How to deploy a container with containerd and nerdctl

Jack Wallen shows you how to deploy a container using the containerd/nerdctl combination on Ubuntu Server 22.04.

Two software developers holding laptop with coding interface approach desk and sit down
Image: DC Studio/Adobe Stock

Containerd is another container runtime engine that you can freely install on most Linux distributions, and is often considered more efficient and secure than Docker. Containerd can:

  • Limit the memory and shared CPU allocated to containers using cgroups
  • Prevent processes inside a container from accessing host processes
  • Extract a container image to an isolated part of the host system
  • Create UID namespaces that map to a different UID on the host
  • Configure the environment variables inside a container

SEE: Hire Kit: Backend Developer (TechRepublic Premium)

Containerd alone isn’t much help. To make it really useful as a container deployment tool, you need to add one more piece to the puzzle: nerdctl. Let me show you how to add nerdctl to a containerd-enabled system and then deploy a container with that combination.

What you need to deploy a container with containerd and nerdctl

The only things you need for this to work is a system with containerd installed – see my article on installing containerd here – and a user with sudo privileges.

How to install the required dependencies

First some dependencies have to be taken care of. First we need to install the necessary components to enable rootless deployment. First install uidmap with:

Read  How to Draw and Retain Top Talent in Cyber Security

sudo apt-get install uidmap -y

Next, install RootlessKit with:

sudo apt-get install rootlesskit -y

How to install nerdctl

Next we need to install nerdctl. First download nerdctl with:

wget https://github.com/containerd/nerdctl/releases/download/v0.22.2/nerdctl-0.22.2-linux-amd64.tar.gz

Unzip the file with:

sudo tar Cxzvf /usr/local/bin nerdctl-0.22.2-linux-amd64.tar.gz

Test the nerdctl installation with:

which nerdctl

It should report back:

/usr/local/bin/nerdctl

How to configure the system for rootless

First, create a new systemd file with:

sudo nano /etc/sysctl.d/99-rootless.conf

In this file, paste the following content:

kernel.unprivileged_userns_clone=1

Finally, set up containerd rootless with the following command:

containerd-rootless-setuptool.sh install

You should now be able to deploy your first container using containerd and nerdctl.

How to deploy a container with nerdctl

Deploying a container with nerdctl is very similar to Docker. For example, deploying the NXING container with Docker could look like this:

docker run --name docker-nginx -p 8080:80 -d nginx:alpine

To deploy an NGINX container with nerdctl the command is:

sudo nerdctl run --name nerdctl-nginx -p 8080:80 -d nginx:alpine

The biggest difference is that by default you have to deploy nerdctl containers with sudo. We can avoid this by running the following two commands:

sudo sh -c "echo 1 > /proc/sys/kernel/unprivileged_userns_clone"
sudo sysctl --system

After running the above commands, you can then deploy the container with:

nerdctl run --name nerdctl-nginx -p 8080:80 -d nginx:alpine

There you go, another method of deploying containers, thanks to the combination of containerd and nerdctl. Have fun deploying!

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for the latest tech advice for business professionals from Jack Wallen.

Leave a Comment

Your email address will not be published.