Skip to content

v2.0.0

Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 06 Nov 00:47
· 45 commits to main since this release
v2.0.0
ef588da

nerdctl v2.0 is released in unison with containerd v2.0, but it continues to work with containerd v1.6 and v1.7 too.

The release of nerdctl v2.1 is NOT planned to be synchronized with containerd v2.1.

Changes

nerdctl v2 enables "detach-netns" for Rootless mode by default (#2723).

This will bring:

  • Faster and more stable nerdctl pull, nerdctl push, nerdctl build, etc
  • Proper support for nerdctl pull 127.0.0.1:.../...
  • Proper support for nerdctl run --net=host

Depends on RootlessKit >= v2.0 and BuildKit >= v0.13 (included in nerdctl-full-*.tar.gz).

Note

After upgrading nerdctl (rootless mode) from v1.x to v2.x, it is highly recommended to
re-install the systemd units and the configurations:

containerd-rootless-setuptool.sh uninstall
rm -rf ~/.config/{nerdctl,buildkit}
containerd-rootless-setuptool.sh install
CONTAINERD_NAMESPACE=default containerd-rootless-setuptool.sh install-buildkit-containerd

Other major changes:

  • nerdctl run:
    • Added --systemd=(true|false|always) flag for running systemd in containers flag (#2785, thanks to @sazzy4o)
    • Added --ipc=(shareable|container:<container>) flag (#2757, thanks to @minuk-dev)
    • Added --annotation flag (#2906)
      • Now nerdctl run --label is only set as a containerd label and not propagated as an OCI annotation. A label with the nerdctl/ prefix can no longer be set manually, with an exception for nerdctl/bypass4netns. The nerdctl/bypass4netns label is still allowed and is propagated to an OCI annotation, for sake of compatibility.
    • Added --sig-proxy flag (#3043, thanks to @CodeChanning)
    • Propagate image labels to container labels (not to container annotations) (#3023, thanks to @yankay)
    • Added --attach flag (#3157, thanks to @CodeChanning)
    • The restriction for --name is relaxed to support longer names (#3279, thanks to @Shubhranshu153)
    • Added --security-opt systempaths=unconfined flag (#3533, thanks to @austinvazquez)
    • Added --network ns:<PATH> flag (#3538, thanks to @dancavallaro)
    • Added the support for oci-layout image references (#3537, thanks to @austinvazquez)
    • Added --log-driver=none flag (#3633, thanks to @coderbirju)
  • nerdctl build:
  • nerdctl ps:
  • nerdctl inspect:
  • nerdctl network:
    • The networks are now aware of containerd namespaces. i.e., nerdctl --namespace=foo network list no longer shows networks created with nerdctl --namespace=bar network create (#3096, thanks to @apostasie)
    • Enhanced support for DHCP (#3001, thanks to @apostasie)
  • nerdctl compose up:
  • nerdctl builder prune:
  • nerdctl image prune:
  • nerdctl image load:
  • nerdct-full:
    • Updated the components (containerd v2.0, runc v1.2, BuildKit v0.17, etc.). See the Included components below.
    • Removed IPFS (Kubo). Can be still installed manually. (#3532, thanks to @yankay)
  • Misc:
    • Refactoring and stability improvements (Many PRs, thanks to @apostasie et al.)
  • And more!

Full changes: https://github.com/containerd/nerdctl/milestone/37?closed=1
Thanks to @CerberusQc @CodeChanning @Iceber @Shikachuu @Shubhranshu153 @TBBle @THLIVSQAZ @TinaMor @abitrolly @alegrey91 @apostasie @austinvazquez @bobcallaway @cezar-r @chews93319 @coderbirju @curlwget @dancavallaro @djdongjin @dmcgowan @fahedouch @frits-v @fwilhe2 @haytok @jmpargana @kebe7jun @ktock @lingdie @manugupt1 @midnight-wonderer @minuk-dev @monirul @pendo324 @qianxi0410 @roman-kiselenko @sazzy4o @sondavidb @testwill @thaJeztah @xyz-li @yankay @zjumoon01 @zwpaper

Compatible containerd versions

This release of nerdctl is expected to be used with containerd v1.6, v1.7, or v2.0.

About the binaries

  • Minimal (nerdctl-2.0.0-linux-amd64.tar.gz): nerdctl only
  • Full (nerdctl-full-2.0.0-linux-amd64.tar.gz): Includes dependencies such as containerd, runc, and CNI

Minimal

Extract the archive to a path like /usr/local/bin or ~/bin .

tar Cxzvvf /usr/local/bin nerdctl-2.0.0-linux-amd64.tar.gz

-rwxr-xr-x root/root  26366104 2024-11-06 00:32 nerdctl
-rwxr-xr-x root/root     22657 2024-11-06 00:32 containerd-rootless-setuptool.sh
-rwxr-xr-x root/root      8708 2024-11-06 00:32 containerd-rootless.sh

Full

Extract the archive to a path like /usr/local or ~/.local .

tar Cxzvvf /usr/local nerdctl-full-2.0.0-linux-amd64.tar.gz

drwxr-xr-x 0/0               0 2024-11-06 00:39 bin/
-rwxr-xr-x 0/0        29493543 2015-10-21 00:00 bin/buildctl
-rwxr-xr-x 0/0        23724032 2022-09-05 09:52 bin/buildg
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-LICENSE -> ../libexec/cni/LICENSE
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-README.md -> ../libexec/cni/README.md
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-bandwidth -> ../libexec/cni/bandwidth
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-bridge -> ../libexec/cni/bridge
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-dhcp -> ../libexec/cni/dhcp
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-dummy -> ../libexec/cni/dummy
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-firewall -> ../libexec/cni/firewall
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-host-device -> ../libexec/cni/host-device
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-host-local -> ../libexec/cni/host-local
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-ipvlan -> ../libexec/cni/ipvlan
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-loopback -> ../libexec/cni/loopback
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-macvlan -> ../libexec/cni/macvlan
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-portmap -> ../libexec/cni/portmap
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-ptp -> ../libexec/cni/ptp
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-sbr -> ../libexec/cni/sbr
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-static -> ../libexec/cni/static
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-tap -> ../libexec/cni/tap
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-tuning -> ../libexec/cni/tuning
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-vlan -> ../libexec/cni/vlan
lrwxrwxrwx 0/0               0 2024-11-06 00:38 bin/buildkit-cni-vrf -> ../libexec/cni/vrf
-rwxr-xr-x 0/0        60229721 2015-10-21 00:00 bin/buildkitd
-rwxr-xr-x 0/0        15311568 2024-11-06 00:37 bin/bypass4netns
-rwxr-xr-x 0/0         5882008 2024-11-06 00:37 bin/bypass4netnsd
-rwxr-xr-x 0/0        38868944 2024-11-06 00:38 bin/containerd
-rwxr-xr-x 0/0        10494104 2024-11-05 23:12 bin/containerd-fuse-overlayfs-grpc
-rwxr-xr-x 0/0           22657 2024-11-06 00:39 bin/containerd-rootless-setuptool.sh
-rwxr-xr-x 0/0            8708 2024-11-06 00:39 bin/containerd-rootless.sh
-rwxr-xr-x 0/0         7717016 2024-11-06 00:38 bin/containerd-shim-runc-v2
-rwxr-xr-x 0/0        45903872 2023-10-31 08:57 bin/containerd-stargz-grpc
-rwxr-xr-x 0/0        22214956 2024-11-06 00:39 bin/ctd-decoder
-rwxr-xr-x 0/0        19706008 2024-11-06 00:38 bin/ctr
-rwxr-xr-x 0/0        29814020 2024-11-06 00:39 bin/ctr-enc
-rwxr-xr-x 0/0        19931136 2023-10-31 08:58 bin/ctr-remote
-rwxr-xr-x 0/0         1789968 2024-11-06 00:39 bin/fuse-overlayfs
-rwxr-xr-x 0/0        26333336 2024-11-06 00:39 bin/nerdctl
-rwxr-xr-x 0/0        11346380 2024-08-17 19:28 bin/rootlessctl
-rwxr-xr-x 0/0        13089548 2024-08-17 19:28 bin/rootlesskit
-rwxr-xr-x 0/0        15921736 2024-11-06 00:37 bin/runc
-rwxr-xr-x 0/0         2354520 2024-11-06 00:39 bin/slirp4netns
-rwxr-xr-x 0/0          870496 2024-11-06 00:39 bin/tini
drwxr-xr-x 0/0               0 2024-11-06 00:38 lib/
drwxr-xr-x 0/0               0 2024-11-06 00:38 lib/systemd/
drwxr-xr-x 0/0               0 2024-11-06 00:38 lib/systemd/system/
-rw-r--r-- 0/0            1325 2024-11-06 00:38 lib/systemd/system/buildkit.service
-rw-r--r-- 0/0            1264 2024-11-06 00:37 lib/systemd/system/containerd.service
-rw-r--r-- 0/0             312 2024-11-06 00:38 lib/systemd/system/stargz-snapshotter.service
drwxr-xr-x 0/0               0 2024-11-06 00:38 libexec/
drwxr-xr-x 0/0               0 2024-11-06 00:38 libexec/cni/
-rw-r--r-- 0/0           11357 2024-10-15 09:37 libexec/cni/LICENSE
-rw-r--r-- 0/0            2343 2024-10-15 09:37 libexec/cni/README.md
-rwxr-xr-x 0/0         4648054 2024-10-15 09:36 libexec/cni/bandwidth
-rwxr-xr-x 0/0         5283567 2024-10-15 09:37 libexec/cni/bridge
-rwxr-xr-x 0/0        12771199 2024-10-15 09:37 libexec/cni/dhcp
-rwxr-xr-x 0/0         4843811 2024-10-15 09:37 libexec/cni/dummy
-rwxr-xr-x 0/0         5312426 2024-10-15 09:36 libexec/cni/firewall
-rwxr-xr-x 0/0         4784447 2024-10-15 09:37 libexec/cni/host-device
-rwxr-xr-x 0/0         4047543 2024-10-15 09:37 libexec/cni/host-local
-rwxr-xr-x 0/0         4860660 2024-10-15 09:37 libexec/cni/ipvlan
-rwxr-xr-x 0/0         4107060 2024-10-15 09:37 libexec/cni/loopback
-rwxr-xr-x 0/0         4896553 2024-10-15 09:37 libexec/cni/macvlan
-rwxr-xr-x 0/0         4703145 2024-10-15 09:36 libexec/cni/portmap
-rwxr-xr-x 0/0         5068216 2024-10-15 09:37 libexec/cni/ptp
-rwxr-xr-x 0/0         4330463 2024-10-15 09:36 libexec/cni/sbr
-rwxr-xr-x 0/0         3648356 2024-10-15 09:37 libexec/cni/static
-rwxr-xr-x 0/0         4920887 2024-10-15 09:37 libexec/cni/tap
-rwxr-xr-x 0/0         4195353 2024-10-15 09:36 libexec/cni/tuning
-rwxr-xr-x 0/0         4854297 2024-10-15 09:37 libexec/cni/vlan
-rwxr-xr-x 0/0         4481459 2024-10-15 09:36 libexec/cni/vrf
drwxr-xr-x 0/0               0 2024-11-06 00:36 share/
drwxr-xr-x 0/0               0 2024-11-06 00:39 share/doc/
drwxr-xr-x 0/0               0 2024-11-06 00:39 share/doc/nerdctl/
-rw-r--r-- 0/0           12101 2024-11-06 00:32 share/doc/nerdctl/README.md
drwxr-xr-x 0/0               0 2024-11-06 00:32 share/doc/nerdctl/docs/
-rw-r--r-- 0/0            3953 2024-11-06 00:32 share/doc/nerdctl/docs/build.md
-rw-r--r-- 0/0            2570 2024-11-06 00:32 share/doc/nerdctl/docs/builder-debug.md
-rw-r--r-- 0/0            4779 2024-11-06 00:32 share/doc/nerdctl/docs/cni.md
-rw-r--r-- 0/0           77544 2024-11-06 00:32 share/doc/nerdctl/docs/command-reference.md
-rw-r--r-- 0/0            1814 2024-11-06 00:32 share/doc/nerdctl/docs/compose.md
-rw-r--r-- 0/0            5329 2024-11-06 00:32 share/doc/nerdctl/docs/config.md
-rw-r--r-- 0/0            9128 2024-11-06 00:32 share/doc/nerdctl/docs/cosign.md
-rw-r--r-- 0/0            5660 2024-11-06 00:32 share/doc/nerdctl/docs/cvmfs.md
drwxr-xr-x 0/0               0 2024-11-06 00:32 share/doc/nerdctl/docs/dev/
-rw-r--r-- 0/0            8587 2024-11-06 00:32 share/doc/nerdctl/docs/dev/store.md
-rw-r--r-- 0/0            2776 2024-11-06 00:32 share/doc/nerdctl/docs/dir.md
-rw-r--r-- 0/0             906 2024-11-06 00:32 share/doc/nerdctl/docs/experimental.md
-rw-r--r-- 0/0           14217 2024-11-06 00:32 share/doc/nerdctl/docs/faq.md
-rw-r--r-- 0/0             884 2024-11-06 00:32 share/doc/nerdctl/docs/freebsd.md
-rw-r--r-- 0/0            3273 2024-11-06 00:32 share/doc/nerdctl/docs/gpu.md
drwxr-xr-x 0/0               0 2024-11-06 00:32 share/doc/nerdctl/docs/images/
-rw-r--r-- 0/0            1540 2024-11-06 00:32 share/doc/nerdctl/docs/images/nerdctl-white.svg
-rw-r--r-- 0/0            1462 2024-11-06 00:32 share/doc/nerdctl/docs/images/nerdctl.svg
-rw-r--r-- 0/0          684421 2024-11-06 00:32 share/doc/nerdctl/docs/images/rootlessKit-network-design.png
-rw-r--r-- 0/0           14462 2024-11-06 00:32 share/doc/nerdctl/docs/ipfs.md
-rw-r--r-- 0/0            1755 2024-11-06 00:32 share/doc/nerdctl/docs/multi-platform.md
-rw-r--r-- 0/0            2960 2024-11-06 00:32 share/doc/nerdctl/docs/notation.md
-rw-r--r-- 0/0            2596 2024-11-06 00:32 share/doc/nerdctl/docs/nydus.md
-rw-r--r-- 0/0            3277 2024-11-06 00:32 share/doc/nerdctl/docs/ocicrypt.md
-rw-r--r-- 0/0            1876 2024-11-06 00:32 share/doc/nerdctl/docs/overlaybd.md
-rw-r--r-- 0/0           15657 2024-11-06 00:32 share/doc/nerdctl/docs/registry.md
-rw-r--r-- 0/0            8707 2024-11-06 00:32 share/doc/nerdctl/docs/rootless.md
-rw-r--r-- 0/0            2015 2024-11-06 00:32 share/doc/nerdctl/docs/soci.md
-rw-r--r-- 0/0           10312 2024-11-06 00:32 share/doc/nerdctl/docs/stargz.md
drwxr-xr-x 0/0               0 2024-11-06 00:32 share/doc/nerdctl/docs/testing/
-rw-r--r-- 0/0            4115 2024-11-06 00:32 share/doc/nerdctl/docs/testing/README.md
-rw-r--r-- 0/0           15068 2024-11-06 00:32 share/doc/nerdctl/docs/testing/tools.md
drwxr-xr-x 0/0               0 2024-11-06 00:39 share/doc/nerdctl-full/
-rw-r--r-- 0/0            1004 2024-11-06 00:39 share/doc/nerdctl-full/README.md
-rw-r--r-- 0/0            5621 2024-11-06 00:39 share/doc/nerdctl-full/SHA256SUMS

Included components

See share/doc/nerdctl-full/README.md:

# nerdctl (full distribution)
- nerdctl: v2.0.0
- containerd: v2.0.0
- runc: v1.2.1
- CNI plugins: v1.6.0
- BuildKit: v0.17.0
- Stargz Snapshotter: v0.15.1
- imgcrypt: v2.0.0-rc.1
- slirp4netns: v1.3.1
- bypass4netns: v0.4.1
- fuse-overlayfs: v1.14
- containerd-fuse-overlayfs: v2.0.0
- Tini: v0.19.0
- buildg: v0.4.1
- RootlessKit: v2.3.1

## License
- bin/slirp4netns:    [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/v1.3.1/COPYING)
- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/containers/fuse-overlayfs/blob/v1.14/COPYING)
- bin/{runc,bypass4netns,bypass4netnsd}: Apache License 2.0, statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE), source code available at https://github.com/seccomp/libseccomp/)
- bin/tini: [MIT License](https://github.com/krallin/tini/blob/v0.19.0/LICENSE)
- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)

Quick start

Rootful

$ sudo systemctl enable --now containerd
$ sudo nerdctl run -d --name nginx -p 80:80 nginx:alpine

Rootless

$ containerd-rootless-setuptool.sh install
$ nerdctl run -d --name nginx -p 8080:80 nginx:alpine

Enabling cgroup v2 is highly recommended for rootless mode, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ .


The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/containerd/nerdctl/actions/runs/11694883870

The sha256sum of the SHA256SUMS file itself is 304a5a826358d302ed3c290146b8c67215da3906b559f801b88a148a5033a3be .


Release manager: @AkihiroSuda