1![banner](https://github.com/containerd/containerd.io/blob/master/static/img/containerd-dark.png?raw=true)
2
3[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd)
4[![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd)
5[![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master)
6[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)
7[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd)
8[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271)
9
10containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
11
12containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
13
14![architecture](design/architecture.png)
15
16## Getting Started
17
18See our documentation on [containerd.io](https://containerd.io):
19* [for ops and admins](docs/ops.md)
20* [namespaces](docs/namespaces.md)
21* [client options](docs/client-opts.md)
22
23See how to build containerd from source at [BUILDING](BUILDING.md).
24
25If you are interested in trying out containerd see our example at [Getting Started](docs/getting-started.md).
26
27
28## Runtime Requirements
29
30Runtime requirements for containerd are very minimal. Most interactions with
31the Linux and Windows container feature sets are handled via [runc](https://github.com/opencontainers/runc) and/or
32OS-specific libraries (e.g. [hcsshim](https://github.com/Microsoft/hcsshim) for Microsoft). The current required version of `runc` is always listed in [RUNC.md](/RUNC.md).
33
34There are specific features
35used by containerd core code and snapshotters that will require a minimum kernel
36version on Linux. With the understood caveat of distro kernel versioning, a
37reasonable starting point for Linux is a minimum 4.x kernel version.
38
39The overlay filesystem snapshotter, used by default, uses features that were
40finalized in the 4.x kernel series. If you choose to use btrfs, there may
41be more flexibility in kernel version (minimum recommended is 3.18), but will
42require the btrfs kernel module and btrfs tools to be installed on your Linux
43distribution.
44
45To use Linux checkpoint and restore features, you will need `criu` installed on
46your system. See more details in [Checkpoint and Restore](#checkpoint-and-restore).
47
48Build requirements for developers are listed in [BUILDING](BUILDING.md).
49
50## Features
51
52### Client
53
54containerd offers a full client package to help you integrate containerd into your platform.
55
56```go
57
58import (
59  "github.com/containerd/containerd"
60  "github.com/containerd/containerd/cio"
61)
62
63
64func main() {
65	client, err := containerd.New("/run/containerd/containerd.sock")
66	defer client.Close()
67}
68
69```
70
71### Namespaces
72
73Namespaces allow multiple consumers to use the same containerd without conflicting with each other.  It has the benefit of sharing content but still having separation with containers and images.
74
75To set a namespace for requests to the API:
76
77```go
78context = context.Background()
79// create a context for docker
80docker = namespaces.WithNamespace(context, "docker")
81
82containerd, err := client.NewContainer(docker, "id")
83```
84
85To set a default namespace on the client:
86
87```go
88client, err := containerd.New(address, containerd.WithDefaultNamespace("docker"))
89```
90
91### Distribution
92
93```go
94// pull an image
95image, err := client.Pull(context, "docker.io/library/redis:latest")
96
97// push an image
98err := client.Push(context, "docker.io/library/redis:latest", image.Target())
99```
100
101### Containers
102
103In containerd, a container is a metadata object.  Resources such as an OCI runtime specification, image, root filesystem, and other metadata can be attached to a container.
104
105```go
106redis, err := client.NewContainer(context, "redis-master")
107defer redis.Delete(context)
108```
109
110### OCI Runtime Specification
111
112containerd fully supports the OCI runtime specification for running containers.  We have built in functions to help you generate runtime specifications based on images as well as custom parameters.
113
114You can specify options when creating a container about how to modify the specification.
115
116```go
117redis, err := client.NewContainer(context, "redis-master", containerd.WithNewSpec(oci.WithImageConfig(image)))
118```
119
120### Root Filesystems
121
122containerd allows you to use overlay or snapshot filesystems with your containers.  It comes with builtin support for overlayfs and btrfs.
123
124```go
125// pull an image and unpack it into the configured snapshotter
126image, err := client.Pull(context, "docker.io/library/redis:latest", containerd.WithPullUnpack)
127
128// allocate a new RW root filesystem for a container based on the image
129redis, err := client.NewContainer(context, "redis-master",
130	containerd.WithNewSnapshot("redis-rootfs", image),
131	containerd.WithNewSpec(oci.WithImageConfig(image)),
132)
133
134// use a readonly filesystem with multiple containers
135for i := 0; i < 10; i++ {
136	id := fmt.Sprintf("id-%s", i)
137	container, err := client.NewContainer(ctx, id,
138		containerd.WithNewSnapshotView(id, image),
139		containerd.WithNewSpec(oci.WithImageConfig(image)),
140	)
141}
142```
143
144### Tasks
145
146Taking a container object and turning it into a runnable process on a system is done by creating a new `Task` from the container.  A task represents the runnable object within containerd.
147
148```go
149// create a new task
150task, err := redis.NewTask(context, cio.Stdio)
151defer task.Delete(context)
152
153// the task is now running and has a pid that can be use to setup networking
154// or other runtime settings outside of containerd
155pid := task.Pid()
156
157// start the redis-server process inside the container
158err := task.Start(context)
159
160// wait for the task to exit and get the exit status
161status, err := task.Wait(context)
162```
163
164### Checkpoint and Restore
165
166If you have [criu](https://criu.org/Main_Page) installed on your machine you can checkpoint and restore containers and their tasks.  This allow you to clone and/or live migrate containers to other machines.
167
168```go
169// checkpoint the task then push it to a registry
170checkpoint, err := task.Checkpoint(context)
171
172err := client.Push(context, "myregistry/checkpoints/redis:master", checkpoint)
173
174// on a new machine pull the checkpoint and restore the redis container
175image, err := client.Pull(context, "myregistry/checkpoints/redis:master")
176
177checkpoint := image.Target()
178
179redis, err = client.NewContainer(context, "redis-master", containerd.WithCheckpoint(checkpoint, "redis-rootfs"))
180defer container.Delete(context)
181
182task, err = redis.NewTask(context, cio.Stdio, containerd.WithTaskCheckpoint(checkpoint))
183defer task.Delete(context)
184
185err := task.Start(context)
186```
187
188### Snapshot Plugins
189
190In addition to the built-in Snapshot plugins in containerd, additional external
191plugins can be configured using GRPC. An external plugin is made available using
192the configured name and appears as a plugin alongside the built-in ones.
193
194To add an external snapshot plugin, add the plugin to containerd's config file
195(by default at `/etc/containerd/config.toml`). The string following
196`proxy_plugin.` will be used as the name of the snapshotter and the address
197should refer to a socket with a GRPC listener serving containerd's Snapshot
198GRPC API. Remember to restart containerd for any configuration changes to take
199effect.
200
201```
202[proxy_plugins]
203  [proxy_plugins.customsnapshot]
204    type = "snapshot"
205    address =  "/var/run/mysnapshotter.sock"
206```
207
208See [PLUGINS.md](PLUGINS.md) for how to create plugins
209
210### Releases and API Stability
211
212Please see [RELEASES.md](RELEASES.md) for details on versioning and stability
213of containerd components.
214
215### Development reports.
216
217Weekly summary on the progress and what is being worked on.
218https://github.com/containerd/containerd/tree/master/reports
219
220### Communication
221
222For async communication and long running discussions please use issues and pull requests on the github repo.
223This will be the best place to discuss design and implementation.
224
225For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development.
226
227**Slack:** https://dockr.ly/community
228
229### Reporting security issues
230
231__If you are reporting a security issue, please reach out discreetly at security@containerd.io__.
232
233## Licenses
234
235The containerd codebase is released under the [Apache 2.0 license](LICENSE.code).
236The README.md file, and files in the "docs" folder are licensed under the
237Creative Commons Attribution 4.0 International License. You may obtain a
238copy of the license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by/4.0/.
239