Understand the container runtime that powers Docker and Kubernetes — images, the shim, runc, and the CRI.

Welcome to containerd: The Runtime Beneath Your Containers.

containerd is the runtime that actually runs your containers, sitting beneath Docker and Kubernetes. This free book reveals what really happens when a container starts: the history of the container ecosystem and the OCI standards, containerd's architecture and the shim-and-runc design that survives daemon restarts, images as content-addressed layers and the snapshotters that build filesystems, the ctr/nerdctl/crictl tools and the Go client, the namespaces/containers/tasks model, the Container Runtime Interface that makes containerd Kubernetes' default runtime (and why dockershim was removed), plugins and alternative runtimes like gVisor and Kata, security and kernel-based isolation, and operating containerd in production. Ten focused chapters with real commands and clear diagrams that demystify the entire container stack.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What containerd Is
2. Chapter 2 — History and OCI Standards
3. Chapter 3 — Architecture
4. Chapter 4 — Images, Layers, and Snapshotters
5. Chapter 5 — The Client and Tools
6. Chapter 6 — Namespaces, Containers, and Tasks
7. Chapter 7 — CRI and Kubernetes
8. Chapter 8 — Plugins and Alternative Runtimes
9. Chapter 9 — Security and Isolation
10. Chapter 10 — Operating containerd and Putting It Together