1![banner](https://github.com/containerd/containerd.io/blob/master/static/img/containerd-dark.png?raw=true) 2 3[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd) 4[![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd) 5[![Windows Build Status](https://ci.appveyor.com/api/projects/status/github/containerd/containerd?branch=master&svg=true)](https://ci.appveyor.com/project/mlaventure/containerd-3g73f?branch=master) 6[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield) 7[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd) 8[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1271/badge)](https://bestpractices.coreinfrastructure.org/projects/1271) 9 10containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc. 11 12containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users. 13 14![architecture](design/architecture.png) 15 16## Getting Started 17 18See our documentation on [containerd.io](https://containerd.io): 19* [for ops and admins](docs/ops.md) 20* [namespaces](docs/namespaces.md) 21* [client options](docs/client-opts.md) 22 23See how to build containerd from source at [BUILDING](BUILDING.md). 24 25If you are interested in trying out containerd see our example at [Getting Started](docs/getting-started.md). 26 27 28## Runtime Requirements 29 30Runtime requirements for containerd are very minimal. Most interactions with 31the Linux and Windows container feature sets are handled via [runc](https://github.com/opencontainers/runc) and/or 32OS-specific libraries (e.g. [hcsshim](https://github.com/Microsoft/hcsshim) for Microsoft). The current required version of `runc` is always listed in [RUNC.md](/RUNC.md). 33 34There are specific features 35used by containerd core code and snapshotters that will require a minimum kernel 36version on Linux. With the understood caveat of distro kernel versioning, a 37reasonable starting point for Linux is a minimum 4.x kernel version. 38 39The overlay filesystem snapshotter, used by default, uses features that were 40finalized in the 4.x kernel series. If you choose to use btrfs, there may 41be more flexibility in kernel version (minimum recommended is 3.18), but will 42require the btrfs kernel module and btrfs tools to be installed on your Linux 43distribution. 44 45To use Linux checkpoint and restore features, you will need `criu` installed on 46your system. See more details in [Checkpoint and Restore](#checkpoint-and-restore). 47 48Build requirements for developers are listed in [BUILDING](BUILDING.md). 49 50## Features 51 52### Client 53 54containerd offers a full client package to help you integrate containerd into your platform. 55 56```go 57 58import ( 59 "github.com/containerd/containerd" 60 "github.com/containerd/containerd/cio" 61) 62 63 64func main() { 65 client, err := containerd.New("/run/containerd/containerd.sock") 66 defer client.Close() 67} 68 69``` 70 71### Namespaces 72 73Namespaces allow multiple consumers to use the same containerd without conflicting with each other. It has the benefit of sharing content but still having separation with containers and images. 74 75To set a namespace for requests to the API: 76 77```go 78context = context.Background() 79// create a context for docker 80docker = namespaces.WithNamespace(context, "docker") 81 82containerd, err := client.NewContainer(docker, "id") 83``` 84 85To set a default namespace on the client: 86 87```go 88client, err := containerd.New(address, containerd.WithDefaultNamespace("docker")) 89``` 90 91### Distribution 92 93```go 94// pull an image 95image, err := client.Pull(context, "docker.io/library/redis:latest") 96 97// push an image 98err := client.Push(context, "docker.io/library/redis:latest", image.Target()) 99``` 100 101### Containers 102 103In containerd, a container is a metadata object. Resources such as an OCI runtime specification, image, root filesystem, and other metadata can be attached to a container. 104 105```go 106redis, err := client.NewContainer(context, "redis-master") 107defer redis.Delete(context) 108``` 109 110### OCI Runtime Specification 111 112containerd fully supports the OCI runtime specification for running containers. We have built in functions to help you generate runtime specifications based on images as well as custom parameters. 113 114You can specify options when creating a container about how to modify the specification. 115 116```go 117redis, err := client.NewContainer(context, "redis-master", containerd.WithNewSpec(oci.WithImageConfig(image))) 118``` 119 120### Root Filesystems 121 122containerd allows you to use overlay or snapshot filesystems with your containers. It comes with builtin support for overlayfs and btrfs. 123 124```go 125// pull an image and unpack it into the configured snapshotter 126image, err := client.Pull(context, "docker.io/library/redis:latest", containerd.WithPullUnpack) 127 128// allocate a new RW root filesystem for a container based on the image 129redis, err := client.NewContainer(context, "redis-master", 130 containerd.WithNewSnapshot("redis-rootfs", image), 131 containerd.WithNewSpec(oci.WithImageConfig(image)), 132) 133 134// use a readonly filesystem with multiple containers 135for i := 0; i < 10; i++ { 136 id := fmt.Sprintf("id-%s", i) 137 container, err := client.NewContainer(ctx, id, 138 containerd.WithNewSnapshotView(id, image), 139 containerd.WithNewSpec(oci.WithImageConfig(image)), 140 ) 141} 142``` 143 144### Tasks 145 146Taking a container object and turning it into a runnable process on a system is done by creating a new `Task` from the container. A task represents the runnable object within containerd. 147 148```go 149// create a new task 150task, err := redis.NewTask(context, cio.Stdio) 151defer task.Delete(context) 152 153// the task is now running and has a pid that can be use to setup networking 154// or other runtime settings outside of containerd 155pid := task.Pid() 156 157// start the redis-server process inside the container 158err := task.Start(context) 159 160// wait for the task to exit and get the exit status 161status, err := task.Wait(context) 162``` 163 164### Checkpoint and Restore 165 166If you have [criu](https://criu.org/Main_Page) installed on your machine you can checkpoint and restore containers and their tasks. This allow you to clone and/or live migrate containers to other machines. 167 168```go 169// checkpoint the task then push it to a registry 170checkpoint, err := task.Checkpoint(context) 171 172err := client.Push(context, "myregistry/checkpoints/redis:master", checkpoint) 173 174// on a new machine pull the checkpoint and restore the redis container 175image, err := client.Pull(context, "myregistry/checkpoints/redis:master") 176 177checkpoint := image.Target() 178 179redis, err = client.NewContainer(context, "redis-master", containerd.WithCheckpoint(checkpoint, "redis-rootfs")) 180defer container.Delete(context) 181 182task, err = redis.NewTask(context, cio.Stdio, containerd.WithTaskCheckpoint(checkpoint)) 183defer task.Delete(context) 184 185err := task.Start(context) 186``` 187 188### Snapshot Plugins 189 190In addition to the built-in Snapshot plugins in containerd, additional external 191plugins can be configured using GRPC. An external plugin is made available using 192the configured name and appears as a plugin alongside the built-in ones. 193 194To add an external snapshot plugin, add the plugin to containerd's config file 195(by default at `/etc/containerd/config.toml`). The string following 196`proxy_plugin.` will be used as the name of the snapshotter and the address 197should refer to a socket with a GRPC listener serving containerd's Snapshot 198GRPC API. Remember to restart containerd for any configuration changes to take 199effect. 200 201``` 202[proxy_plugins] 203 [proxy_plugins.customsnapshot] 204 type = "snapshot" 205 address = "/var/run/mysnapshotter.sock" 206``` 207 208See [PLUGINS.md](PLUGINS.md) for how to create plugins 209 210### Releases and API Stability 211 212Please see [RELEASES.md](RELEASES.md) for details on versioning and stability 213of containerd components. 214 215### Development reports. 216 217Weekly summary on the progress and what is being worked on. 218https://github.com/containerd/containerd/tree/master/reports 219 220### Communication 221 222For async communication and long running discussions please use issues and pull requests on the github repo. 223This will be the best place to discuss design and implementation. 224 225For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development. 226 227**Slack:** https://dockr.ly/community 228 229### Reporting security issues 230 231__If you are reporting a security issue, please reach out discreetly at security@containerd.io__. 232 233## Licenses 234 235The containerd codebase is released under the [Apache 2.0 license](LICENSE.code). 236The README.md file, and files in the "docs" folder are licensed under the 237Creative Commons Attribution 4.0 International License. You may obtain a 238copy of the license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by/4.0/. 239