lazy Pulling, OCIcrypt.will see this terms in coming lines.
Lets remind basic things of docker to compare with a competitor nerdctl , with docker cli we are able to build an images using dockerfile. we are able to create containers, port mapping, volume creation what not! Similarly in nerdctl we can able to perform such things too.

nerdctl consists of containerd as a container runtime, that which it used for the purpose of pulling images, creating containers. Although containerd has a cli as ctr .

nerdctl vs. ctr :
Although we have a ctr as cli, but we are not using it as much why? the reason behind this is, ctr is a used as cli for containerd which has low fucntionality level. It does not provided as much flexible that what docker cli does. In ctr cli it doesn’t supports some required features as:

→port publishing
→container logs
--restart=always policy for container.

Similarly we have other cli like crictl which it have same features like ctr .

But all this can be supportable in nerdctl, it do what docker does and beyond it.

nerdctl goal:
nerdctl is not a domination of docker, but the aim of nerdctl is to provide features of containerd that not present in docker, such as lazy pulling and ocicrypt.

→ Lazy Pulling: Lazy-pulling is a technique to running containers before completion of pulling the images.

→nerdctl supports encryption and decryption using OCIcrypt (imagecrypt for containerd).

→nerdctl supports rootless mode as similar to

Lets start with nerdctl installation and usage:

For installing of nerdctl we can download binaries from,

If already containerd is installed, then download nerdctl only
nerdctl-<VERSION>-linux-amd64.tar.gz , and this can be extracted under /usr/local/bin .

else if required full nerdctl , then go for nerdctl-full-<VERSION>-linux-amd64.tar.gz , which this consists of containerd, runc …, this shall be extracted under /usr/local

untar the downloaded zip file under /usr/local, if it is a full nerdctl

tar Cxzvvf /usr/local nerdctl-full-<VERSION>-linux-amd64.tar.gz

Then enable the containerd sudo systemctl enable — now containerd

Once ready with nerdctl, then we can ready to pull images, create container, exposing of container etc.

sudo nerdctl run -d -p 8000:80 --name=nginx nginx:latest

One point to be observe here, in docker if a port is allocated to any container service, the same port cannot be allocated to other container and clearly we are able to see an error message from docker daemon that “port is already allocated”, whereas in nerdctl it doesn’t, the same port is allotted to multiple services, it won’t display any error but port which occupied first by a service will serve, rest of services will not serve even if same port number allotted.

same port number used for two different containers

Here to build an images in nerdctl, we shall use buildkit as a building tool for images build in nerdctl. For this we need to install buildkit for nerdctl.
Binaries for buildkit can be downloaded and extracted from releases,
After download, untar it and enablesudo systemctl enable --name buildkit .

Now create a dockerfile as similar to in docker, then use command to build an images, sudo nerdctl build -t <name> .

Try out experience with nerdctl! i hope you will like it.

For more nerdctl command reference and more information, refer:




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Difference between Inline and Block tag in html.

Write python the right way

Setup Go with ansible for Golang programming

How to Measure UI/Page Load Time in Production

The District Weekly — November 1st

How to Use Ruby to Get CSV Headers

RSocket in Cloud Native — an SDE’s Working Note

Building My First PWA

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Krupakar Reddy

Krupakar Reddy

More from Medium

Replace Expired Red Hat Satellite Certificates

Closed Environment Temperature Control System.

Time to rethink Vulnerability management place in your security program

What is Makefile and make? How do we use it?