v0.18.0
nerdctl build
now supports local images in FROM ...
lines of a Dockerfile, when BuildKit (>= 0.10) is configured to use containerd worker.
Changes
-
nerdctl build
:- Support using containerd worker, for efficiency and for supporting local base images (#858 #928, thanks to @ktock)
-
nerdctl network create
:- Switch away from CNI
isolation
plugin tofirewall
plugin (>= 1.1.0), withingressPolicy
(#838). nerdctl still uses the deprecatedisolation
plugin when it is installed. It is highly recommended to uninstallisolation
plugin and installfirewall
plugin (>= 1.1.0) instead. Thefirewall
plugin is included in the official CNI plugins.
- Switch away from CNI
-
nerdctl run
: -
nerdctl namespace
:- Add
nerdctl namespace (create|inspect|remove|update)
commands (#874, thanks to @ningmingxiao)
- Add
-
nerdctl push
: -
Misc:
- Update containerd library to 1.6.2 (#927). Contains fix for
CVE-2022-24769: "Default inheritable capabilities for linux container should be empty"
(low severity) - Update the build pipeline to use Go 1.18 (#914, thanks to @junnplus)
- Update containerd library to 1.6.2 (#927). Contains fix for
-
nerdctl-full:
Full changes: https://github.com/containerd/nerdctl/milestone/15?closed=1
Thanks to @junnplus @Zheaoli @cpuguy83 @fahedouch @ktock @ningmingxiao
About the binaries
- Minimal (
nerdctl-0.18.0-linux-amd64.tar.gz
): nerdctl only - Full (
nerdctl-full-0.18.0-linux-amd64.tar.gz
): Includes dependencies such as containerd, runc, and CNI
Minimal
Extract the archive to a path like /usr/local/bin
or ~/bin
.
tar Cxzvvf /usr/local/bin nerdctl-0.18.0-linux-amd64.tar.gz
-rwxr-xr-x root/root 27471872 2022-03-25 13:09 nerdctl
-rwxr-xr-x root/root 21502 2022-03-25 13:09 containerd-rootless-setuptool.sh
-rwxr-xr-x root/root 6972 2022-03-25 13:09 containerd-rootless.sh
Full
Extract the archive to a path like /usr/local
or ~/.local
.
tar Cxzvvf /usr/local nerdctl-full-0.18.0-linux-amd64.tar.gz
drwxr-xr-x 0/0 0 2022-03-25 13:21 bin/
-rwxr-xr-x 0/0 25356617 2015-10-21 00:00 bin/buildctl
-rwxr-xr-x 0/0 39639750 2015-10-21 00:00 bin/buildkitd
-rwxr-xr-x 0/0 3339352 2022-03-25 13:16 bin/bypass4netns
-rwxr-xr-x 0/0 4984832 2022-03-25 13:17 bin/bypass4netnsd
-rwxr-xr-x 0/0 52210360 2022-03-25 13:19 bin/containerd
-rwxr-xr-x 0/0 9752576 2021-11-19 07:44 bin/containerd-fuse-overlayfs-grpc
-rwxr-xr-x 0/0 21502 2022-03-25 13:17 bin/containerd-rootless-setuptool.sh
-rwxr-xr-x 0/0 6972 2022-03-25 13:17 bin/containerd-rootless.sh
-rwxr-xr-x 0/0 9646080 2022-03-25 13:19 bin/containerd-shim-runc-v2
-rwxr-xr-x 0/0 58658840 2022-03-16 02:19 bin/containerd-stargz-grpc
-rwxr-xr-x 0/0 19495886 2022-03-25 13:21 bin/ctd-decoder
-rwxr-xr-x 0/0 26135224 2022-03-25 13:18 bin/ctr
-rwxr-xr-x 0/0 28255212 2022-03-25 13:21 bin/ctr-enc
-rwxr-xr-x 0/0 28884376 2022-03-16 02:19 bin/ctr-remote
-rwxr-xr-x 0/0 2461616 2022-03-25 13:21 bin/fuse-overlayfs
-rwxr-xr-x 0/0 67859168 2022-03-17 21:18 bin/ipfs
-rwxr-xr-x 0/0 27439104 2022-03-25 13:17 bin/nerdctl
-rwxr-xr-x 0/0 9491380 2022-03-25 10:40 bin/rootlessctl
-rwxr-xr-x 0/0 10907799 2022-03-25 10:40 bin/rootlesskit
-rwxr-xr-x 0/0 13365008 2022-03-25 13:17 bin/runc
-rwxr-xr-x 0/0 3669824 2022-03-25 13:21 bin/slirp4netns
drwxr-xr-x 0/0 0 2022-03-25 13:21 lib/
drwxr-xr-x 0/0 0 2022-03-25 13:21 lib/systemd/
drwxr-xr-x 0/0 0 2022-03-25 13:21 lib/systemd/system/
-rw-r--r-- 0/0 1331 2022-03-25 13:21 lib/systemd/system/buildkit.service
-rw-r--r-- 0/0 1270 2022-03-25 13:16 lib/systemd/system/containerd.service
-rw-r--r-- 0/0 312 2022-03-25 13:21 lib/systemd/system/stargz-snapshotter.service
drwxr-xr-x 0/0 0 2022-03-25 13:21 libexec/
drwxrwxr-x 0/0 0 2022-03-25 13:21 libexec/cni/
-rwxr-xr-x 0/0 3780654 2022-03-09 17:08 libexec/cni/bandwidth
-rwxr-xr-x 0/0 4221977 2022-03-09 17:08 libexec/cni/bridge
-rwxr-xr-x 0/0 9742834 2022-03-09 17:08 libexec/cni/dhcp
-rwxr-xr-x 0/0 4345726 2022-03-09 17:08 libexec/cni/firewall
-rwxr-xr-x 0/0 3811793 2022-03-09 17:08 libexec/cni/host-device
-rwxr-xr-x 0/0 3241605 2022-03-09 17:08 libexec/cni/host-local
-rwxr-xr-x 0/0 3922560 2022-03-09 17:08 libexec/cni/ipvlan
-rwxr-xr-x 0/0 3295519 2022-03-09 17:08 libexec/cni/loopback
-rwxr-xr-x 0/0 3959868 2022-03-09 17:08 libexec/cni/macvlan
-rwxr-xr-x 0/0 3679140 2022-03-09 17:08 libexec/cni/portmap
-rwxr-xr-x 0/0 4092460 2022-03-09 17:08 libexec/cni/ptp
-rwxr-xr-x 0/0 3484284 2022-03-09 17:08 libexec/cni/sbr
-rwxr-xr-x 0/0 2818627 2022-03-09 17:08 libexec/cni/static
-rwxr-xr-x 0/0 3379564 2022-03-09 17:08 libexec/cni/tuning
-rwxr-xr-x 0/0 3920827 2022-03-09 17:08 libexec/cni/vlan
-rwxr-xr-x 0/0 3523475 2022-03-09 17:08 libexec/cni/vrf
drwxr-xr-x 0/0 0 2022-03-25 13:17 share/
drwxr-xr-x 0/0 0 2022-03-25 13:17 share/doc/
drwxr-xr-x 0/0 0 2022-03-25 13:17 share/doc/nerdctl/
-rw-r--r-- 0/0 65691 2022-03-25 13:09 share/doc/nerdctl/README.md
drwxr-xr-x 0/0 0 2022-03-25 13:17 share/doc/nerdctl/docs/
-rw-r--r-- 0/0 3953 2022-03-25 13:09 share/doc/nerdctl/docs/build.md
-rw-r--r-- 0/0 3996 2022-03-25 13:09 share/doc/nerdctl/docs/cni.md
-rw-r--r-- 0/0 1927 2022-03-25 13:09 share/doc/nerdctl/docs/compose.md
-rw-r--r-- 0/0 3062 2022-03-25 13:09 share/doc/nerdctl/docs/config.md
-rw-r--r-- 0/0 3192 2022-03-25 13:09 share/doc/nerdctl/docs/cosign.md
-rw-r--r-- 0/0 2359 2022-03-25 13:09 share/doc/nerdctl/docs/dir.md
-rw-r--r-- 0/0 537 2022-03-25 13:09 share/doc/nerdctl/docs/experimental.md
-rw-r--r-- 0/0 13802 2022-03-25 13:09 share/doc/nerdctl/docs/faq.md
-rw-r--r-- 0/0 1306 2022-03-25 13:09 share/doc/nerdctl/docs/freebsd.md
-rw-r--r-- 0/0 2405 2022-03-25 13:09 share/doc/nerdctl/docs/gpu.md
-rw-r--r-- 0/0 13215 2022-03-25 13:09 share/doc/nerdctl/docs/ipfs.md
-rw-r--r-- 0/0 1748 2022-03-25 13:09 share/doc/nerdctl/docs/multi-platform.md
-rw-r--r-- 0/0 3277 2022-03-25 13:09 share/doc/nerdctl/docs/ocicrypt.md
-rw-r--r-- 0/0 14159 2022-03-25 13:09 share/doc/nerdctl/docs/registry.md
-rw-r--r-- 0/0 5368 2022-03-25 13:09 share/doc/nerdctl/docs/rootless.md
-rw-r--r-- 0/0 4918 2022-03-25 13:09 share/doc/nerdctl/docs/stargz.md
drwxr-xr-x 0/0 0 2022-03-25 13:21 share/doc/nerdctl-full/
-rw-r--r-- 0/0 1039 2022-03-25 13:21 share/doc/nerdctl-full/README.md
-rw-r--r-- 0/0 5348 2022-03-25 13:21 share/doc/nerdctl-full/SHA256SUMS
Included components
See share/doc/nerdctl-full/README.md
:
# nerdctl (full distribution)
- nerdctl: v0.18.0
- containerd: v1.6.2
- runc: v1.1.0
- CNI plugins: v1.1.1
- BuildKit: v0.10.0
- Stargz Snapshotter: v0.11.3
- imgcrypt: v1.1.4
- RootlessKit: v1.0.0
- slirp4netns: v1.1.12
- bypass4netns: v0.2.2
- fuse-overlayfs: v1.8.2
- containerd-fuse-overlayfs: v1.0.4
- IPFS: v0.12.1
## License
- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/v1.1.12/COPYING)
- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 3](https://github.com/containers/fuse-overlayfs/blob/v1.8.2/COPYING)
- bin/ipfs: [Combination of MIT-only license and dual MIT/Apache-2.0 license](https://github.com/ipfs/go-ipfs/blob/v0.12.1/LICENSE)
- bin/{runc,bypass4netns,bypass4netnsd}: Apache License 2.0, statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE), source code available at https://github.com/seccomp/libseccomp/)
- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)
Quick start
Rootful
$ sudo systemctl enable --now containerd
$ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine
Rootless
$ containerd-rootless-setuptool.sh install
$ nerdctl run -d --name nginx -p 8080:80 nginx:alpine
Enabling cgroup v2 is highly recommended for rootless mode, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/containerd/nerdctl/actions/runs/2040124371
The sha256sum of the SHA256SUMS file itself is 32ac32d88716610d582546a6b26e6443ac80746e0d635f987bfb5d5ab4fe5d6e
.