Key features: P2P image distribution using IPFS, Windows containers, Recursively read-only (RRO) mounts, Rootless AppArmor, nerdctl stats
Changes
-
nerdctl run/pull/push:- Support P2P image distribution using IPFS (#505, #525, thanks to @ktock)
-
nerdctl run:- Support Windows (#197, thanks to @jsturtevant)
- Support recursive read-only (RRO) mounts, with crun >= 1.4 or runc >= 1.1:
nerdctl run -v /foo:/bar:rro,rprivate(#511) - Support loading an AppArmor profile with rootless mode (
nerdctl run --security-opt apparmor=<PROFILE>). Loading a profile still needs the root:sudo nerdctl apparmor load(#508) - Add
--blkio-weightoption (#509, thanks to @pippolo84) - Add
--cgroup-confoption (#501, thanks to @pippolo84)
-
nerdctl stats:- Add
nerdctl statscommand (#73, thanks to @fahedouch)
- Add
-
nerdctl ps:- Add
--format wideoption to show runtime info (#502, thanks to @ningmingxiao)
- Add
-
nerdctl compose:- Add
nerdctl compose pullandnerdctl compose push(#546, thanks to @afbjorklund) - Add
nerdctl compose up --no-buildoption (#547, thanks to @afbjorklund)
- Add
-
Misc:
- Unfork
github.com/spf14/{cobra,pflag}(#524) - Update the containerd client library to 1.6.0-beta.3 (#531) . Contains a mitigation for OCI Distribution Spec CVE-2021-41190 (a malicious registry implementation could trick the client to pull different images with the same OCI digest value)
- Unfork
-
nerdctl-full:
Other changes: https://github.com/containerd/nerdctl/milestone/9?closed=1
Thanks to @afbjorklund @fahedouch @hs0210 @jsturtevant @ktock @ningmingxiao @pippolo84 @seemethere @tosone
About the binaries
- Minimal (
nerdctl-0.14.0-linux-amd64.tar.gz): nerdctl only - Full (
nerdctl-full-0.14.0-linux-amd64.tar.gz): Includes dependencies such as containerd, runc, and CNI
Minimal
Extract the archive to a path like
/usr/local/bin or ~/bin .
tar Cxzvvf /usr/local/bin nerdctl-0.14.0-linux-amd64.tar.gz
-rwxr-xr-x root/root 27459584 2021-11-22 11:00 nerdctl
-rwxr-xr-x root/root 17021 2021-11-22 10:59 containerd-rootless-setuptool.sh
-rwxr-xr-x root/root 6972 2021-11-22 10:59 containerd-rootless.sh
Full
Extract the archive to a path like
See
/usr/local or ~/.local .
tar Cxzvvf /usr/local nerdctl-full-0.14.0-linux-amd64.tar.gz
drwxr-xr-x 0/0 0 2021-11-22 11:09 bin/
-rwxr-xr-x 0/0 25845982 2015-10-21 00:00 bin/buildctl
-rwxr-xr-x 0/0 38767973 2015-10-21 00:00 bin/buildkitd
-rwxr-xr-x 0/0 49291808 2021-11-18 01:06 bin/containerd
-rwxr-xr-x 0/0 9752576 2021-11-19 07:44 bin/containerd-fuse-overlayfs-grpc
-rwxr-xr-x 0/0 17021 2021-11-22 11:08 bin/containerd-rootless-setuptool.sh
-rwxr-xr-x 0/0 6972 2021-11-22 11:08 bin/containerd-rootless.sh
-rwxr-xr-x 0/0 8798208 2021-11-18 01:06 bin/containerd-shim-runc-v2
-rwxr-xr-x 0/0 56691128 2021-11-18 10:54 bin/containerd-stargz-grpc
-rwxr-xr-x 0/0 22705184 2021-11-18 01:06 bin/containerd-stress
-rwxr-xr-x 0/0 19142701 2021-11-22 11:09 bin/ctd-decoder
-rwxr-xr-x 0/0 27460704 2021-11-18 01:06 bin/ctr
-rwxr-xr-x 0/0 28009128 2021-11-22 11:09 bin/ctr-enc
-rwxr-xr-x 0/0 29106648 2021-11-18 10:54 bin/ctr-remote
-rwxr-xr-x 0/0 2461920 2021-11-22 11:09 bin/fuse-overlayfs
-rwxr-xr-x 0/0 61998400 2021-10-01 17:37 bin/ipfs
-rwxr-xr-x 0/0 27430912 2021-11-22 11:08 bin/nerdctl
-rwxr-xr-x 0/0 9130136 2021-11-08 06:46 bin/rootlessctl
-rwxr-xr-x 0/0 10555302 2021-11-08 06:46 bin/rootlesskit
-rwxr-xr-x 0/0 13482472 2021-11-22 11:08 bin/runc
-rwxr-xr-x 0/0 3669824 2021-11-22 11:09 bin/slirp4netns
drwxr-xr-x 0/0 0 2021-11-22 11:08 lib/
drwxr-xr-x 0/0 0 2021-11-22 11:08 lib/systemd/
drwxr-xr-x 0/0 0 2021-11-22 11:09 lib/systemd/system/
-rw-r--r-- 0/0 1331 2021-11-22 11:08 lib/systemd/system/buildkit.service
-rw-r--r-- 0/0 1270 2021-11-22 11:08 lib/systemd/system/containerd.service
-rw-r--r-- 0/0 312 2021-11-22 11:09 lib/systemd/system/stargz-snapshotter.service
drwxr-xr-x 0/0 0 2021-11-22 11:08 libexec/
drwxrwxr-x 0/0 0 2021-11-22 11:08 libexec/cni/
-rwxr-xr-x 0/0 3990800 2021-09-07 19:48 libexec/cni/bandwidth
-rwxr-xr-x 0/0 4409304 2021-09-07 19:48 libexec/cni/bridge
-rwxr-xr-x 0/0 9784253 2021-09-07 19:49 libexec/cni/dhcp
-rwxr-xr-x 0/0 4553440 2021-09-07 19:48 libexec/cni/firewall
-rwxr-xr-x 0/0 4009601 2021-09-07 19:48 libexec/cni/host-device
-rwxr-xr-x 0/0 3402808 2021-09-07 19:49 libexec/cni/host-local
-rwxr-xr-x 0/0 4144654 2021-09-07 19:48 libexec/cni/ipvlan
-rwxr-xr-x 0/0 2166784 2021-09-27 06:35 libexec/cni/isolation
-rwxr-xr-x 0/0 3472123 2021-09-07 19:48 libexec/cni/loopback
-rwxr-xr-x 0/0 4216875 2021-09-07 19:48 libexec/cni/macvlan
-rwxr-xr-x 0/0 3924908 2021-09-07 19:48 libexec/cni/portmap
-rwxr-xr-x 0/0 4337802 2021-09-07 19:48 libexec/cni/ptp
-rwxr-xr-x 0/0 3682127 2021-09-07 19:48 libexec/cni/sbr
-rwxr-xr-x 0/0 2967017 2021-09-07 19:49 libexec/cni/static
-rwxr-xr-x 0/0 3622640 2021-09-07 19:48 libexec/cni/tuning
-rwxr-xr-x 0/0 4140657 2021-09-07 19:48 libexec/cni/vlan
-rwxr-xr-x 0/0 3715972 2021-09-07 19:48 libexec/cni/vrf
drwxr-xr-x 0/0 0 2021-11-22 11:08 share/
drwxr-xr-x 0/0 0 2021-11-22 11:08 share/doc/
drwxr-xr-x 0/0 0 2021-11-22 11:08 share/doc/nerdctl/
-rw-r--r-- 0/0 53521 2021-11-22 10:59 share/doc/nerdctl/README.md
drwxr-xr-x 0/0 0 2021-11-22 11:08 share/doc/nerdctl/docs/
-rw-r--r-- 0/0 1848 2021-11-22 10:59 share/doc/nerdctl/docs/compose.md
-rw-r--r-- 0/0 2040 2021-11-22 10:59 share/doc/nerdctl/docs/dir.md
-rw-r--r-- 0/0 397 2021-11-22 10:59 share/doc/nerdctl/docs/experimental.md
-rw-r--r-- 0/0 1196 2021-11-22 10:59 share/doc/nerdctl/docs/freebsd.md
-rw-r--r-- 0/0 2326 2021-11-22 10:59 share/doc/nerdctl/docs/gpu.md
-rw-r--r-- 0/0 12696 2021-11-22 10:59 share/doc/nerdctl/docs/ipfs.md
-rw-r--r-- 0/0 1667 2021-11-22 10:59 share/doc/nerdctl/docs/multi-platform.md
-rw-r--r-- 0/0 3198 2021-11-22 10:59 share/doc/nerdctl/docs/ocicrypt.md
-rw-r--r-- 0/0 689 2021-11-22 10:59 share/doc/nerdctl/docs/registry.md
-rw-r--r-- 0/0 3626 2021-11-22 10:59 share/doc/nerdctl/docs/rootless.md
-rw-r--r-- 0/0 4835 2021-11-22 10:59 share/doc/nerdctl/docs/stargz.md
drwxr-xr-x 0/0 0 2021-11-22 11:09 share/doc/nerdctl-full/
-rw-r--r-- 0/0 824 2021-11-22 11:09 share/doc/nerdctl-full/README.md
-rw-r--r-- 0/0 4859 2021-11-22 11:09 share/doc/nerdctl-full/SHA256SUMS
Included components
share/doc/nerdctl-full/README.md:
# nerdctl (full distribution)
- nerdctl: v0.14.0
- containerd: v1.5.8
- runc: v1.0.2
- CNI plugins: v1.0.1
- CNI isolation plugin: v0.0.4
- BuildKit: v0.9.3
- Stargz Snapshotter: v0.10.1
- imgcrypt: v1.1.2
- RootlessKit: v0.14.6
- slirp4netns: v1.1.12
- fuse-overlayfs: v1.7.1
- containerd-fuse-overlayfs: v1.0.4
- IPFS: v0.10.0
## License
- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/v1.1.12/COPYING)
- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 3](https://github.com/containers/fuse-overlayfs/blob/v1.7.1/COPYING)
- bin/runc (Apache License 2.0) is statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE))
- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)
Quick start
Rootful
$ sudo systemctl enable --now containerd
$ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpineRootless
$ containerd-rootless-setuptool.sh install
$ nerdctl run -d --name nginx -p 8080:80 nginx:alpineEnabling cgroup v2 is highly recommended for rootless mode, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/containerd/nerdctl/actions/runs/1489828661
The sha256sum of the SHA256SUMS file itself is e6b08621ba1663d495110c1c31824c7d1e2002f224936e4386e4b36a4ad50304 .