How to Deploy Containers with nerdctl
How many ways can you deploy a container? Shall we count them?
Seriously, we don’t have all day.
Really, there are more ways to deploy containers than I can count on my hands. For some, that might be a bit of an exaggeration. However, for those who like options, the idea that there are so many deployment methods is a huge plus.
For those who fall into this category, let me add one more method to your ever-growing stack of choices. Said method is via nerdctl.
How can you resist this name? You can’t, that’s the way it is.
The nerdctl command sits on top of containerd to allow containers to be deployed over this runtime. Why? Because containerd alone is not much help. In fact, you can’t deploy containers with containerd because it’s a runtime used in conjunction with other tools for this purpose.
Ergo, nerdctl.
Let’s first install containerd on an Ubuntu Server system and then add nerdctl over it. Then we provide our first container.
Why use nerdctl?
Besides the cool name, nerdctl offers features like:
- Works similar to Docker
- Supports Docker Compose
- Supports rootless mode (without Slirp overhead)
- Supports lazy pulling of images
- Supports encrypted images
- Supports P2P image distribution
- Supports signing and verifying container images
requirements
To successfully install these tools, you need a running instance of Ubuntu Server 22.04 and a user with sudo privileges. Once you have those bits in place, it’s time to get busy.
install containerd
First you need to install containerd. Before doing anything, be sure to check the Containerd download page to ensure you’re downloading the latest version of the software. At this point in time that would be 1.6.8.
Login to your instance of Ubuntu and open a terminal window. In the terminal, issue the command:
wget https://github.com/containerd/containerd/releases/download/v1.6.8/containerd-1.6.8-linux-amd64.tar.gz
wget https://github.com/containerd/containerd/releases/download/v1.6.8/containerd-1.6.8-linux-amd64.tar.gz |
Once the download is complete, unzip containerd in /usr/local with the command:
sudo tar Cxzvf /usr/local containerd-1.6.8-linux-amd64.tar.gz
sudo tar Cxzvf /etc/local containerd–1.6.8–Linux–amd64.tar.gz |
Brilliant!
Next we need to download the Runc command line tool with the command:
wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64
wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64 |
install runc with:
sudo install -m 755 runc.amd64 /usr/local/sbin/runc
sudo To install –m 755 runc.amd64 /etc/local/slut/runc |
Next we need the Container Network Interface (CNI) which can be downloaded with:
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz |
Create a new directory for CNI with:
sudo mkdir -p /opt/cni/bin
sudo mkdir –p /opt/cni/container |
Unpack CNI into the new directory with:
sudo tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
sudo tar Cxzvf /opt/cni/container cni–plugins–Linux–amd64–v1.1.1.dgz |
We now need to configure containerd. Create a directory for the configuration with:
sudo mkdir /etc/containerd
sudo mkdir /Etc/containerd |
Generate the configuration file with:
Containerd configuration default | sudo tee /etc/containerd/config.toml
containerd config Originally | sudo tea /Etc/containerd/config.Toml |
Next we need to enable the SystemdCgroup with:
sudo sed -i ‘s/SystemdCgroup \= false/SystemdCgroup \= true/g’ /etc/containerd/config.toml
sudo sed –I ‘s/SystemdCgroup \= false/SystemdCgroup \= true/g’ /Etc/containerd/config.Toml |
In order to manage the containerd service, we need to download a pre-configured systemd file with the command:
sudo curl -L https://raw.githubusercontent.com/containerd/containerd/main/containerd.service -o /etc/systemd/system/containerd.service
sudo ruffle –L https://raw.githubusercontent.com/containerd/containerd/main/containerd.service -o /etc/systemd/system/containerd.service |
Reload the systemd daemon with:
sudo systemctl daemon-reload
sudo systemctl demon–reload |
Start and activate Containerd with:
sudo systemctl enable –now containerd
sudo systemctl enable —now containerd |
Hooray! You are now ready for nerdctl
Install nerdctl
Before we can install nerdctl, we first need to add a few necessary dependencies with the command:
sudo apt-get install uidmap rootlesskit -y
sudo suitable–receive To install uidmap rootless kit –j |
When the dependencies are done, download the nerdctl file with:
wget https://github.com/containerd/nerdctl/releases/download/v0.22.2/nerdctl-0.22.2-linux-amd64.tar.gz
wget https://github.com/containerd/nerdctl/releases/download/v0.22.2/nerdctl-0.22.2-linux-amd64.tar.gz |
Extract the file to /usr/local/bin with the command:
sudo tar Cxzvf /usr/local/bin nerdctl-0.22.2-linux-amd64.tar.gz
sudo tar Cxzvf /etc/local/container nerdctl–0.22.2–Linux–amd64.tar.gz |
You should be able to verify that nerdctl is up and running with the following command:
You should see this:
Now we need to configure the system to be able to serve rootless containers. Create a systemd file with:
sudo nano /etc/sysctl.d/99-rootless.conf
sudo nano /Etc/sysctl.i.e/99–rootless.conf |
In the new file, paste the following:
kernel.unprivileged_userns_clone=1
kernel.unprivileged_users_clone=1 |
Save and close the file. To set up containerd for rootless, enter the command:
Install containerd-rootless-setuptool.sh
To run nerdctl without using sudo, run the following two commands:
sudo sh -c “echo 1 > /proc/sys/kernel/unprivileged_userns_clone” sudo sysctl –system
sudo sh –c “echo 1 > /proc/sys/kernel/unprivileged_userns_clone” sudo sysctl —system |
We are now ready to rock our first container.
Deploying a container with nerdctl
Fortunately, deploying containers with nerdctl is very similar to Docker. For example, to deploy an NGINX container using Docker, the command is:
docker run –name docker-nginx -p 8080:80 -d nginx:alpine
docker run —Surname docker–nginx –p 8080:80 –i.e nginx:alpine |
To do the same with nerdctl the command would be:
nerdctl run –name nerdctl-nginx -p 8080:80 -d nginx:alpine
nerdctl run —Surname nerdctl–nginx –p 8080:80 –i.e nginx:alpine |
Congratulations, your container deployment just got a little more nerdy (and who doesn’t appreciate that?). If you’re in a situation where containerd is the engine of choice and you want a Docker-like deployment, you can’t go wrong with nerdctl.