Working with Containers

nerdctl is a Docker-compatible CLI for containerd. The primary goal of nerdctl is to facilitate experimenting with cutting-edge features of containerd that are not present in Docker.

Moby is an open-source project that was created by Docker to enable and accelerate software containerization. Components include container build tools, a container registry, orchestration tools, and a runtime, and more. The Docker CLI uses the Moby runtime.

Running Containers

To run a container with the default bridge CNI network (10.4.0.0/24):

  • nerdctl
  • docker
  1. nerdctl run -it --rm alpine
  1. docker run -it --rm alpine

To build an image using BuildKit:

  • nerdctl
  • docker
  1. nerdctl build -t foo /some-dockerfile-directory
  2. nerdctl run -it --rm foo
  1. docker build -t foo /some-dockerfile-directory
  2. docker run -it --rm foo

To build and send output to a local directory using BuiltKit:

  • nerdctl
  • docker
  1. nerdctl build -o type=local,dest=. /some-dockerfile-directory
  1. docker build -o type=local,dest=. /some-dockerfile-directory

Docker Compose

Docker Compose is a tool for defining and running multi-container Docker applications.

  • nerdctl
  • docker

The nerdctl-compose CLI is designed to be compatible with docker-compose:

  1. nerdctl compose up -d
  2. nerdctl compose down

The compose command in the Docker CLI supports most of the docker-compose commands and flags. It is expected to be a drop-in replacement for docker-compose.

  1. docker compose up -d
  2. docker compose down

Exposing a Port

To expose port 8000 for a container:

  • nerdctl
  • docker
  1. nerdctl run -d -p 8000:80 nginx
  1. docker run -d -p 8000:80 nginx

You can then access the container via the browser here: http://localhost:8000/.

Note: By default the exposed ports are accessible on all network interfaces on macOS and Linux. However, on Windows, the exposed ports are currently only accessible through the localhost network interface (see issue #1180). As a workaround, you can configure a portproxy on the windows host to expose the port to additional network interfaces.

  1. netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8080 connectaddress=localhost

Targeting a Kubernetes Namespace

You may also target a Kubernetes namespace with the --namespace parameter with containerd. Please note that docker doesn’t use namespaces.

  • nerdctl
  1. nerdctl --namespace k8s.io build -t demo:latest /code/demos/rd/anvil-app
  2. nerdctl --namespace k8s.io ps