{"id":16927652,"url":"https://github.com/dirien/stackit-containerd","last_synced_at":"2026-05-09T01:33:04.109Z","repository":{"id":51266437,"uuid":"368068484","full_name":"dirien/stackit-containerd","owner":"dirien","description":"STACKIT contained reference implementation via OpenStack","archived":false,"fork":false,"pushed_at":"2021-05-18T12:01:17.000Z","size":72,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-31T19:55:49.924Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dirien.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-17T05:42:12.000Z","updated_at":"2022-04-26T04:51:25.000Z","dependencies_parsed_at":"2022-09-10T12:42:05.523Z","dependency_job_id":null,"html_url":"https://github.com/dirien/stackit-containerd","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dirien/stackit-containerd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dirien%2Fstackit-containerd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dirien%2Fstackit-containerd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dirien%2Fstackit-containerd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dirien%2Fstackit-containerd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dirien","download_url":"https://codeload.github.com/dirien/stackit-containerd/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dirien%2Fstackit-containerd/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32804164,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"ssl_error","status_checked_at":"2026-05-08T08:22:45.650Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T20:34:46.480Z","updated_at":"2026-05-09T01:33:04.086Z","avatar_url":"https://github.com/dirien.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# stackit-containerd\nSTACKIT contained reference implementation via OpenStack\n\n# Installion\n\nDont forget to create your own ssh key and use your own terraform backend. I use the azurerm again.\n\n```hcl\nbackend \"azurerm\" {\n  storage_account_name = \"aebi\"\n  container_name       = \"stackit-containerd-state\"\n  key                  = \"stackit-containerd.tfstate\"\n}\n```\n\n## Infrastructure\n\nGet the `*-openrc.sh` file and source it. \n\n```bash\nsource *-openrc.sh\n```\n\nExecute the Terraform.\n\n```bash\ncd 00-infrastructure\nterraform init\nterraform apply --auto-approve\n```\n\n## Provisioning (via Ansible)\n\nAnsible installs the containerd, cni and nerdctl. Because we need to run the install of nerdctl rootless via `containerd-rootless-setuptool.sh install` I could not use the cloud-init approach.\n\n```bash\nansible-playbook --private-key ssh/containerd -i 01-provisioning/hosts.yaml 01-provisioning/playbook.yaml\n```\n\n# Containerd\n\nAs Kubernetes grew and more third-party tools arose around Docker, the limitations of its architecture became clear. At the same time, the Open Container Initiative (OCI) began standardising container formats and runtimes. This resulted in an OCI specification defining a container which could be used by multiple runtimes, of which Docker is an example.\n\nDocker then extracted its container runtime out into a new project, containerd. This includes Docker’s functionality for executing containers, handling low-level storage and managing image transfers. Containerd was donated to the Cloud Native Computing Foundation (CNCF) in order to provide the container community with a basis for creating new container solutions.\n\nThe emergence of containerd makes it easier for projects like Kubernetes to access the low-level “Docker” elements they need. Instead of actually using Docker, they now have a more accessible interface to the container runtime. The OCI standardisation of container technologies means other runtimes can be used too.\n\n![logo](docs/img/containerd.png)\n\nThere are two kinds of container runtimes: high-level container runtimes and low-level container runtimes. \n\nContainerd is a high-level container runtime that uses Runc (a low-level container runtime) by default\n\n# The role of containerd\n\nContainerd drops in to abstract this low-level wiring. It’s intended as a “client layer” that container software then builds atop of. This might be developer-oriented software, like Docker, or cloud-oriented devops tools such as Kubernetes.\n\nPreviously, Kubernetes development was left with two bad options: keep writing shims around the hefty Docker interface, or start interacting with Linux kernel features directly. By breaking containerd out of Docker, a third alternative became available: use containerd as a system abstraction layer, without involving Docker.\n\n# Installation\nFollow the official docs for installing Containerd; or if you’re using Ubuntu, just install Containerd with apt.\n\n# CTR\n\nSome basic usage of the ctr-cli. I would suggest using the nerdctl-cli, if you seriously think about to substitute the docker-cli\n\n![logo](docs/img/ctr.png)\n\nLet us pull an image\n\n`ctr image pull docker.io/library/busybox`\n\nYou will see an error saying you missed an object, because Containerd requires you to specify the object like the command below:\n\n`ctr image pull docker.io/library/busybox:latest`\n\nLet us list the image\n\n`ctr image ls`\n\nThe result looks quite overloaded so with this command you only get the name of the image.\n\n`ctr image ls -q`\n\nTo run a container, just use following command\n\n`ctr container create docker.io/library/busybox:latest demo`\n\nThis creates a container with container id, 'demo'.\n\nThere are a few things to notice here: \n\n- The output is not redirected to the CLI by default. \n- We need to use the full path with the object every time we use a container image. \n- The image needs to be pulled before(!) being able to run a container.\n\nListing the containers we can to with the command below:\n\n`ctr container list`\n\nDeleting an image is possible with the command below.\n\n`ctr image remove docker.io/library/busybox:latest`\n \nWhat happens if the running container?\n\n`ctr container list`\n\nThe container is still be running. The reason is containerd works on references. So the image is no longer being referenced as an image, but it is still being referenced by the container (as a snapshot).\n\n\nAnd delete the image with:\n\n`ctr container remove demo`\n\n# nerdctl: Docker-compatible CLI for containerd\n\nnerdctl is a Docker-compatible CLI for containerd.\n\n✅ Same UI/UX as `docker`\n\n✅ Supports Docker Compose (`nerdctl compose up`)\n\n✅ Supports [rootless mode](./docs/``ootless.md)\n\n✅ Supports [lazy-pulling (Stargz)](./docs/stargz.md)\n\n✅ Supports [encrypted images (ocicrypt)](./docs/ocicrypt.md)\n\nnerdctl is a non-core sub-project of containerd.\n\nSo basically it's close to your docker cli experience you already know and love.\n\n`nerdctl pull busybox`\n\n`nerdctl run -it busybox`\n\nThanks to the buildkit we can now build also container\n\n`nerdctl build -t test:latest .`\n\nTo remove the container\n`nerdctl rm 9a649cfb9c55`\n\nExpose a port\n\n`nerdctl run -d -p 8080:80 nginx`\n\n```bash\nubuntu@stackit-containerd-ubuntu:~$ nerdctl ps\nCONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS    PORTS                   NAMES\n267de027eca9    docker.io/library/nginx:latest    \"/docker-entrypoint.…\"    4 seconds ago    Up        0.0.0.0:8080-\u003e80/tcp    \nubuntu@stackit-containerd-ubuntu:~$ curl http://localhost:8080\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eWelcome to nginx!\u003c/title\u003e\n\u003cstyle\u003e\n    body {\n        width: 35em;\n        margin: 0 auto;\n        font-family: Tahoma, Verdana, Arial, sans-serif;\n    }\n\u003c/style\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003ch1\u003eWelcome to nginx!\u003c/h1\u003e\n\u003cp\u003eIf you see this page, the nginx web server is successfully installed and\nworking. Further configuration is required.\u003c/p\u003e\n\n\u003cp\u003eFor online documentation and support please refer to\n\u003ca href=\"http://nginx.org/\"\u003enginx.org\u003c/a\u003e.\u003cbr/\u003e\nCommercial support is available at\n\u003ca href=\"http://nginx.com/\"\u003enginx.com\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cem\u003eThank you for using nginx.\u003c/em\u003e\u003c/p\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\nSee the logs\n\n`nerdctl logs -f 26`\n\n```bash\n/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration\n/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/\n/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh\n10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf\n10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf\n/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh\n/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh\n/docker-entrypoint.sh: Configuration complete; ready for start up\n10.4.0.1 - - [18/May/2021:11:20:43 +0000] \"GET / HTTP/1.1\" 200 612 \"-\" \"curl/7.68.0\" \"-\"\n```\n\nSame goes for pushing into the registry\n`nerdctl login -u \u003cuser\u003e`\n\n```bash\nnerdctl push ediri/busybox:latest \nINFO[0000] pushing as a single-platform image (application/vnd.docker.distribution.manifest.v2+json, sha256:x) \nmanifest-sha256:47b3642f37f00fffa0ee288483c13d61849af8c599227bd06fab1527b810aa3d: waiting        |--------------------------------------| \nlayer-sha256:92f8b3f0730fef84ba9825b3af6ad90de454c4c77cde732208cf84ff7dd41208:    waiting        |--------------------------------------| \nconfig-sha256:20f9b62095fddfa3a3d1fbd8ff7ec03a9162ce91c7a5925a0a06a7352873174d:   waiting        |--------------------------------------| \nelapsed: 2.3 s                                                                    total:   0.0 B (0.0 B/s)        \n```\n\nAnd the best part bash completion:\n\n```bash\nsource \u003c(nerdctl completion bash)`\n```\n\nBut unfortunately, there are some unimplemented commands still:\n\nhttps://github.com/containerd/nerdctl/blob/master/README.md#unimplemented-docker-commands\n\n\nSources:\n\n[[1]](https://www.cloudsavvyit.com/10075/what-is-containerd-and-how-does-it-relate-to-docker-and-kubernetes/)\n[[2]](https://github.com/containerd/nerdctl/blob/master/README.md#command-reference)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdirien%2Fstackit-containerd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdirien%2Fstackit-containerd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdirien%2Fstackit-containerd/lists"}