update ubuntu server

  sudo apt-get update
  

Install the necessary packages

  sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
  

install docker

   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
  

Install Containerd

  sudo apt-get install containerd -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
containerd is already the newest version (1.7.2-0ubuntu1~22.04.1).
containerd set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  

Configure ContainerD

  sudo mkdir -p /etc/containerd
sudo su -
containerd config default /etc/containerd/config.toml
  
  containerd config default /etc/containerd/config.toml
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2

[cgroup]
  path = ""

[debug]
  address = ""
  format = ""
  gid = 0
  level = ""
  uid = 0

[grpc]
  address = "/run/containerd/containerd.sock"
  gid = 0
  max_recv_message_size = 16777216
  max_send_message_size = 16777216
  tcp_address = ""
  tcp_tls_ca = ""
  tcp_tls_cert = ""
  tcp_tls_key = ""
  uid = 0

[metrics]
  address = ""
  grpc_histogram = false

[plugins]

  [plugins."io.containerd.gc.v1.scheduler"]
    deletion_threshold = 0
    mutation_threshold = 100
    pause_threshold = 0.02
    schedule_delay = "0s"
    startup_delay = "100ms"

  [plugins."io.containerd.grpc.v1.cri"]
    cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
    device_ownership_from_security_context = false
    disable_apparmor = false
    disable_cgroup = false
    disable_hugetlb_controller = true
    disable_proc_mount = false
    disable_tcp_service = true
    drain_exec_sync_io_timeout = "0s"
    enable_cdi = false
    enable_selinux = false
    enable_tls_streaming = false
    enable_unprivileged_icmp = false
    enable_unprivileged_ports = false
    ignore_image_defined_volumes = false
    image_pull_progress_timeout = "1m0s"
    max_concurrent_downloads = 3
    max_container_log_line_size = 16384
    netns_mounts_under_state_dir = false
    restrict_oom_score_adj = false
    sandbox_image = "registry.k8s.io/pause:3.8"
    selinux_category_range = 1024
    stats_collect_period = 10
    stream_idle_timeout = "4h0m0s"
    stream_server_address = "127.0.0.1"
    stream_server_port = "0"
    systemd_cgroup = false
    tolerate_missing_hugetlb_controller = true
    unset_seccomp_profile = ""

    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      conf_template = ""
      ip_pref = ""
      max_conf_num = 1
      setup_serially = false

    [plugins."io.containerd.grpc.v1.cri".containerd]
      default_runtime_name = "runc"
      disable_snapshot_annotations = true
      discard_unpacked_layers = false
      ignore_blockio_not_enabled_errors = false
      ignore_rdt_not_enabled_errors = false
      no_pivot = false
      snapshotter = "overlayfs"

      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
        base_runtime_spec = ""
        cni_conf_dir = ""
        cni_max_conf_num = 0
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        privileged_without_host_devices_all_devices_allowed = false
        runtime_engine = ""
        runtime_path = ""
        runtime_root = ""
        runtime_type = ""
        sandbox_mode = ""
        snapshotter = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]

      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
          base_runtime_spec = ""
          cni_conf_dir = ""
          cni_max_conf_num = 0
          container_annotations = []
          pod_annotations = []
          privileged_without_host_devices = false
          privileged_without_host_devices_all_devices_allowed = false
          runtime_engine = ""
          runtime_path = ""
          runtime_root = ""
          runtime_type = "io.containerd.runc.v2"
          sandbox_mode = "podsandbox"
          snapshotter = ""

          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            BinaryName = ""
            CriuImagePath = ""
            CriuPath = ""
            CriuWorkPath = ""
            IoGid = 0
            IoUid = 0
            NoNewKeyring = false
            NoPivotRoot = false
            Root = ""
            ShimCgroup = ""
            SystemdCgroup = false

      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
        base_runtime_spec = ""
        cni_conf_dir = ""
        cni_max_conf_num = 0
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        privileged_without_host_devices_all_devices_allowed = false
        runtime_engine = ""
        runtime_path = ""
        runtime_root = ""
        runtime_type = ""
        sandbox_mode = ""
        snapshotter = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]

    [plugins."io.containerd.grpc.v1.cri".image_decryption]
      key_model = "node"

    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]

    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
      tls_cert_file = ""
      tls_key_file = ""

  [plugins."io.containerd.internal.v1.opt"]
    path = "/opt/containerd"

  [plugins."io.containerd.internal.v1.restart"]
    interval = "10s"

  [plugins."io.containerd.internal.v1.tracing"]
    sampling_ratio = 1.0
    service_name = "containerd"

  [plugins."io.containerd.metadata.v1.bolt"]
    content_sharing_policy = "shared"

  [plugins."io.containerd.monitor.v1.cgroups"]
    no_prometheus = false

  [plugins."io.containerd.nri.v1.nri"]
    disable = true
    disable_connections = false
    plugin_config_path = "/etc/nri/conf.d"
    plugin_path = "/opt/nri/plugins"
    plugin_registration_timeout = "5s"
    plugin_request_timeout = "2s"
    socket_path = "/var/run/nri/nri.sock"

  [plugins."io.containerd.runtime.v1.linux"]
    no_shim = false
    runtime = "runc"
    runtime_root = ""
    shim = "containerd-shim"
    shim_debug = false

  [plugins."io.containerd.runtime.v2.task"]
    platforms = ["linux/arm64/v8"]
    sched_core = false

  [plugins."io.containerd.service.v1.diff-service"]
    default = ["walking"]

  [plugins."io.containerd.service.v1.tasks-service"]
    blockio_config_file = ""
    rdt_config_file = ""

  [plugins."io.containerd.snapshotter.v1.aufs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.btrfs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.devmapper"]
    async_remove = false
    base_image_size = ""
    discard_blocks = false
    fs_options = ""
    fs_type = ""
    pool_name = ""
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.native"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.overlayfs"]
    root_path = ""
    upperdir_label = false

  [plugins."io.containerd.snapshotter.v1.zfs"]
    root_path = ""

  [plugins."io.containerd.tracing.processor.v1.otlp"]
    endpoint = ""
    insecure = false
    protocol = ""

  [plugins."io.containerd.transfer.v1.local"]
    config_path = ""
    max_concurrent_downloads = 3
    max_concurrent_uploaded_layers = 3

    [[plugins."io.containerd.transfer.v1.local".unpack_config]]
      differ = ""
      platform = "linux/arm64/v8"
      snapshotter = "overlayfs"

[proxy_plugins]

[stream_processors]

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar"

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar+gzip"

[timeouts]
  "io.containerd.timeout.bolt.open" = "0s"
  "io.containerd.timeout.metrics.shimstats" = "2s"
  "io.containerd.timeout.shim.cleanup" = "5s"
  "io.containerd.timeout.shim.load" = "5s"
  "io.containerd.timeout.shim.shutdown" = "3s"
  "io.containerd.timeout.task.state" = "2s"

[ttrpc]
  address = ""
  gid = 0
  uid = 0
sangam@sangam:~$ 
  

ContainerD Configuration Overview

Table of Contents

General Configuration

KeyDescription
disabled_pluginsList of plugins to be disabled.
required_pluginsList of required plugins.
importsList of imports from other configurations.
oom_scoreOut-Of-Memory score for ContainerD processes.
plugin_dirDirectory for ContainerD plugins.
rootDirectory for ContainerD’s persistent state.
stateDirectory for ContainerD’s runtime state.
versionConfiguration file format version.

CGroup

KeyDescription
pathCustom path for cgroup.

Debug

KeyDescription
addressSocket address for debug service.
formatLog format for debug service.
gidGroup ID for debug service.
levelDebug level.
uidUser ID for debug service.

GRPC

KeyDescription
addressSocket address for GRPC communication.
max_recv_message_sizeMaximum receive message size.
max_send_message_sizeMaximum send message size.
tcp_addressTCP address for GRPC.
tcp_tls_*TLS settings for TCP GRPC.
uid, gidUser/Group ID for GRPC socket.

Metrics

KeyDescription
addressAddress for exporting metrics.
grpc_histogramEnable GRPC histogram metrics.

Plugins

This section is extensive and contains configurations for various ContainerD plugins. Only key plugins and configurations are listed here.

io.containerd.gc.v1.scheduler

  • Garbage collection settings.

io.containerd.grpc.v1.cri

  • Settings for Container Runtime Interface (CRI), crucial for Kubernetes.

Runtimes (runc, etc.)

  • Define and configure container runtimes.

Proxy Plugins

KeyDescription
plugin_nameConfiguration for specific proxy plugin.

Stream Processors

KeyDescription
processor_nameConfiguration for specific stream processor.

Timeouts

KeyDescription
timeout_nameVarious timeout settings for ContainerD operations.

TTRPC

KeyDescription
addressAddress for TTRPC communication.
uid, gidUser/Group ID for TTRPC socket.

Verify ContainerD CLI - Ctr available on your system

  sangam@sangam:~$ ctr
NAME:
   ctr - 
        __
  _____/ /______
 / ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/

containerd CLI


USAGE:
   ctr [global options] command [command options] [arguments...]

VERSION:
   1.7.2

DESCRIPTION:
   
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.

COMMANDS:
   plugins, plugin            Provides information about containerd plugins
   version                    Print the client and server versions
   containers, c, container   Manage containers
   content                    Manage content
   events, event              Display containerd events
   images, image, i           Manage images
   leases                     Manage leases
   namespaces, namespace, ns  Manage namespaces
   pprof                      Provide golang pprof outputs for containerd
   run                        Run a container
   snapshots, snapshot        Manage snapshots
   tasks, t, task             Manage tasks
   install                    Install a new package
   oci                        OCI tools
   sandboxes, sandbox, sb, s  Manage sandboxes
   info                       Print the server info
   shim                       Interact with a shim directly
   help, h                    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug                      Enable debug output in logs
   --address value, -a value    Address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
   --timeout value              Total timeout for ctr commands (default: 0s)
   --connect-timeout value      Timeout for connecting to containerd (default: 0s)
   --namespace value, -n value  Namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
   --help, -h                   show help
   --version, -v                print the version
sangam@sangam:~$ 
  

ctr Command Examples for ContainerD

ctr is a command-line utility provided by ContainerD for interacting with the ContainerD daemon. It’s used for development, debugging, and low-level container operations. Below are some common examples of how to use ctr commands.

Table of Contents

List Containers

  sudo ctr containers list
CONTAINER    IMAGE    RUNTIME   
  

Pull an Image

  sangam@sangam:~$ sudo ctr run --rm -t docker.io/library/hello-world
ctr: container id must be provided
docker.io/library/hello-world:latest:                                             resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:4bd78111b6914a99dbc560e6a20eab57ff6655aea4a80c50b0c5491968cbc2e6:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:2d4e459f4ecb5329407ae3e47cbc107a2fbace221354ca75960af4c047b3cb13: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:478afc9190022e867bb857b1a25cc5abc7678287af6cb930562ec25be709f1b7:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:ee301c921b8aadc002973b2e0c3da17d701dcd994b606769a7e6eaa100b81d44:   done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 6.5 s                                                                    total:  10.3 K (1.6 KiB/s)                                       
unpacking linux/arm64/v8 sha256:4bd78111b6914a99dbc560e6a20eab57ff6655aea4a80c50b0c5491968cbc2e6...
done: 15.890923ms	
  

Run a Container

  sangam@sangam:~$ sudo ctr run --rm -t docker.io/library/hello-world:latest hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (arm64v8)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

sangam@sangam:~$ 
  

List Images

  sudo ctr images list
REF                                  TYPE                                    DIGEST                                                                  SIZE     PLATFORMS                                                                                                                                           LABELS 
docker.io/library/hello-world:latest application/vnd.oci.image.index.v1+json sha256:4bd78111b6914a99dbc560e6a20eab57ff6655aea4a80c50b0c5491968cbc2e6 13.4 KiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/riscv64,linux/s390x,unknown/unknown,windows/amd64 -      
  

Remove an Image

  sangam@sangam:~$ sudo ctr images remove docker.io/library/hello-world:latest 
docker.io/library/hello-world:latest
  

Create a Snapshot

  sangam@sangam:~$ sudo ctr snapshots info sha256:cd322088bcfba290bcfa064b77165d73708a0a77209146be150b29b7fec4c366 
{
    "Kind": "Committed",
    "Name": "sha256:cd322088bcfba290bcfa064b77165d73708a0a77209146be150b29b7fec4c366",
    "Created": "2024-02-09T10:01:41.428699079Z",
    "Updated": "2024-02-09T10:01:41.428699079Z"
}

sangam@sangam:~$ sudo ctr snapshots prepare busybox-snapshot

sangam@sangam:~$ sudo ctr snapshots ls
KEY                                                                     PARENT KIND      
busybox-snapshot                                                               Active    
sha256:cd322088bcfba290bcfa064b77165d73708a0a77209146be150b29b7fec4c366        Committed 

sangam@sangam:~$ sudo ctr snapshots diff busybox-snapshot sha256:cd322088bcfba290bcfa064b77165d73708a0a77209146be150b29b7fec4c366
  

Push an Image

  ctr images push myregistry.example.com/myimage:latest
  

Execute Command in Container

  ctr tasks exec
NAME:
   ctr tasks exec - Execute additional processes in an existing container

USAGE:
   ctr tasks exec [command options] [flags] CONTAINER CMD [ARG...]

OPTIONS:
   --cwd value       Working directory of the new process
   --tty, -t         Allocate a TTY for the container
   --detach, -d      Detach from the task after it has started execution
   --exec-id value   Exec specific id for the process
   --fifo-dir value  Directory used for storing IO FIFOs
   --log-uri value   Log uri for custom shim logging
   --user value      User id or name
   
ctr: Required flag "exec-id" not set

sangam@sangam:~$ sudo ctr images pull docker.io/library/busybox:latest
docker.io/library/busybox:latest: resolving      |--------------------------------------| 
docker.io/library/busybox:latest:                                                 resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:8f03917912ea995c637b6c0295846aaff5665f06ac82a29b421fba4c379494e7: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:c2bf9493c1bf786e95e3eac7d406c20aa1b8a2d40916756e891627e9e8f8d119:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:3e4fd538a9a0b729be05707cf805388be2fb701cfd5d44c6542f1988e8aef6e3:   done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 2.3 s                                                                    total:   0.0 B (0.0 B/s)                                         
unpacking linux/arm64/v8 sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74...
done: 4.323205ms	

Mem: 2554748K used, 1450628K free, 1432K shrd, 84568K buff, 1617808K cached
CPU:  4.3% usr  0.8% sys  0.0% nic 94.5% idle  0.1% io  0.0% irq  0.2% sirq
Load average: 0.29 0.23 0.20 1/361 12
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
    1     0 root     R     3984  0.1   0  0.0 top

open new terminal 

sangam@sangam:~$ sudo ctr tasks exec --exec-id exec1 busybox-container ls /
bin
dev
etc
home
lib
lib64
proc
root
run
sys
tmp
usr
var
  

View Container Logs

  sangam@sangam:~$ sudo ctr tasks ls
TASK                 PID      STATUS    
busybox-container    98767    RUNNING

sangam@sangam:~$ sudo ctr container ls
CONTAINER            IMAGE                               RUNTIME                  
busybox-container    docker.io/library/busybox:latest    io.containerd.runc.v2  

journalctl -u containerd
  

Stop a Container

  sudo ctr tasks kill busybox-container
  

Delete a Container

  sangam@sangam:~$ sudo ctr containers -h
NAME:
   ctr containers - Manage containers

USAGE:
   ctr containers command [command options] [arguments...]

COMMANDS:
   create                   Create container
   delete, del, remove, rm  Delete one or more existing containers
   info                     Get info about a container
   list, ls                 List containers
   label                    Set and clear labels for a container
   checkpoint               Checkpoint a container
   restore                  Restore a container from checkpoint

OPTIONS:
   --help, -h  show help
   
sangam@sangam:~$ sudo ctr containers del busybox-container 
  

Ctr plugins

  sangam@sangam:~$ sudo ctr plugins list
TYPE                                   ID                       PLATFORMS         STATUS    
io.containerd.snapshotter.v1           aufs                     linux/arm64/v8    skip      
io.containerd.snapshotter.v1           btrfs                    linux/arm64/v8    skip      
io.containerd.content.v1               content                  -                 ok        
io.containerd.snapshotter.v1           native                   linux/arm64/v8    ok        
io.containerd.snapshotter.v1           overlayfs                linux/arm64/v8    ok        
io.containerd.snapshotter.v1           devmapper                linux/arm64/v8    error     
io.containerd.snapshotter.v1           zfs                      linux/arm64/v8    skip      
io.containerd.metadata.v1              bolt                     -                 ok        
io.containerd.differ.v1                walking                  linux/arm64/v8    ok        
io.containerd.event.v1                 exchange                 -                 ok        
io.containerd.gc.v1                    scheduler                -                 ok        
io.containerd.lease.v1                 manager                  -                 ok        
io.containerd.nri.v1                   nri                      -                 ok        
io.containerd.runtime.v2               task                     linux/arm64/v8    ok        
io.containerd.runtime.v2               shim                     -                 ok        
io.containerd.sandbox.store.v1         local                    -                 ok        
io.containerd.sandbox.controller.v1    local                    -                 ok        
io.containerd.streaming.v1             manager                  -                 ok        
io.containerd.service.v1               introspection-service    -                 ok        
io.containerd.service.v1               containers-service       -                 ok        
io.containerd.service.v1               content-service          -                 ok        
io.containerd.service.v1               diff-service             -                 ok        
io.containerd.service.v1               images-service           -                 ok        
io.containerd.service.v1               namespaces-service       -                 ok        
io.containerd.service.v1               snapshots-service        -                 ok        
io.containerd.runtime.v1               linux                    linux/arm64/v8    ok        
io.containerd.monitor.v1               cgroups                  linux/arm64/v8    ok        
io.containerd.service.v1               tasks-service            -                 ok        
io.containerd.grpc.v1                  introspection            -                 ok        
io.containerd.transfer.v1              local                    -                 ok        
io.containerd.internal.v1              restart                  -                 ok        
io.containerd.grpc.v1                  containers               -                 ok        
io.containerd.grpc.v1                  content                  -                 ok        
io.containerd.grpc.v1                  diff                     -                 ok        
io.containerd.grpc.v1                  events                   -                 ok        
io.containerd.grpc.v1                  healthcheck              -                 ok        
io.containerd.grpc.v1                  images                   -                 ok        
io.containerd.grpc.v1                  leases                   -                 ok        
io.containerd.grpc.v1                  namespaces               -                 ok        
io.containerd.internal.v1              opt                      -                 ok        
io.containerd.grpc.v1                  sandbox-controllers      -                 ok        
io.containerd.grpc.v1                  sandboxes                -                 ok        
io.containerd.grpc.v1                  snapshots                -                 ok        
io.containerd.grpc.v1                  streaming                -                 ok        
io.containerd.grpc.v1                  tasks                    -                 ok        
io.containerd.grpc.v1                  transfer                 -                 ok        
io.containerd.grpc.v1                  version                  -                 ok        
io.containerd.grpc.v1                  cri                      linux/arm64/v8    ok        
io.containerd.tracing.processor.v1     otlp                     -                 skip      
io.containerd.internal.v1              tracing                  -                 ok        
  

pull images of all platfroms

  sudo ctr image pull --all-platforms \
docker.io/library/alpine:latest
  

export as tar

  sangam@sangam:~$ sudo ctr image export --all-platforms  \
image-layout-alpine.tar  docker.io/library/alpine:latest
sangam@sangam:~$ ls
code-server  image-layout-alpine.tar  runc-sangam-demo
sangam@sangam:~$ 
  

extract the tar file

  sangam@sangam:~$ tar xf image-layout-alpine.tar
sangam@sangam:~$ ls
blobs  code-server  image-layout-alpine.tar  index.json  manifest.json  oci-layout  runc-sangam-demo
  

skiped unwanted file and see what we got in tar

  sangam@sangam:~$ tree -I 'runc-sangam-demo|code-server'
.
├── blobs
│   └── sha256
│       ├── 05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd
│       ├── 0dc2e6c0f9ded2daeca96bbf270526d182d2f4267f5c7610c222c05cad6f6b96
│       ├── 15c46ced65c6abed6a27472a7904b04273e9a8091a5627badd6ff016ab073171
│       ├── 2d433224a9f8f46c545c8fc4bc82ea382227d892e9f0c704d90ef585542bf497
│       ├── 30c69795e46bd167df7f6152056f3c885cba4f5b4238e2327c73fb35c226d351
│       ├── 4a0759b5afbffdc507fbb4e32b3a139063c3a5c0829f811973850447f98830ae
│       ├── 4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8
│       ├── 5b984dd0323cee557fb6a9d8796f4b4414317cf1fb88bb2047d2046ac9447d77
│       ├── 5d0da60400afb021f2d8dbfec8b7d26457e77eb8825cba90eba84319133f0efe
│       ├── 6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0
│       ├── 8fc740d8c40e45ea330a3f324fe009148dfc1f771bc90254eaf8ff8bbcecfe02
│       ├── 935b61847fc465ff70ecbd3436253a7596a500e649a16014646a99393ccbb661
│       ├── a0264d60f80df12bc1e6dd98bae6c43debe6667c0ba482711f0d806493467a46
│       ├── ace17d5d883e9ea5a21138d0608d60aa2376c68f616c55b0b7e73fba6d8556a3
│       ├── b12b826de1ec8c4237aa09a0287e7be8bd317586f32bf6cd9395ec5dba52a3a2
│       ├── b229a85166aadbde58e73e03c5e2b9737fb4642ffb2d98ba453adc90d144c1d8
│       ├── bca4290a96390d7a6fc6f2f9929370d06f8dfcacba591c76e3d5c5044e7f420c
│       ├── c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
│       ├── eb8fba61d86413beda3240c40c599041e040e658cd8314e38ee15e67ea57d349
│       ├── ec299a7ba3c670e38642b0b62a0c779d84b249a3c889757e2b6f841433b4c6fe
│       ├── f4968021da4ff8b74325e5aebf0f9448b44becfdd14df80ecba474e43cc92546
│       └── fda0ff469afd28d9cfbb946e8e0a3c911c591a2691bea62be9187e45a1c50549
├── image-layout-alpine.tar
├── index.json
├── manifest.json
└── oci-layout

2 directories, 26 files
  

image manifest

  sangam@sangam:~$ cat manifest.json  | jq .
[
  {
    "Config": "blobs/sha256/ace17d5d883e9ea5a21138d0608d60aa2376c68f616c55b0b7e73fba6d8556a3",
    "RepoTags": [
      "alpine:latest"
    ],
    "Layers": [
      "blobs/sha256/bca4290a96390d7a6fc6f2f9929370d06f8dfcacba591c76e3d5c5044e7f420c"
    ]
  }
]
  

which appears to be a manifest list or an image index in the OCI (Open Container Initiative) format. It’s a JSON file that describes an image in a container registry, such as Docker Hub

read image config and image layers

  sangam@sangam:~$ cat ./blobs/sha256/c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b | jq .
{
  "manifests": [
    {
      "digest": "sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      },
      "size": 528
    },
    {
      "digest": "sha256:b229a85166aadbde58e73e03c5e2b9737fb4642ffb2d98ba453adc90d144c1d8",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "arm",
        "os": "linux",
        "variant": "v6"
      },
      "size": 528
    },
    {
      "digest": "sha256:ec299a7ba3c670e38642b0b62a0c779d84b249a3c889757e2b6f841433b4c6fe",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "arm",
        "os": "linux",
        "variant": "v7"
      },
      "size": 528
    },
    {
      "digest": "sha256:a0264d60f80df12bc1e6dd98bae6c43debe6667c0ba482711f0d806493467a46",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "arm64",
        "os": "linux",
        "variant": "v8"
      },
      "size": 528
    },
    {
      "digest": "sha256:15c46ced65c6abed6a27472a7904b04273e9a8091a5627badd6ff016ab073171",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "386",
        "os": "linux"
      },
      "size": 528
    },
    {
      "digest": "sha256:b12b826de1ec8c4237aa09a0287e7be8bd317586f32bf6cd9395ec5dba52a3a2",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "ppc64le",
        "os": "linux"
      },
      "size": 528
    },
    {
      "digest": "sha256:5d0da60400afb021f2d8dbfec8b7d26457e77eb8825cba90eba84319133f0efe",
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "platform": {
        "architecture": "s390x",
        "os": "linux"
      },
      "size": 528
    }
  ],
  "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
  "schemaVersion": 2
}
  

Last updated 03 Jun 2024, 13:43 +0530 . history