K8S 1.20 deprecates nerdctl, an alternative to the Docker CLI evaluated by Docker

This article was last updated on: February 7, 2024 pm


In early December 2020, Kubernetes announced in its latest Changelog that it would deprecate Docker as a container runtime after Kubernetes 1.20.

Deprecation of Docker may bring a series of changes, including but not limited to:

  • Container image build tools
  • Container CLI
  • Container image repository
  • Container runtime

The feature article “K8S 1.20 Deprecation of Docker Assessment” examines the resulting changes and impacts from many perspectives.

  1. K8S 1.20 Deprecated Docker Evaluation of Differences between Docker and OCI Image Formats It mainly introduces the changes in image format
  2. K8S 1.20 Deprecates Docker Evaluation as a Replacement for the Docker CLI Featuring alternatives to the Docker CLI and personal testimonials - RedHat 3-piece set - Buildah, Podman and Skopeo

Continuing from the book, today we will introduce another alternative to the Docker CLI product: nerdctl.

nerdctl Brief introduction

nerdctl: is open source by containerd, contaiNERD CTL, a Docker-compatible CLI for containerd, and also supports Compose.

Typical application scenarios

Container Debug on K8S 1.20+ Node

If you’ve recently started using K8S 1.20 and above, and CRI has chosen containerd, you’ll notice that containerd comes with the CLI by default - ctr Compared with the Docker CLI, it has changed significantly, and there are the following problems:
Not compatible with Docker CLI and not user-friendly. Other than thatctr The following Docker CLI-like command is missing:

  • docker run -p <PORT>
  • docker run --restart=always --net=bridge
  • use ~/.docker/config.json disposition docker pull and authentication assistant tools such as docker-credential-ecr-login
  • docker logs

whereas nerdctl The main advantage is that it is almost completely compatible with the Docker CLI, then nerdctl Debugging is convenient in a K8S cluster.
The only differences are: nerdctl There is the concept of namespace (✍️ Note: containerd actually has the concept of namespace), as follows:

  • default
  • moby:Docker
  • k8s.io: Kubernetes cluster

For example, to list containers in k8s, you need to:

nerdctl --namespace k8s.io ps -a

In summary, in the new version of K8S, for the sake of consistent user experience, it is recommended to:

  1. Both are installed on K8S Node nerdctl, installation steps:
  2. Pass alias The command, implementation is the same as the previous version experience, the operation is as follows:

vi ~/.bashrc

Because it is mainly used for debugging on K8S Node, it is written as follows:

alias docker='nerdctl -n k8s.io'

Installation and use

curl -fsSLO https://github.com/containerd/nerdctl/releases/download/v0.13.0/nerdctl-0.13.0-linux-amd64.tar.gz
tar xvzf nerdctl-0.13.0-linux-amd64.tar.gz -C /usr/local/bin/ nerdctl

The complete user manual can be found at:nerdctl README, you can see that it is basically the same as the Docker command.


To do container debugging on K8S 1.20+ Node, CLI is required and recommended nerdctlmoreover alias Becoming Docker provides a consistent experience.
As for personal computers or operating machines, it is recommended not to replace, directly use Docker full set of it is not fragrant? 😏😏😏

K8S 1.20 deprecates nerdctl, an alternative to the Docker CLI evaluated by Docker
Posted on
November 9, 2021
Licensed under