containerd

containerd

history

  • Docker created containerd originally as a component of its own engine to separate “high-level” management from “low-level” execution.
  • Later, Docker donated containerd to the CNCF (Cloud Native Computing Foundation).
  • Kubernetes then adopted containerd as its runtime to remove its dependency on the full Docker daemon (the “Docker Shim” removal), because Kubernetes only needed the “running containers” part, not the full Docker UI/Network/Build stack.

So today:

  1. Docker USES containerd (as its internal engine).
  2. Kubernetes USES containerd (directly, skipping Docker).
    Both tools rely on the same underlying containerd daemon to actually manage processes and images on Linux. If you kill containerd , you break both Docker and Kubernetes on that node.

best practise

change containerd’s default data path

  1. Identify the Current Data Path

    1
    containerd config default | grep "root" # Expected output: root = "/var/lib/containerd"

  2. Modify the following lines in /etc/containerd/config.toml:

    1
    root = "/path/to/new/data/path" # the location where container data (images, volumes) is stored

  3. Move Existing Data (if required)

    1
    2
    3
    sudo systemctl stop containerd  # optional
    sudo mv /var/lib/containerd /data/containerd
    sudo systemctl start containerd

command

image

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# list k8s image
sudo ctr -n k8s.io images ls

# pull k8s image
sudo ctr -n k8s.io images pull xxx
# pull with auth
sudo ctr images pull --user username:password registry.example.com/repository/image:tag

# load tar file 
sudo ctr -n k8s.io images import /tmp/my-image.tar
# combine load tar file to specify tag image
sudo ctr -n k8s.io images import --base-name my.registry.com/myproject/my-image:v1.2.3 /path/to/image.tar

# rename tag
sudo ctr -n k8s.io images tag <old-image-name> <new-image-name>

# remove image
sudo ctr -n k8s.io images remove <name>:<tag>

container

Usage Context Command
Default Namespace ctr container ls
Kubernetes Namespace ctr -n k8s.io container ls
Check Process PIDs ctr task ls
Detailed Inspection ctr container info <id> 
1
2
3
4
5
6
7
8
# Forcefully stop the task
ctr task kill -s SIGKILL <taskName>

# Delete the Stopped Task
ctr task rm <taskName>

# Remove the Container Metadata
ctr container rm <taskName>

nerdctl

Converting your Docker command to containerd requires using either ctr (low-level tool) or nerdctl (Docker-compatible CLI). I strongly recommend using nerdctl as ctr is designed for debugging and lacks many Docker features.

nerdctl provides a Docker-compatible interface and supports the features you need.

1
2
3
4
5
6
7
8
9
10
11
# list
nerdctl ps

# exec 
nerdctl exec -it <containerID> bash

# stop
nerdctl stop <containerID>

# rm
nerdctl rm <containerID>