Challenge,Β Medium, Β onΒ  Containers
ProblemSolutionDiscussion

In this challenge, you will need to install and configure containerd on a Linux host. Follow the steps below to complete the challenge.

Main components of a containerd installation: ctr, containerd, containerd-shim, runc, and CNI plugins.

First things first, obtain relatively fresh containerd binaries:

Hint 1 πŸ’‘

One of the main installation options mentioned in the official Getting started with containerd guide is to download containerd binaries from the project's GitHub Releases page.

Hint 2 πŸ’‘

Installing the containerd.io package (maintained by Docker) is also an option, but you'll likely get a more dated version of the daemon.

With the containerd binaries in place, start containerd as a systemd service:

Hint 3 πŸ’‘

The maintainers of the containerd project kindly provide a systemd unit file that you can use to launch containerd on your system.

Surprisingly or not, containerd itself cannot run any containers - it needs a lower-level container runtime for that. Install an OCI-compatible container runtime, such as runc or crun:

Hint 4 πŸ’‘

If you choose to install runc, it should be as simple as downloading a statically linked binary from the GitHub Releases page, placing it in one of the directories in your $PATH, and making it executable.

Neither containerd nor runc can do container networking by themselves - they need CNI plugins to be present on the host. Install the CNI plugins and configure a bridge network with the following parameters:

  • Bridge name: bridge0
  • Host-local IPAM
    • Subnet: 172.18.0.0/24
    • Gateway: 172.18.0.1
Hint 5 πŸ’‘

To install the CNI plugins, you can download the release binaries from the GitHub Releases page and extract them to /opt/cni/bin.

Hint 6 πŸ’‘

containerd expects the CNI configuration files to be present in /etc/cni/net.d. There are many ways to configure a bridge CNI network, but the following is a good starting point:

{
  "type": "bridge",
  "bridge": "bridge0",
  "name": "bridge",
  "isGateway": true,
  "ipMasq": true,
  "ipam": {
    "type": "host-local",
    "ranges": [
      [{"subnet": "172.18.0.0/24"}]
    ],
    "routes": [{"dst": "0.0.0.0/0"}]
  },
  "cniVersion": "1.0.0"
}

Finally, start an Nginx container with full networking support using the ctr CLI:

Hint 7 πŸ’‘

With ctr, you have to explicitly pull the image before you can start a container.

Hint 8 πŸ’‘

By default, ctr run will not enable networking for the container. You can use the --cni flag to enable the use of CNI plugins.

Discussion:Β  Discord
Categories:Β Containers
Tags:Β  #containerd #ctr #runc #oci-runtime #cni

Level up your Server Side game β€” Join 9,500 engineers who receive insightful learning materials straight to their inbox