LinuxCommandLibrary

containerd

Run and manage containers

SYNOPSIS

containerd [OPTIONS]

PARAMETERS

-a, --address string
    Socket address for gRPC API (default: /run/containerd/containerd.sock)

-c, --config string
    Path to config TOML file (default: /etc/containerd/config.toml)

-h, --help
    Show help and exit

-l, --log-level string
    Log level: debug, info, warn, error, fatal, panic (default: info)

-r, --root string
    Path to root directory (default: /var/lib/containerd)

-s, --state string
    Path to state directory (default: /run/containerd)

-V, --version
    Print version information

--register-default-snapshotter
    Register default snapshotter on startup

--state-readonly
    Run with read-only state directory

DESCRIPTION

Containerd is an industry-standard, open-source container runtime designed for simplicity, robustness, and portability across Linux and Windows hosts. It manages the full container lifecycle, including image pulling/pushing, container creation, execution, supervision, and cleanup. As a daemon, it exposes a gRPC API over a Unix socket for clients like Docker, CRI-O, or Kubernetes' kubelet to interact with.

Key features include support for multiple container runtimes (e.g., runc), layered image storage, snapshotters for efficient image handling, and pluggable architecture via plugins (e.g., CRI for Kubernetes integration). It decouples the high-level orchestration from low-level runtime concerns, improving security and modularity.

Containerd powers major container platforms: Docker uses it as the default runtime since v1.11, and Kubernetes via containerd CRI plugin. It's lightweight, with minimal dependencies, and focuses on daemon stability. Configuration is via TOML files, allowing customization of namespaces, logging, and metrics.

Typically deployed as a systemd service, it's ideal for production environments requiring reliable container management without the overhead of full orchestrators.

CAVEATS

Daemon is typically managed by systemd (systemctl start containerd); direct runs are for testing. Requires root privileges. Client interactions use ctr tool, not this binary.

CLIENT TOOL

Use ctr for namespaces, images, containers, tasks: e.g., ctr --namespace k8s.io images ls.

CONFIGURATION

Edit /etc/containerd/config.toml for CRI plugin, snapshotters, registries. Generate default: containerd config default.

METRICS

Exposes Prometheus metrics at /metrics endpoint when configured.

HISTORY

Created by Docker Inc. in 2015 as Docker's pluggable runtime. Donated to CNCF in 2017; reached v1.0 in 2019. Graduated CNCF project in 2021. Widely adopted in Kubernetes (v1.20+ default), Docker Moby, and CRI-O.

SEE ALSO

ctr(8), runc(8), docker(1), crictl(1), systemd(1)

Copied to clipboard