v2.0.0-rc.3
Pre-releaseChanges
nerdctl v2 enables "detach-netns" for Rootless mode by default (#2723).
This will bring:
- Faster and more stable
nerdctl pull
,nerdctl push
,nerdctl build
, etc - Proper support for
nerdctl pull 127.0.0.1:.../...
- Proper support for
nerdctl run --net=host
Depends on RootlessKit >= v2.0 and BuildKit >= v0.13 (included in nerdctl-full-*.tar.gz
).
Note
After upgrading nerdctl (rootless mode) from v1.x to v2.x, it is highly recommended to
re-install the systemd units and the configurations:
containerd-rootless-setuptool.sh uninstall
rm -rf ~/.config/{nerdctl,buildkit}
containerd-rootless-setuptool.sh install
CONTAINERD_NAMESPACE=default containerd-rootless-setuptool.sh install-buildkit-containerd
Other major changes:
nerdctl run
:- Added
--systemd
flag for running systemd in containers flag (#2785, thanks to @sazzy4o) - Added
--ipc=(shareable|container:<container>)
flag (#2757, thanks to @minuk-dev) - Added
--annotation
flag (#2906)- Now
nerdctl run --label
is only set as a containerd label and not propagated as an OCI annotation. A label with thenerdctl/
prefix can no longer be set manually, with an exception fornerdctl/bypass4netns
. Thenerdctl/bypass4netns
label is still allowed and is propagated to an OCI annotation, for sake of compatibility.
- Now
- Added
--sig-proxy
flag (#3043, thanks to @CodeChanning) - Propagate image labels to container labels (not to container annotations) (#3023, thanks to @yankay)
- Added
--attach
flag (#3157, thanks to @CodeChanning) - The restriction for
--name
is relaxed to support longer names (#3279, thanks to @Shubhranshu153) - Added
--security-opt systempaths=unconfined
flag (#3533, thanks to @austinvazquez) - Added
--network ns:<PATH>
flag (#3538, thanks to @dancavallaro) - Added the support for oci-layout image references (#3537, thanks to @austinvazquez)
- Added
nerdctl build
:- Added
--attest
,--sbom
, and--provenance
flags (#2786, thanks to @yankay) - Added
--pull
flag (#3074, thanks to @sondavidb) - Added the support for Windows (#2587, thanks to @TBBle)
- Added the support for oci-layout build contexts (#3327, thanks to @austinvazquez)
- Added
nerdctl ps
:- JSON type of
--format=json
is changed for better Docker compatibility (#2987, #3058, thanks to @apostasie and @yankay)
- JSON type of
nerdctl inspect
:- Added
--size
flag (#3021, thanks to @apostasie)
- Added
nerdctl network
:- The networks are now aware of containerd namespaces. i.e.,
nerdctl --namespace=foo network list
no longer shows networks created withnerdctl --namespace=bar network create
(#3096, thanks to @apostasie) - Enhanced support for DHCP (#3001, thanks to @apostasie)
- The networks are now aware of containerd namespaces. i.e.,
nerdctl compose up
:- Added
--abort-on-container-exit
flag (#2873, thanks to @alegrey91)
- Added
nerdctl builder prune
:- Added
--all
flag (#3316, thanks to @austinvazquez) - Added
--force
flag (#3316, thanks to @austinvazquez)
- Added
nerdctl image prune
:- Added
--filter
flag (#3319, thanks to @austinvazquez)
- Added
nerdctl image load
:- Added
--quiet
flag (#3551, thanks to @austinvazquez)
- Added
- nerdct-full:
- Misc:
- Refactoring and stability improvements (Many PRs, thanks to @apostasie et al.)
- And more!
Full changes: https://github.com/containerd/nerdctl/milestone/37?closed=1
Thanks to @CerberusQc @CodeChanning @Iceber @Shikachuu @Shubhranshu153 @TBBle @THLIVSQAZ @TinaMor @abitrolly @alegrey91 @apostasie @austinvazquez @bobcallaway @cezar-r @chews93319 @curlwget @dancavallaro @djdongjin @dmcgowan @fahedouch @frits-v @fwilhe2 @haytok @jmpargana @kebe7jun @ktock @lingdie @manugupt1 @midnight-wonderer @minuk-dev @monirul @pendo324 @qianxi0410 @roman-kiselenko @sazzy4o @sondavidb @testwill @thaJeztah @xyz-li @yankay @zjumoon01 @zwpaper
Compatible containerd versions
This release of nerdctl is expected to be used with containerd v1.6, v1.7, or v2.0.
About the binaries
- Minimal (
nerdctl-2.0.0-rc.3-linux-amd64.tar.gz
): nerdctl only - Full (
nerdctl-full-2.0.0-rc.3-linux-amd64.tar.gz
): Includes dependencies such as containerd, runc, and CNI
Minimal
Extract the archive to a path like /usr/local/bin
or ~/bin
.
tar Cxzvvf /usr/local/bin nerdctl-2.0.0-rc.3-linux-amd64.tar.gz
-rwxr-xr-x root/root 26316952 2024-10-24 12:51 nerdctl
-rwxr-xr-x root/root 22657 2024-10-24 12:50 containerd-rootless-setuptool.sh
-rwxr-xr-x root/root 8708 2024-10-24 12:50 containerd-rootless.sh
Full
Extract the archive to a path like /usr/local
or ~/.local
.
tar Cxzvvf /usr/local nerdctl-full-2.0.0-rc.3-linux-amd64.tar.gz
drwxr-xr-x 0/0 0 2024-10-24 12:58 bin/
-rwxr-xr-x 0/0 29866025 2015-10-21 00:00 bin/buildctl
-rwxr-xr-x 0/0 23724032 2022-09-05 09:52 bin/buildg
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-LICENSE -> ../libexec/cni/LICENSE
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-README.md -> ../libexec/cni/README.md
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-bandwidth -> ../libexec/cni/bandwidth
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-bridge -> ../libexec/cni/bridge
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-dhcp -> ../libexec/cni/dhcp
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-dummy -> ../libexec/cni/dummy
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-firewall -> ../libexec/cni/firewall
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-host-device -> ../libexec/cni/host-device
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-host-local -> ../libexec/cni/host-local
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-ipvlan -> ../libexec/cni/ipvlan
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-loopback -> ../libexec/cni/loopback
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-macvlan -> ../libexec/cni/macvlan
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-portmap -> ../libexec/cni/portmap
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-ptp -> ../libexec/cni/ptp
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-sbr -> ../libexec/cni/sbr
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-static -> ../libexec/cni/static
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-tap -> ../libexec/cni/tap
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-tuning -> ../libexec/cni/tuning
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-vlan -> ../libexec/cni/vlan
lrwxrwxrwx 0/0 0 2024-10-24 12:57 bin/buildkit-cni-vrf -> ../libexec/cni/vrf
-rwxr-xr-x 0/0 59727892 2015-10-21 00:00 bin/buildkitd
-rwxr-xr-x 0/0 15311568 2024-10-24 12:56 bin/bypass4netns
-rwxr-xr-x 0/0 5882008 2024-10-24 12:56 bin/bypass4netnsd
-rwxr-xr-x 0/0 38794352 2024-10-24 12:57 bin/containerd
-rwxr-xr-x 0/0 9474048 2023-11-02 17:34 bin/containerd-fuse-overlayfs-grpc
-rwxr-xr-x 0/0 22657 2024-10-24 12:56 bin/containerd-rootless-setuptool.sh
-rwxr-xr-x 0/0 8708 2024-10-24 12:56 bin/containerd-rootless.sh
-rwxr-xr-x 0/0 7708824 2024-10-24 12:57 bin/containerd-shim-runc-v2
-rwxr-xr-x 0/0 45903872 2023-10-31 08:57 bin/containerd-stargz-grpc
-rwxr-xr-x 0/0 21810318 2024-10-24 12:57 bin/ctd-decoder
-rwxr-xr-x 0/0 19697816 2024-10-24 12:57 bin/ctr
-rwxr-xr-x 0/0 31136840 2024-10-24 12:57 bin/ctr-enc
-rwxr-xr-x 0/0 19931136 2023-10-31 08:58 bin/ctr-remote
-rwxr-xr-x 0/0 1789968 2024-10-24 12:57 bin/fuse-overlayfs
-rwxr-xr-x 0/0 26284184 2024-10-24 12:56 bin/nerdctl
-rwxr-xr-x 0/0 11346380 2024-08-17 19:28 bin/rootlessctl
-rwxr-xr-x 0/0 13089548 2024-08-17 19:28 bin/rootlesskit
-rwxr-xr-x 0/0 15967360 2024-10-24 12:56 bin/runc
-rwxr-xr-x 0/0 2354520 2024-10-24 12:57 bin/slirp4netns
-rwxr-xr-x 0/0 870496 2024-10-24 12:57 bin/tini
drwxr-xr-x 0/0 0 2024-10-24 12:57 lib/
drwxr-xr-x 0/0 0 2024-10-24 12:57 lib/systemd/
drwxr-xr-x 0/0 0 2024-10-24 12:57 lib/systemd/system/
-rw-r--r-- 0/0 1325 2024-10-24 12:57 lib/systemd/system/buildkit.service
-rw-r--r-- 0/0 1264 2024-10-24 12:55 lib/systemd/system/containerd.service
-rw-r--r-- 0/0 312 2024-10-24 12:57 lib/systemd/system/stargz-snapshotter.service
drwxr-xr-x 0/0 0 2024-10-24 12:57 libexec/
drwxr-xr-x 0/0 0 2024-10-24 12:57 libexec/cni/
-rw-r--r-- 0/0 11357 2024-10-15 09:37 libexec/cni/LICENSE
-rw-r--r-- 0/0 2343 2024-10-15 09:37 libexec/cni/README.md
-rwxr-xr-x 0/0 4648054 2024-10-15 09:36 libexec/cni/bandwidth
-rwxr-xr-x 0/0 5283567 2024-10-15 09:37 libexec/cni/bridge
-rwxr-xr-x 0/0 12771199 2024-10-15 09:37 libexec/cni/dhcp
-rwxr-xr-x 0/0 4843811 2024-10-15 09:37 libexec/cni/dummy
-rwxr-xr-x 0/0 5312426 2024-10-15 09:36 libexec/cni/firewall
-rwxr-xr-x 0/0 4784447 2024-10-15 09:37 libexec/cni/host-device
-rwxr-xr-x 0/0 4047543 2024-10-15 09:37 libexec/cni/host-local
-rwxr-xr-x 0/0 4860660 2024-10-15 09:37 libexec/cni/ipvlan
-rwxr-xr-x 0/0 4107060 2024-10-15 09:37 libexec/cni/loopback
-rwxr-xr-x 0/0 4896553 2024-10-15 09:37 libexec/cni/macvlan
-rwxr-xr-x 0/0 4703145 2024-10-15 09:36 libexec/cni/portmap
-rwxr-xr-x 0/0 5068216 2024-10-15 09:37 libexec/cni/ptp
-rwxr-xr-x 0/0 4330463 2024-10-15 09:36 libexec/cni/sbr
-rwxr-xr-x 0/0 3648356 2024-10-15 09:37 libexec/cni/static
-rwxr-xr-x 0/0 4920887 2024-10-15 09:37 libexec/cni/tap
-rwxr-xr-x 0/0 4195353 2024-10-15 09:36 libexec/cni/tuning
-rwxr-xr-x 0/0 4854297 2024-10-15 09:37 libexec/cni/vlan
-rwxr-xr-x 0/0 4481459 2024-10-15 09:36 libexec/cni/vrf
drwxr-xr-x 0/0 0 2024-10-24 12:57 share/
drwxr-xr-x 0/0 0 2024-10-24 12:57 share/doc/
drwxr-xr-x 0/0 0 2024-10-24 12:57 share/doc/nerdctl/
-rw-r--r-- 0/0 12101 2024-10-24 12:50 share/doc/nerdctl/README.md
drwxr-xr-x 0/0 0 2024-10-24 12:50 share/doc/nerdctl/docs/
-rw-r--r-- 0/0 3953 2024-10-24 12:50 share/doc/nerdctl/docs/build.md
-rw-r--r-- 0/0 2570 2024-10-24 12:50 share/doc/nerdctl/docs/builder-debug.md
-rw-r--r-- 0/0 4779 2024-10-24 12:50 share/doc/nerdctl/docs/cni.md
-rw-r--r-- 0/0 77544 2024-10-24 12:50 share/doc/nerdctl/docs/command-reference.md
-rw-r--r-- 0/0 1814 2024-10-24 12:50 share/doc/nerdctl/docs/compose.md
-rw-r--r-- 0/0 5329 2024-10-24 12:50 share/doc/nerdctl/docs/config.md
-rw-r--r-- 0/0 9128 2024-10-24 12:50 share/doc/nerdctl/docs/cosign.md
-rw-r--r-- 0/0 5660 2024-10-24 12:50 share/doc/nerdctl/docs/cvmfs.md
drwxr-xr-x 0/0 0 2024-10-24 12:50 share/doc/nerdctl/docs/dev/
-rw-r--r-- 0/0 8587 2024-10-24 12:50 share/doc/nerdctl/docs/dev/store.md
-rw-r--r-- 0/0 2776 2024-10-24 12:50 share/doc/nerdctl/docs/dir.md
-rw-r--r-- 0/0 906 2024-10-24 12:50 share/doc/nerdctl/docs/experimental.md
-rw-r--r-- 0/0 14217 2024-10-24 12:50 share/doc/nerdctl/docs/faq.md
-rw-r--r-- 0/0 884 2024-10-24 12:50 share/doc/nerdctl/docs/freebsd.md
-rw-r--r-- 0/0 3273 2024-10-24 12:50 share/doc/nerdctl/docs/gpu.md
drwxr-xr-x 0/0 0 2024-10-24 12:50 share/doc/nerdctl/docs/images/
-rw-r--r-- 0/0 1540 2024-10-24 12:50 share/doc/nerdctl/docs/images/nerdctl-white.svg
-rw-r--r-- 0/0 1462 2024-10-24 12:50 share/doc/nerdctl/docs/images/nerdctl.svg
-rw-r--r-- 0/0 684421 2024-10-24 12:50 share/doc/nerdctl/docs/images/rootlessKit-network-design.png
-rw-r--r-- 0/0 14462 2024-10-24 12:50 share/doc/nerdctl/docs/ipfs.md
-rw-r--r-- 0/0 1755 2024-10-24 12:50 share/doc/nerdctl/docs/multi-platform.md
-rw-r--r-- 0/0 2960 2024-10-24 12:50 share/doc/nerdctl/docs/notation.md
-rw-r--r-- 0/0 2596 2024-10-24 12:50 share/doc/nerdctl/docs/nydus.md
-rw-r--r-- 0/0 3277 2024-10-24 12:50 share/doc/nerdctl/docs/ocicrypt.md
-rw-r--r-- 0/0 1876 2024-10-24 12:50 share/doc/nerdctl/docs/overlaybd.md
-rw-r--r-- 0/0 15657 2024-10-24 12:50 share/doc/nerdctl/docs/registry.md
-rw-r--r-- 0/0 8707 2024-10-24 12:50 share/doc/nerdctl/docs/rootless.md
-rw-r--r-- 0/0 2015 2024-10-24 12:50 share/doc/nerdctl/docs/soci.md
-rw-r--r-- 0/0 10312 2024-10-24 12:50 share/doc/nerdctl/docs/stargz.md
drwxr-xr-x 0/0 0 2024-10-24 12:50 share/doc/nerdctl/docs/testing/
-rw-r--r-- 0/0 4115 2024-10-24 12:50 share/doc/nerdctl/docs/testing/README.md
-rw-r--r-- 0/0 15068 2024-10-24 12:50 share/doc/nerdctl/docs/testing/tools.md
drwxr-xr-x 0/0 0 2024-10-24 12:58 share/doc/nerdctl-full/
-rw-r--r-- 0/0 1010 2024-10-24 12:58 share/doc/nerdctl-full/README.md
-rw-r--r-- 0/0 9022 2024-10-24 12:58 share/doc/nerdctl-full/SHA256SUMS
Included components
See share/doc/nerdctl-full/README.md
:
# nerdctl (full distribution)
- nerdctl: v2.0.0-rc.3
- containerd: v2.0.0-rc.6
- runc: v1.2.0
- CNI plugins: v1.6.0
- BuildKit: v0.16.0
- Stargz Snapshotter: v0.15.1
- imgcrypt: v1.1.11
- RootlessKit: v2.3.1
- slirp4netns: v1.3.1
- bypass4netns: v0.4.1
- fuse-overlayfs: v1.14
- containerd-fuse-overlayfs: v1.0.8
- Tini: v0.19.0
- buildg: v0.4.1
## License
- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/v1.3.1/COPYING)
- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/containers/fuse-overlayfs/blob/v1.14/COPYING)
- bin/{runc,bypass4netns,bypass4netnsd}: Apache License 2.0, statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE), source code available at https://github.com/seccomp/libseccomp/)
- bin/tini: [MIT License](https://github.com/krallin/tini/blob/v0.19.0/LICENSE)
- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)
Quick start
Rootful
$ sudo systemctl enable --now containerd
$ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine
Rootless
$ containerd-rootless-setuptool.sh install
$ nerdctl run -d --name nginx -p 8080:80 nginx:alpine
Enabling cgroup v2 is highly recommended for rootless mode, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .
The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/containerd/nerdctl/actions/runs/11499655077
The sha256sum of the SHA256SUMS file itself is 147010c5987e04e23e1275975a35b8f2f751760cce0b18a25a1f045df49bda0f
.
Release manager: @AkihiroSuda