Technology · Ebook

containerd: The Runtime Beneath Your Containers

by Shriira Press

containerd is the runtime that actually runs your containers, sitting beneath Docker and Kubernetes. This free book reveals what really happens when a container starts: the history of the container ecosystem and the OCI standards, containerd's architecture and the shim-and-runc design that survives daemon restarts, images as content-addressed layers and the snapshotters that build filesystems, the ctr/nerdctl/crictl tools and the Go client, the namespaces/containers/tasks model, the Container Runtime Interface that makes containerd Kubernetes' default runtime (and why dockershim was removed), plugins and alternative runtimes like gVisor and Kata, security and kernel-based isolation, and operating containerd in production. Ten focused chapters with real commands and clear diagrams that demystify the entire container stack.

Contents

1. 1Preface
2. 2Chapter 1 — What containerd Is
3. 3Chapter 2 — History and OCI Standards
4. 4Chapter 3 — Architecture
5. 5Chapter 4 — Images, Layers, and Snapshotters
6. 6Chapter 5 — The Client and Tools
7. 7Chapter 6 — Namespaces, Containers, and Tasks
8. 8Chapter 7 — CRI and Kubernetes
9. 9Chapter 8 — Plugins and Alternative Runtimes
10. 10Chapter 9 — Security and Isolation
11. 11Chapter 10 — Operating containerd and Putting It Together