The highest tagged major version is
README
ΒΆ
[β¬οΈ Download] [π Command reference] [π Additional documents]
nerdctl: Docker-compatible CLI for containerd
nerdctl is a Docker-compatible CLI for containerd.
β
Same UI/UX as docker
β
Supports Docker Compose (nerdctl compose up)
β Supports rootless mode
β Supports lazy-pulling (Stargz)
β Supports encrypted images (ocicrypt)
nerdctl is a non-core sub-project of containerd.
Examples
Basic usage
To run a container with the default CNI network (10.4.0.0/24):
# nerdctl run -it --rm alpine
To build an image using BuildKit:
# nerdctl build -t foo .
# nerdctl run -it --rm foo
To run containers from docker-compose.yaml:
# nerdctl compose -f ./examples/compose-wordpress/docker-compose.yaml up
See also ./examples/compose-wordpress.
Debugging Kubernetes
To list Kubernetes containers:
# nerdctl --namespace k8s.io ps -a
Rootless mode
To launch rootless containerd:
$ containerd-rootless-setuptool.sh install
To run a container with rootless containerd:
$ nerdctl run -d -p 8080:80 --name nginx nginx:alpine
See ./docs/rootless.md.
Install
Binaries are available here: https://github.com/containerd/nerdctl/releases
In addition to containerd, the following components should be installed (optional):
- CNI plugins: for using
nerdctl run. - CNI isolation plugin: for isolating bridge networks (
nerdctl network create) - BuildKit: for using
nerdctl build. BuildKit daemon (buildkitd) needs to be running. - RootlessKit and slirp4netns: for Rootless mode
- RootlessKit needs to be v0.10.0 or later. v0.14.1 or later is recommended.
- slirp4netns needs to be v0.4.0 or later. v1.1.7 or later is recommended.
These dependencies are included in nerdctl-full-<VERSION>-<OS>-<ARCH>.tar.gz, but not included in nerdctl-<VERSION>-<OS>-<ARCH>.tar.gz.
To run nerdctl inside Docker:
docker build -t nerdctl .
docker run -it --rm --privileged nerdctl
Motivation
The goal of nerdctl is to facilitate experimenting the cutting-edge features of containerd that are not present in Docker.
Such features includes, but not limited to, lazy-pulling and encryption of images.
Note that competing with Docker is not the goal of nerdctl. Those cutting-edge features are expected to be eventually available in Docker as well.
Also, nerdctl might be potentially useful for debugging Kubernetes clusters, but it is not the primary goal.
Features present in nerdctl but not present in Docker
Major:
- Lazy-pulling using Stargz Snapshotter:
nerdctl --snapshotter=stargz run. - Running encrypted images using ocicrypt (imgcrypt)
Minor:
- Namespacing:
nerdctl --namespace=<NS> ps. (NOTE: All Kubernetes containers are in thek8s.iocontainerd namespace regardless to Kubernetes namespaces) - Exporting Docker/OCI dual-format archives:
nerdctl save. - Importing OCI archives as well as Docker archives:
nerdctl load. - Specifying a non-image rootfs:
nerdctl run -it --rootfs <ROOTFS> /bin/sh. The CLI syntax conforms to Podman convention.
Trivial:
- Inspecting raw OCI config:
nerdctl container inspect --mode=native.
Similar tools
-
ctr: incompatible with Docker CLI, and not friendly to users. Notably,ctrlacks the equivalents of the following Docker CLI commands:docker run -p <PORT>docker run --restart=always --net=bridgedocker pullwith~/.docker/config.jsonand credential helper binaries such asdocker-credential-ecr-logindocker logs
-
crictl: incompatible with Docker CLI, not friendly to users, and does not support non-CRI features -
k3c v0.2 (abandoned): needs an extra daemon, and does not support non-CRI features
-
Rancher Kim (nee k3c v0.3): needs Kubernetes, and only focuses on image management commands such as
kim buildandkim push -
PouchContainer (abandoned?): needs an extra daemon
Developer guide
nerdctl is a containerd non-core sub-project, licensed under the Apache 2.0 license. As a containerd non-core sub-project, you will find the:
information in our containerd/project repository.
Compiling nerdctl from source
Run make && sudo make install.
Using go get github.com/containerd/nerdctl is possible, but unrecommended because it does not fill version strings printed in nerdctl version
Test suite
Running test suite against nerdctl
Run go test -exec sudo -v ./... after make && sudo make install.
For testing rootless mode, -exec sudo is not needed.
To run tests in a container:
docker build -t test --target test .
docker run -t --rm --privileged test
Running test suite against Docker
Run go test -exec sudo -test.target=docker . to ensure that the test suite is compatible with Docker.
Contributing to nerdctl
Lots of commands and flags are currently missing. Pull requests are highly welcome.
Please certify your Developer Certificate of Origin (DCO), by signing off your commit with git commit -s and with your real name.
Command reference
π³ = Docker compatible
π€ = nerdctl specific
Unlisted docker CLI flags are unimplemented yet in nerdctl CLI.
It does not necessarily mean that the corresponding features are missing in containerd.
- Run & Exec
- Container management
- Build
- Image management
- Registry
- Network management
- Volume management
- Namespace management
- System
- Shell completion
- Compose
- Global flags
- Unimplemented Docker commands
- Additional documents
Run & Exec
π³ nerdctl run
Run a command in a new container.
Usage: nerdctl run [OPTIONS] IMAGE [COMMAND] [ARG...]
Basic flags:
- π³
-i, --interactive: Keep STDIN open even if not attached" - π³
-t, --tty: Allocate a pseudo-TTY- β WIP: currently
-trequires-i, and conflicts with-d
- β WIP: currently
- π³
-d, --detach: Run container in background and print container ID - π³
--restart=(no|always): Restart policy to apply when a container exits- Default: "no"
- β No support for
on-failureandunless-stopped
- π³
--rm: Automatically remove the container when it exits - π³
--pull=(always|missing|never): Pull image before running- Default: "missing"
Network flags:
- π³
--network=(bridge|host|none): Connect a container to a network- Default: "bridge"
- π³
-p, --publish: Publish a container's port(s) to the host - π³
--dns: Set custom DNS servers - π³
-h, --hostname: Container host name
Cgroup flags:
- π³
--cpus: Number of CPUs - π³
--cpu-shares: CPU shares (relative weight) - π³
--cpuset-cpus: CPUs in which to allow execution (0-3, 0,1) - π³
--memory: Memory limit - π³
--pids-limit: Tune container pids limit - π³
--cgroupns=(host|private): Cgroup namespace to use- Default: "private" on cgroup v2 hosts, "host" on cgroup v1 hosts
User flags:
- π³
-u, --user: Username or UID (format: <name|uid>[:<group|gid>])
Security flags:
- π³
--security-opt seccomp=<PROFILE_JSON_FILE>: specify custom seccomp profile - π³
--security-opt apparmor=<PROFILE>: specify custom AppArmor profile - π³
--security-opt no-new-privileges: disallow privilege escalation, e.g., setuid and file capabilities - π³
--cap-add=<CAP>: Add Linux capabilities - π³
--cap-drop=<CAP>: Drop Linux capabilities - π³
--privileged: Give extended privileges to this container
Runtime flags:
- π³
--runtime: Runtime to use for this container, e.g. "crun", or "io.containerd.runsc.v1". - π³
--sysctl: Sysctl options, e.g "net.ipv4.ip_forward=1"
Volume flags:
- π³
-v, --volume: Bind mount a volume
Rootfs flags:
- π³
--read-only: Mount the container's root filesystem as read only - π€
--rootfs: The first argument is not an image but the rootfs to the exploded container. Corresponds to Podman CLI.
Env flags:
- π³
--entrypoint: Overwrite the default ENTRYPOINT of the image - π³
-w, --workdir: Working directory inside the container - π³
-e, --env: Set environment variables
Metadata flags:
- π³
--name: Assign a name to the container - π³
-l, --label: Set meta data on a container - π³
--label-file: Read in a line delimited file of labels
Other docker run flags are on plan but unimplemented yet.
Clicke here to show all the `docker run` flags (Docker 20.10)
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Run a command in a new container
Options:
--add-host list Add a custom host-to-IP mapping (host:ip)
-a, --attach list Attach to STDIN, STDOUT or STDERR
--blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
--blkio-weight-device list Block IO weight (relative device weight) (default [])
--cap-add list Add Linux capabilities
--cap-drop list Drop Linux capabilities
--cgroup-parent string Optional parent cgroup for the container
--cgroupns string Cgroup namespace to use (host|private)
'host': Run the container in the Docker host's cgroup namespace
'private': Run the container in its own private cgroup namespace
'': Use the cgroup namespace as configured by the
default-cgroupns-mode option on the daemon (default)
--cidfile string Write the container ID to the file
--cpu-period int Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int Limit CPU real-time period in microseconds
--cpu-rt-runtime int Limit CPU real-time runtime in microseconds
-c, --cpu-shares int CPU shares (relative weight)
--cpus decimal Number of CPUs
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
-d, --detach Run container in background and print container ID
--detach-keys string Override the key sequence for detaching a container
--device list Add a host device to the container
--device-cgroup-rule list Add a rule to the cgroup allowed devices list
--device-read-bps list Limit read rate (bytes per second) from a device (default [])
--device-read-iops list Limit read rate (IO per second) from a device (default [])
--device-write-bps list Limit write rate (bytes per second) to a device (default [])
--device-write-iops list Limit write rate (IO per second) to a device (default [])
--disable-content-trust Skip image verification (default true)
--dns list Set custom DNS servers
--dns-option list Set DNS options
--dns-search list Set custom DNS search domains
--domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env list Set environment variables
--env-file list Read in a file of environment variables
--expose list Expose a port or a range of ports
--gpus gpu-request GPU devices to add to the container ('all' to pass all GPUs)
--group-add list Add additional groups to join
--health-cmd string Command to run to check health
--health-interval duration Time between running the check (ms|s|m|h) (default 0s)
--health-retries int Consecutive failures needed to report unhealthy
--health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)
--health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s)
--help Print usage
-h, --hostname string Container host name
--init Run an init inside the container that forwards signals and reaps processes
-i, --interactive Keep STDIN open even if not attached
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--ipc string IPC mode to use
--isolation string Container isolation technology
--kernel-memory bytes Kernel memory limit
-l, --label list Set meta data on a container
--label-file list Read in a line delimited file of labels
--link list Add link to another container
--link-local-ip list Container IPv4/IPv6 link-local addresses
--log-driver string Logging driver for the container
--log-opt list Log driver options
--mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33)
-m, --memory bytes Memory limit
--memory-reservation bytes Memory soft limit
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--memory-swappiness int Tune container memory swappiness (0 to 100) (default -1)
--mount mount Attach a filesystem mount to the container
--name string Assign a name to the container
--network network Connect a container to a network
--network-alias list Add network-scoped alias for the container
--no-healthcheck Disable any container-specified HEALTHCHECK
--oom-kill-disable Disable OOM Killer
--oom-score-adj int Tune host's OOM preferences (-1000 to 1000)
--pid string PID namespace to use
--pids-limit int Tune container pids limit (set -1 for unlimited)
--platform string Set platform if server is multi-platform capable
--privileged Give extended privileges to this container
-p, --publish list Publish a container's port(s) to the host
-P, --publish-all Publish all exposed ports to random ports
--pull string Pull image before running ("always"|"missing"|"never") (default "missing")
--read-only Mount the container's root filesystem as read only
--restart string Restart policy to apply when a container exits (default "no")
--rm Automatically remove the container when it exits
--runtime string Runtime to use for this container
--security-opt list Security Options
--shm-size bytes Size of /dev/shm
--sig-proxy Proxy received signals to the process (default true)
--stop-signal string Signal to stop a container (default "SIGTERM")
--stop-timeout int Timeout (in seconds) to stop a container
--storage-opt list Storage driver options for the container
--sysctl map Sysctl options (default map[])
--tmpfs list Mount a tmpfs directory
-t, --tty Allocate a pseudo-TTY
--ulimit ulimit Ulimit options (default [])
-u, --user string Username or UID (format: <name|uid>[:<group|gid>])
--userns string User namespace to use
--uts string UTS namespace to use
-v, --volume list Bind mount a volume
--volume-driver string Optional volume driver for the container
--volumes-from list Mount volumes from the specified container(s)
-w, --workdir string Working directory inside the container
π³ nerdctl exec
Run a command in a running container.
Usage: nerdctl exec [OPTIONS] CONTAINER COMMAND [ARG...]
Flags:
- π³
-i, --interactive: Keep STDIN open even if not attached - π³
-t, --tty: Allocate a pseudo-TTY- β WIP: currently
-trequires-i, and conflicts with-d
- β WIP: currently
- π³
-d, --detach: Detached mode: run command in the background - π³
-w, --workdir: Working directory inside the container - π³
-e, --env: Set environment variables - π³
--privileged: Give extended privileges to the command
Unimplemented docker exec flags: --detach-keys, --env-file, --user
Container management
π³ nerdctl ps
List containers.
Usage: nerdctl ps [OPTIONS]
Flags:
- π³
-a, --all: Show all containers (default shows just running) - π³
--no-trunc: Don't truncate output - π³
-q, --quiet: Only display container IDs
Unimplemented docker ps flags: --filter, --format, --last, --size
π³ nerdctl inspect
Display detailed information on one or more containers.
Usage: nerctl inspect [OPTIONS] NAME|ID [NAME|ID...]
Flags:
- π€
--mode=(dockercompat|native): Inspection mode. "native" produces more information.
Unimplemented docker inspect flags: --format, --size, --type
π³ nerdctl logs
Fetch the logs of a container.
β Currently, only containers created with nerdctl run -d are supported.
Usage: nerctl logs [OPTIONS] CONTAINER
Flags:
- π³
--f, --follow: Follow log output
Unimplemented docker logs flags: --details, --since, --tail, --timestamps, --until
π³ nerdctl port
List port mappings or a specific mapping for the container.
Usage: nerdctl port CONTAINER [PRIVATE_PORT[/PROTO]]
π³ nerdctl rm
Remove one or more containers.
Usage: nerdctl rm [OPTIONS] CONTAINER [CONTAINER...]
Flags:
- π³
-f, --force: Force the removal of a running|paused|unknown container (uses SIGKILL) - π³
-v, --volumes: Remove anonymous volumes associated with the container
Unimplemented docker rm flags: --link
π³ nerdctl stop
Stop one or more running containers.
Usage: nerdctl stop [OPTIONS] CONTAINER [CONTAINER...]
Unimplemented docker stop flags: --time
π³ nerdctl start
Start one or more running containers.
Usage: nerdctl start [OPTIONS] CONTAINER [CONTAINER...]
Unimplemented docker start flags: --attach, --checkpoint, --checkpoint-dir, --detach-keys, --interactive
π³ nerdctl wait
Block until one or more containers stop, then print their exit codes.
Usage: nerdctl wait CONTAINER [CONTAINER...]
π³ nerdctl kill
Kill one or more running containers.
Usage: nerdctl kill [OPTIONS] CONTAINER [CONTAINER...]
Flags:
- π³
-s, --signal: Signal to send to the container (default: "KILL")
π³ nerdctl pause
Pause all processes within one or more containers.
Usage: nerdctl pause CONTAINER [CONTAINER...]
π³ nerdctl unpause
Unpause all processes within one or more containers.
Usage: nerdctl unpause CONTAINER [CONTAINER...]
Build
π³ nerdctl build
Build an image from a Dockerfile.
βΉ Needs buildkitd to be running.
Usage: nerdctl build [OPTIONS] PATH
Flags:
- π€
--buildkit-host=<BUILDKIT_HOST>: BuildKit address - π³
-t, --tag: Name and optionally a tag in the 'name:tag' format - π³
-f, --file: Name of the Dockerfile - π³
--target: Set the target build stage to build - π³
--build-arg: Set build-time variables - π³
--no-cache: Do not use cache when building the image - π³
--progress=(auto|plain|tty): Set type of progress output (auto, plain, tty). Use plain to show container output - π³
--secret: Secret file to expose to the build: id=mysecret,src=/local/secret - π³
--ssh: SSH agent socket or keys to expose to the build (format:default|<id>[=<socket>|<key>[,<key>]])
Unimplemented docker build flags: --add-host, --cache-from, --iidfile, --label, --network, --platform, --quiet, --squash
π³ nerdctl commit
Create a new image from a container's changes
Usage: nerdctl commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Flags:
- π³
-a, --author: Author (e.g., "nerdctl contributor nerdctl-dev@example.com") - π³
-m, --message: Commit message
Unimplemented docker commit flags: --change, --pause
Image management
π³ nerdctl images
List images
Usage: nerdctl images [OPTIONS] [REPOSITORY[:TAG]]
Flags:
- π³
-q, --quiet: Only show numeric IDs - π³
--no-trunc: Don't truncate output
Unimplemented docker images flags: --all, --digests, --filter, --format
π³ nerdctl pull
Pull an image from a registry.
Usage: nerdctl pull [OPTIONS] NAME[:TAG|@DIGEST]
Unimplemented docker pull flags: --all-tags, --disable-content-trust (default true), --platform, --quiet
π³ nerdctl push
Push an image to a registry.
Usage: nerdctl push [OPTIONS] NAME[:TAG]
Unimplemented docker push flags: --all-tags, --disable-content-trust (default true), --quiet
π³ nerdctl load
Load an image from a tar archive or STDIN.
π€ Supports both Docker Image Spec v1.2 and OCI Image Spec v1.0.
Usage: nerdctl load [OPTIONS]
Flags:
- π³
-i, --input: Read from tar archive file, instead of STDIN
Unimplemented docker load flags: --quiet
π³ nerdctl save
Save one or more images to a tar archive (streamed to STDOUT by default)
π€ The archive implements both Docker Image Spec v1.2 and OCI Image Spec v1.0.
Usage: nerdctl save [OPTIONS] IMAGE [IMAGE...]
Flags:
- π³
-o, --output: Write to a file, instead of STDOUT
π³ nerdctl tag
Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE.
Usage: nerdctl tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
π³ nerdctl rmi
Remove one or more images
Usage: nerdctl rmi [OPTIONS] IMAGE [IMAGE...]
Unimplemented docker rmi flags: --force, --no-prune
π€ nerdctl image convert
Convert an image format.
e.g., nerdctl image convert --estargz --oci example.com/foo:orig example.com/foo:esgz
Usage: nerdctl image convert [OPTIONS] SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
Flags:
--estargz: convert legacy tar(.gz) layers to eStargz for lazy pulling. Should be used in conjunction with '--oci'--estargz-record-in=<FILE>: readctr-remote optimize --record-out=<FILE>record file. β This flag is experimental and subject to change.--estargz-compression-level=<LEVEL>: eStargz compression level (default: 9)--estargz-chunk-size=<SIZE>: eStargz chunk size--uncompress: convert tar.gz layers to uncompressed tar layers--oci: convert Docker media types to OCI media types--platform=<PLATFORM>: convert content for a specific platform--all-platforms: convert content for all platforms (default: false)
Registry
π³ nerdctl login
Log in to a Docker registry.
Usage: nerdctl login [OPTIONS] [SERVER]
Flags:
- π³
-u, --username: Username - π³
-p, --password: Password - π³
--password-stdin: Take the password from stdin
π³ nerdctl logout
Log out from a Docker registry
Usage: nerdctl logout [SERVER]
Network management
π³ nerdctl network create
Create a network
βΉ To isolate CNI bridge, CNI isolation plugin needs to be installed.
Usage: nerdctl network create [OPTIONS] NETWORK
Flags:
- π³
--subnet: Subnet in CIDR format that represents a network segment, e.g. "10.5.0.0/16"
Unimplemented docker network create flags: --attachable, --aux-address, --config-from, --config-only, --driver, --gateway, --ingress, --internal, --ip-range, --ipam-driver, --ipam-opt, --ipv6, --label, --opt, --scope
π³ nerdctl network ls
List networks
Usage: nerdctl network ls [OPTIONS]
Unimplemented docker network ls flags: --filter, --format, --no-trunc, --quiet
π³ nerdctl network inspect
Display detailed information on one or more networks
β The output format is not compatible with Docker.
Usage: nerdctl network inspect [OPTIONS] NETWORK [NETWORK...]
Unimplemented docker network inspect flags: --format, --verbose
π³ nerdctl network rm
Remove one or more networks
Usage: nerdctl network rm NETWORK [NETWORK...]
Volume management
π³ nerdctl volume create
Create a volume
Usage: nerdctl volume create [OPTIONS] [VOLUME]
Unimplemented docker volume create flags: --driver, --label, --opt
π³ nerdctl volume ls
List volumes
Usage: nerdctl volume ls [OPTIONS]
Flags:
- π³
-q, --quiet: Only display volume names
Unimplemented docker volume ls flags: --filter, --format
π³ nerdctl volume inspect
Display detailed information on one or more volumes
Usage: nerdctl volume inspect [OPTIONS] VOLUME [VOLUME...]
Unimplemented docker volume inspect flags: --format
π³ nerdctl volume rm
Remove one or more volumes
Usage: nerdctl volume rm [OPTIONS] VOLUME [VOLUME...]
- π³
-f, --force: Force the removal of one or more volumes- β WIP: currently, volumes are always forcibly removed, even when
--forceis not specified.
- β WIP: currently, volumes are always forcibly removed, even when
Namespace management
π€ nerdctl namespace ls
List containerd namespaces such as "default", "moby", or "k8s.io".
Usage: nerdctl namespace ls [OPTIONS]
Flags:
-q, --quiet: Only display namespace names
System
π³ nerdctl events
Get real time events from the server.
β The output format is not compatible with Docker.
Usage: nerdctl events [OPTIONS]
Unimplemented docker events flags: --filter, --format, --since, --until
π³ nerdctl info
Display system-wide information
Usage: nerdctl info [OPTIONS]
Flags:
- π³
-f, --format: Format the output using the given Go template, e.g,{{json .}}
π³ nerdctl version
Show the nerdctl version information
Usage: nerdctl version [OPTIONS]
Unimplemented docker version flags: --format
Shell completion
π€ nerdctl completion bash
Show bash completion.
Usage: add the following line to ~/.bash_profile:
source <(nerdctl completion bash)
Compose
π³ nerdctl compose
Compose
Usage: nerdctl compose [OPTIONS] [COMMAND]
Flags:
- π³
-f, --file: Specify an alternate compose file - π³
-p, --project-name: Specify an alternate project name
π³ nerdctl compose up
Create and start containers
Usage: nerdctl compose up [OPTIONS] [SERVICE...]
Flags:
- π³
-d, --detach: Detached mode: Run containers in the background - π³
--no-color: Produce monochrome output - π³
--no-log-prefix: Don't print prefix in logs - π³
build: Build images before starting containers.
Unimplemented docker-compose up flags: --quiet-pull, --no-deps, --force-recreate, --always-recreate-deps, --no-recreate,
--no-start, --abort-on-container-exit, --attach-dependencies, --timeout, --renew-anon-volumes, --remove-orphans, --exit-code-from,
--scale
π³ nerdctl compose logs
Create and start containers
Usage: nerdctl compose logs [OPTIONS]
Flags:
- π³
--no-color: Produce monochrome output - π³
--no-log-prefix: Don't print prefix in logs
Unimplemented docker-compose logs flags: --timestamps, --tail
π³ nerdctl compose build
Build or rebuild services.
Usage: nerdctl compose build [OPTIONS]
Flags:
- π³
--build-arg: Set build-time variables for services - π³
--no-cache: Do not use cache when building the image - π³
--progress: Set type of progress output (auto, plain, tty)
Unimplemented docker-compose build flags: --compress, --force-rm, --memory, --no-rm, --parallel, --pull, --quiet
π³ nerdctl compose down
Remove containers and associated resources
Usage: nerdctl compose up [OPTIONS] [SERVICE...]
Flags:
- π³
-v, --volumes: Remove named volumes declared in the volumes section of the Compose file and anonymous volumes attached to containers
Unimplemented docker-compose down flags: --rmi, --remove-orphans, --timeout
Global flags
- π€
-a,--address: containerd address, optionally with "unix://" prefix - π³
-H,--host: Docker-compatible alias for-a,--address - π€
-n,--namespace: containerd namespace - π€
--snapshotter: containerd snapshotter - π€
--cni-path: CNI binary path (default:/opt/cni/bin) [$CNI_PATH] - π€
--cni-netconfpath: CNI netconf path (default:/etc/cni/net.d) [$NETCONFPATH] - π€
--data-root: nerdctl data root, e.g. "/var/lib/nerdctl" - π€
--cgroup-manager=(cgroupfs|systemd|none): cgroup manager- Default: "systemd" on cgroup v2 (rootful & rootless), "cgroupfs" on v1 rootful, "none" on v1 rootless
- π€
--insecure-registry: skips verifying HTTPS certs, and allows falling back to plain HTTP
Unimplemented Docker commands
Container management:
-
docker create -
docker attach -
docker cp -
docker diff -
docker rename -
docker container prune -
docker checkpoint *
Stats:
docker statsdocker top
Image:
-
docker exportanddocker import -
docker history -
docker image inspect -
docker image prune -
docker trust * -
docker manifest *
Network management:
docker network connectdocker network disconnectdocker network prune
Registry:
docker search
Compose:
docker-compose config|create|events|exec|images|kill|pause|port|ps|pull|push|restart|rm|run|scale|start|stop|top|unpause
Others:
docker system dfdocker system prunedocker context- Swarm commands are unimplemented and will not be implemented:
docker swarm|node|service|config|secret|stack * - Plugin commands are unimplemented and will not be implemented:
docker plugin *
Additional documents
./docs/compose.md: Compose./docs/dir.md: Directory layout (/var/lib/nerdctl)./docs/registry.md: Registry authentication (~/.docker/config.json)./docs/rootless.md: Rootless mode./docs/stargz.md: Lazy-pulling using Stargz Snapshotter./docs/ocicrypt.md: Running encrypted images
Documentation
ΒΆ
There is no documentation for this package.
Source Files
ΒΆ
- build.go
- client.go
- commit.go
- completion.go
- compose.go
- compose_build.go
- compose_down.go
- compose_logs.go
- compose_up.go
- container.go
- container_inspect.go
- events.go
- exec.go
- image.go
- image_convert.go
- images.go
- info.go
- inspect.go
- internal.go
- internal_oci_hook.go
- kill.go
- load.go
- login.go
- logout.go
- logs.go
- main.go
- namespace.go
- network.go
- network_create.go
- network_inspect.go
- network_ls.go
- network_rm.go
- pause.go
- port.go
- ps.go
- pull.go
- push.go
- rm.go
- rmi.go
- run.go
- run_cgroup.go
- run_mount.go
- run_runtime.go
- run_security.go
- run_user.go
- save.go
- start.go
- stop.go
- system.go
- tag.go
- unpause.go
- version.go
- volume.go
- volume_create.go
- volume_inspect.go
- volume_ls.go
- volume_rm.go
- wait.go
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
pkg
|
|
|
dnsutil/hostsstore
Package hoststore provides the interface for /var/lib/nerdctl/<ADDRHASH>/etchosts .
|
Package hoststore provides the interface for /var/lib/nerdctl/<ADDRHASH>/etchosts . |
|
imgutil/pull
Package pull forked from https://github.com/containerd/containerd/blob/v1.4.3/cmd/ctr/commands/content/fetch.go
|
Package pull forked from https://github.com/containerd/containerd/blob/v1.4.3/cmd/ctr/commands/content/fetch.go |
|
imgutil/push
Package push derived from https://github.com/containerd/containerd/blob/v1.4.3/cmd/ctr/commands/images/push.go
|
Package push derived from https://github.com/containerd/containerd/blob/v1.4.3/cmd/ctr/commands/images/push.go |
|
inspecttypes/dockercompat
Package dockercompat mimics `docker inspect` objects.
|
Package dockercompat mimics `docker inspect` objects. |
|
labels
Package labels defines labels that are set to containerd containers as labels.
|
Package labels defines labels that are set to containerd containers as labels. |