[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5056":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":16,"starSnapshotCount":16,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},5056,"nerdctl","containerd\u002Fnerdctl","containerd","contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...","",null,"Go",10144,787,45,310,0,4,18,67,21,92.39,"Apache License 2.0",false,"main",[7],"2026-06-12 04:00:24","[[⬇️ **Download]**](https:\u002F\u002Fgithub.com\u002Fcontainerd\u002Fnerdctl\u002Freleases)\n[[📖 **Command reference]**](.\u002Fdocs\u002Fcommand-reference.md)\n[[❓**FAQs & Troubleshooting]**](.\u002Fdocs\u002Ffaq.md)\n[[📚 **Additional documents]**](#additional-documents)\n\n# nerdctl: Docker-compatible CLI for containerd\n\n\u003Cpicture>\n  \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"docs\u002Fimages\u002Fnerdctl.svg\">\n  \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs\u002Fimages\u002Fnerdctl-white.svg\">\n  \u003Cimg alt=\"logo\" src=\"docs\u002Fimages\u002Fnerdctl.svg\">\n\u003C\u002Fpicture>\n\n`nerdctl` is a Docker-compatible CLI for [contai**nerd**](https:\u002F\u002Fcontainerd.io).\n\n ✅ Same UI\u002FUX as `docker`\n\n ✅ Supports Docker Compose (`nerdctl compose up`)\n\n ✅ [Optional] Supports [rootless mode, without slirp overhead (bypass4netns)](.\u002Fdocs\u002Frootless.md)\n\n ✅ [Optional] Supports lazy-pulling ([Stargz](.\u002Fdocs\u002Fstargz.md), [Nydus](.\u002Fdocs\u002Fnydus.md), [OverlayBD](.\u002Fdocs\u002Foverlaybd.md))\n\n ✅ [Optional] Supports [encrypted images (ocicrypt)](.\u002Fdocs\u002Focicrypt.md)\n\n ✅ [Optional] Supports [P2P image distribution (IPFS)](.\u002Fdocs\u002Fipfs.md) (\\*1)\n\n ✅ [Optional] Supports [container image signing and verifying (cosign)](.\u002Fdocs\u002Fcosign.md)\n\nnerdctl is a **non-core** sub-project of containerd.\n\n\\*1: P2P image distribution (IPFS) is completely optional. Your host is NOT connected to any P2P network, unless you opt in to [install and run IPFS daemon](https:\u002F\u002Fdocs.ipfs.io\u002Finstall\u002F).\n\n## Examples\n\n### Basic usage\n\nTo run a container with the default `bridge` CNI network (10.4.0.0\u002F24):\n\n```console\n# nerdctl run -it --rm alpine\n```\n\nTo build an image using BuildKit:\n\n```console\n# nerdctl build -t foo \u002Fsome-dockerfile-directory\n# nerdctl run -it --rm foo\n```\n\nTo build and send output to a local directory using BuildKit:\n\n```console\n# nerdctl build -o type=local,dest=. \u002Fsome-dockerfile-directory\n```\n\nTo run containers from `docker-compose.yaml`:\n\n```console\n# nerdctl compose -f .\u002Fexamples\u002Fcompose-wordpress\u002Fdocker-compose.yaml up\n```\n\nSee also [`.\u002Fexamples\u002Fcompose-wordpress`](.\u002Fexamples\u002Fcompose-wordpress).\n\n### Debugging Kubernetes\n\nTo list local Kubernetes containers:\n\n```console\n# nerdctl --namespace k8s.io ps -a\n```\n\nTo build an image for local Kubernetes without using registry:\n\n```console\n# nerdctl --namespace k8s.io build -t foo \u002Fsome-dockerfile-directory\n# kubectl apply -f - \u003C\u003CEOF\napiVersion: v1\nkind: Pod\nmetadata:\n  name: foo\nspec:\n  containers:\n    - name: foo\n      image: foo\n      imagePullPolicy: Never\nEOF\n```\n\nTo load an image archive (`docker save` format or OCI format) into local Kubernetes:\n\n```console\n# nerdctl --namespace k8s.io load \u003C \u002Fpath\u002Fto\u002Fimage.tar\n```\n\nTo read logs (experimental):\n```console\n# nerdctl --namespace=k8s.io ps -a\nCONTAINER ID    IMAGE                                                      COMMAND                   CREATED          STATUS    PORTS    NAMES\n...\ne8793b8cca8b    registry.k8s.io\u002Fcoredns\u002Fcoredns:v1.9.3                     \"\u002Fcoredns -conf \u002Fetc…\"    2 minutes ago    Up                 k8s:\u002F\u002Fkube-system\u002Fcoredns-787d4945fb-mfx6b\u002Fcoredns\n...\n\n# nerdctl --namespace=k8s.io logs -f e8793b8cca8b\n[INFO] plugin\u002Freload: Running configuration SHA512 = 591cf328cccc12bc490481273e738df59329c62c0b729d94e8b61db9961c2fa5f046dd37f1cf888b953814040d180f52594972691cd6ff41be96639138a43908\nCoreDNS-1.9.3\nlinux\u002Famd64, go1.18.2, 45b0a11\n...\n```\n\n### Rootless mode\n\nTo launch rootless containerd:\n\n```console\n$ containerd-rootless-setuptool.sh install\n```\n\nTo run a container with rootless containerd:\n\n```console\n$ nerdctl run -d -p 8080:80 --name nginx nginx:alpine\n```\n\nSee [`.\u002Fdocs\u002Frootless.md`](.\u002Fdocs\u002Frootless.md).\n\n## Install\n\nBinaries are available here: \u003Chttps:\u002F\u002Fgithub.com\u002Fcontainerd\u002Fnerdctl\u002Freleases>\n\nIn addition to containerd, the following components should be installed:\n\n- [CNI plugins](https:\u002F\u002Fgithub.com\u002Fcontainernetworking\u002Fplugins): for using `nerdctl run`.\n  - v1.1.0 or later is highly recommended.\n- [BuildKit](https:\u002F\u002Fgithub.com\u002Fmoby\u002Fbuildkit) (OPTIONAL): for using `nerdctl build`. BuildKit daemon (`buildkitd`) needs to be running. See also [the document about setting up BuildKit](.\u002Fdocs\u002Fbuild.md).\n  - v0.11.0 or later is highly recommended. Some features, such as pruning caches with `nerdctl system prune`, do not work with older versions.\n- [RootlessKit](https:\u002F\u002Fgithub.com\u002Frootless-containers\u002Frootlesskit) (OPTIONAL): for [Rootless mode](.\u002Fdocs\u002Frootless.md)\n  - RootlessKit needs to be v0.10.0 or later. v3.0.0 or later is recommended.\n\nThese dependencies are included in `nerdctl-full-\u003CVERSION>-\u003COS>-\u003CARCH>.tar.gz`, but not included in `nerdctl-\u003CVERSION>-\u003COS>-\u003CARCH>.tar.gz`.\n\n### Brew\n\nOn Linux systems you can install nerdctl via [brew](https:\u002F\u002Fbrew.sh):\n\n```bash\nbrew install nerdctl\n```\n\nThis is currently not supported for macOS. The section below shows how to install on macOS using brew.\n\n### macOS\n\n[Lima](https:\u002F\u002Fgithub.com\u002Flima-vm\u002Flima) project provides Linux virtual machines for macOS, with built-in integration for nerdctl.\n\n```console\n$ brew install lima\n$ limactl start\n$ lima nerdctl run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine\n```\n\n### FreeBSD\n\nSee [`.\u002Fdocs\u002Ffreebsd.md`](docs\u002Ffreebsd.md).\n\n### Windows\n\n- Linux containers: Known to work on WSL2\n- Windows containers: experimental support for Windows (see below for features that are currently known to work)\n\n### Docker\n\nTo run containerd and nerdctl inside Docker:\n\n```bash\ndocker build -t nerdctl .\ndocker run -it --rm --privileged nerdctl\n```\n\n## Motivation\n\nThe goal of `nerdctl` is to facilitate experimenting the cutting-edge features of containerd that are not present in Docker (see below).\n\nNote that competing with Docker is _not_ the goal of `nerdctl`. Those cutting-edge features are expected to be eventually available in Docker as well.\n\nAlso, `nerdctl` might be potentially useful for debugging Kubernetes clusters, but it is not the primary goal.\n\n## Features present in `nerdctl` but not present in Docker\n\nMajor:\n\n- On-demand image pulling (lazy-pulling) using [Stargz](.\u002Fdocs\u002Fstargz.md)\u002F[Nydus](.\u002Fdocs\u002Fnydus.md)\u002F[OverlayBD](.\u002Fdocs\u002Foverlaybd.md)\u002F[SOCI](.\u002Fdocs\u002Fsoci.md) Snapshotter: `nerdctl --snapshotter=stargz|nydus|overlaybd|soci run IMAGE` .\n- [Image encryption and decryption using ocicrypt (imgcrypt)](.\u002Fdocs\u002Focicrypt.md): `nerdctl image (encrypt|decrypt) SRC DST`\n- [P2P image distribution using IPFS](.\u002Fdocs\u002Fipfs.md): `nerdctl run ipfs:\u002F\u002FCID` .\n  P2P image distribution (IPFS) is completely optional. Your host is NOT connected to any P2P network, unless you opt in to [install and run IPFS daemon](https:\u002F\u002Fdocs.ipfs.io\u002Finstall\u002F).\n- [Cosign integration](.\u002Fdocs\u002Fcosign.md): `nerdctl pull --verify=cosign` and `nerdctl push --sign=cosign`, and [in Compose](.\u002Fdocs\u002Fcosign.md#cosign-in-compose)\n- [Accelerated rootless containers using bypass4netns](.\u002Fdocs\u002Frootless.md): `nerdctl run --annotation nerdctl\u002Fbypass4netns=true`\n\nMinor:\n\n- Namespacing: `nerdctl --namespace=\u003CNS> ps` .\n  (NOTE: All Kubernetes containers are in the `k8s.io` containerd namespace regardless to Kubernetes namespaces)\n- Exporting Docker\u002FOCI dual-format archives: `nerdctl save` .\n- Importing OCI archives as well as Docker archives: `nerdctl load` .\n- Specifying a non-image rootfs: `nerdctl run -it --rootfs \u003CROOTFS> \u002Fbin\u002Fsh` . The CLI syntax conforms to Podman convention.\n- Connecting a container to multiple networks at once: `nerdctl run --net foo --net bar`\n- Running [FreeBSD jails](.\u002Fdocs\u002Ffreebsd.md).\n- Better multi-platform support, e.g., `nerdctl pull --all-platforms IMAGE`\n- Applying an (existing) AppArmor profile to rootless containers: `nerdctl run --security-opt apparmor=\u003CPROFILE>`.\n  Use `sudo nerdctl apparmor load` to load the `nerdctl-default` profile.\n- Systemd compatibility support: `nerdctl run --systemd=always`\n\nTrivial:\n\n- Inspecting raw OCI config: `nerdctl container inspect --mode=native` .\n\n## Features implemented in `nerdctl` ahead of Docker\n\n- Recursive read-only (RRO) bind-mount: `nerdctl run -v \u002Fmnt:\u002Fmnt:rro` (make children such as `\u002Fmnt\u002Fusb` to be read-only, too).\n  Requires kernel >= 5.12.\nThe same feature was later introduced in Docker v25 with a different syntax. nerdctl will support Docker v25 syntax too in the future.\n## Similar tools\n\n- [`ctr`](https:\u002F\u002Fgithub.com\u002Fcontainerd\u002Fcontainerd\u002Ftree\u002Fmain\u002Fcmd\u002Fctr): incompatible with Docker CLI, and not friendly to users.\n  Notably, `ctr` lacks the equivalents of the following nerdctl commands:\n  - `nerdctl run -p \u003CPORT>`\n  - `nerdctl run --restart=always --net=bridge`\n  - `nerdctl pull` with `~\u002F.docker\u002Fconfig.json` and credential helper binaries such as `docker-credential-ecr-login`\n  - `nerdctl logs`\n  - `nerdctl build`\n  - `nerdctl compose up`\n\n- [`crictl`](https:\u002F\u002Fgithub.com\u002Fkubernetes-sigs\u002Fcri-tools): incompatible with Docker CLI, not friendly to users, and does not support non-CRI features\n- [k3c v0.2 (abandoned)](https:\u002F\u002Fgithub.com\u002Francher\u002Fk3c\u002Ftree\u002Fv0.2.1): needs an extra daemon, and does not support non-CRI features\n- [Rancher Kim (nee k3c v0.3)](https:\u002F\u002Fgithub.com\u002Francher\u002Fkim): needs Kubernetes, and only focuses on image management commands such as `kim build` and `kim push`\n- [PouchContainer (abandoned?)](https:\u002F\u002Fgithub.com\u002Falibaba\u002Fpouch): needs an extra daemon\n\n## Developer guide\n\nnerdctl is a containerd **non-core** sub-project, licensed under the [Apache 2.0 license](.\u002FLICENSE).\nAs a containerd non-core sub-project, you will find the:\n\n- [Project governance](https:\u002F\u002Fgithub.com\u002Fcontainerd\u002Fproject\u002Fblob\u002Fmain\u002FGOVERNANCE.md),\n- [Maintainers](.\u002FMAINTAINERS),\n- and [Contributing guidelines](https:\u002F\u002Fgithub.com\u002Fcontainerd\u002Fproject\u002Fblob\u002Fmain\u002FCONTRIBUTING.md)\n\ninformation in our [`containerd\u002Fproject`](https:\u002F\u002Fgithub.com\u002Fcontainerd\u002Fproject) repository.\n\n### Compiling nerdctl from source\n\nRun `make && sudo make install`.\n\nSee the header of [`go.mod`](.\u002Fgo.mod) for the minimum supported version of Go.\n\nUsing `go install github.com\u002Fcontainerd\u002Fnerdctl\u002Fv2\u002Fcmd\u002Fnerdctl` is possible, but unrecommended because it does not fill version strings printed in `nerdctl version`\n\n### Testing\n\nSee [testing nerdctl](docs\u002Ftesting\u002FREADME.md).\n\n### Contributing to nerdctl\n\nLots of commands and flags are currently missing. Pull requests are highly welcome.\n\nPlease certify your [Developer Certificate of Origin (DCO)](https:\u002F\u002Fdevelopercertificate.org\u002F), by signing off your commit with `git commit -s` and with your real name.\n\n# Command reference\n\nMoved to [`.\u002Fdocs\u002Fcommand-reference.md`](.\u002Fdocs\u002Fcommand-reference.md)\n\n# Additional documents\n\nConfiguration guide:\n\n- [`.\u002Fdocs\u002Fconfig.md`](.\u002Fdocs\u002Fconfig.md): Configuration (`\u002Fetc\u002Fnerdctl\u002Fnerdctl.toml`, `~\u002F.config\u002Fnerdctl\u002Fnerdctl.toml`)\n- [`.\u002Fdocs\u002Fregistry.md`](.\u002Fdocs\u002Fregistry.md): Registry authentication (`~\u002F.docker\u002Fconfig.json`)\n\nBasic features:\n\n- [`.\u002Fdocs\u002Fcompose.md`](.\u002Fdocs\u002Fcompose.md):   Compose\n- [`.\u002Fdocs\u002Frootless.md`](.\u002Fdocs\u002Frootless.md): Rootless mode\n- [`.\u002Fdocs\u002Fcni.md`](.\u002Fdocs\u002Fcni.md): CNI for containers network\n- [`.\u002Fdocs\u002Fbuild.md`](.\u002Fdocs\u002Fbuild.md): `nerdctl build` with BuildKit\n\nAdvanced features:\n\n- [`.\u002Fdocs\u002Fstargz.md`](.\u002Fdocs\u002Fstargz.md):     Lazy-pulling using Stargz Snapshotter\n- [`.\u002Fdocs\u002Fnydus.md`](.\u002Fdocs\u002Fnydus.md):       Lazy-pulling using Nydus Snapshotter\n- [`.\u002Fdocs\u002Fsoci.md`](.\u002Fdocs\u002Fsoci.md):         Lazy-pulling using SOCI Snapshotter\n- [`.\u002Fdocs\u002Foverlaybd.md`](.\u002Fdocs\u002Foverlaybd.md):       Lazy-pulling using OverlayBD Snapshotter\n- [`.\u002Fdocs\u002Focicrypt.md`](.\u002Fdocs\u002Focicrypt.md): Running encrypted images\n- [`.\u002Fdocs\u002Fgpu.md`](.\u002Fdocs\u002Fgpu.md):           Using GPUs inside containers\n- [`.\u002Fdocs\u002Fmulti-platform.md`](.\u002Fdocs\u002Fmulti-platform.md):  Multi-platform mode\n\nExperimental features:\n\n- [`.\u002Fdocs\u002Fexperimental.md`](.\u002Fdocs\u002Fexperimental.md):  Experimental features\n- [`.\u002Fdocs\u002Ffreebsd.md`](.\u002Fdocs\u002Ffreebsd.md):  Running FreeBSD jails\n- [`.\u002Fdocs\u002Fipfs.md`](.\u002Fdocs\u002Fipfs.md): Distributing images on IPFS\n- [`.\u002Fdocs\u002Fbuilder-debug.md`](.\u002Fdocs\u002Fbuilder-debug.md): Interactive debugging of Dockerfile\n\nImplementation details:\n\n- [`.\u002Fdocs\u002Fdir.md`](.\u002Fdocs\u002Fdir.md):           Directory layout (`\u002Fvar\u002Flib\u002Fnerdctl`)\n\nMisc:\n\n- [`.\u002Fdocs\u002Ffaq.md`](.\u002Fdocs\u002Ffaq.md): FAQs and Troubleshooting\n","nerdctl 是一个与 Docker 兼容的命令行工具，专为 containerd 设计。其核心功能包括提供与 Docker 相同的用户界面和体验，并支持 Docker Compose、根权限模式、懒加载镜像拉取（如 Stargz）、加密镜像（ocicrypt）以及 P2P 镜像分发（IPFS）。此外，nerdctl 还支持容器镜像签名验证（cosign），并且能够直接与 Kubernetes 交互，便于调试容器化应用。此项目特别适合那些希望在不改变现有工作流程的情况下，从 Docker 迁移到 containerd 的开发者或团队使用。",2,"2026-06-11 03:02:17","top_language"]