Why nerdctl even if we have docker already?
nerdctl is yet another implementation of docker and docker-compose based and nerdctl is sub project of containerd.
It is a Docker-compatible CLI for containerd, which has same UI/UX as Docker and docker-compose have.
As we know that docker is going to be a paid subscription based on its terms and conditions, Hence lol! we have to be ready with alternate knowledge :)
If we have a knowledge of docker, then nerdctl is similar to docker but have an extra features, not only limited to this, such as
OCIcrypt.will see this terms in coming lines.
Lets remind basic things of docker to compare with a competitor
nerdctl , with docker cli we are able to build an images using dockerfile. we are able to create containers, port mapping, volume creation what not! Similarly in nerdctl we can able to perform such things too.
nerdctl consists of containerd as a container runtime, that which it used for the purpose of pulling images, creating containers. Although containerd has a cli as
nerdctl vs. ctr :
Although we have a
ctr as cli, but we are not using it as much why? the reason behind this is,
ctr is a used as cli for containerd which has low fucntionality level. It does not provided as much flexible that what docker cli does. In
ctr cli it doesn’t supports some required features as:
--restart=always policy for container.
Similarly we have other cli like
crictl which it have same features like
But all this can be supportable in
nerdctl, it do what docker does and beyond it.
nerdctl is not a domination of docker, but the aim of
nerdctl is to provide features of
containerd that not present in docker, such as lazy pulling and ocicrypt.
→ Lazy Pulling: Lazy-pulling is a technique to running containers before completion of pulling the images.
→nerdctl supports encryption and decryption using OCIcrypt (imagecrypt for containerd).
→nerdctl supports rootless mode as similar to
Lets start with nerdctl installation and usage:
For installing of nerdctl we can download binaries from, https://github.com/containerd/nerdctl/releases.
If already containerd is installed, then download nerdctl only
nerdctl-<VERSION>-linux-amd64.tar.gz , and this can be extracted under
else if required full nerdctl , then go for
nerdctl-full-<VERSION>-linux-amd64.tar.gz , which this consists of containerd, runc …, this shall be extracted under
untar the downloaded zip file under /usr/local, if it is a full nerdctl
tar Cxzvvf /usr/local nerdctl-full-<VERSION>-linux-amd64.tar.gz
Then enable the containerd
sudo systemctl enable — now containerd
Once ready with nerdctl, then we can ready to pull images, create container, exposing of container etc.
sudo nerdctl run -d -p 8000:80 --name=nginx nginx:latest
One point to be observe here, in docker if a port is allocated to any container service, the same port cannot be allocated to other container and clearly we are able to see an error message from docker daemon that “port is already allocated”, whereas in nerdctl it doesn’t, the same port is allotted to multiple services, it won’t display any error but port which occupied first by a service will serve, rest of services will not serve even if same port number allotted.
Here to build an images in nerdctl, we shall use
buildkit as a building tool for images build in nerdctl. For this we need to install buildkit for nerdctl.
Binaries for buildkit can be downloaded and extracted from releases,
After download, untar it and enable
sudo systemctl enable --name buildkit .
Now create a dockerfile as similar to in docker, then use command to build an images,
sudo nerdctl build -t <name> .
Try out experience with
nerdctl! i hope you will like it.
For more nerdctl command reference and more information, refer: