# containerd/containerd **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/containerd-containerd).** 20,369 stars · 3,800 forks · Go · apache-2.0 ## Links - GitHub: https://github.com/containerd/containerd - Homepage: https://containerd.io - awesome-repositories: https://awesome-repositories.com/repository/containerd-containerd.md ## Topics `cncf` `containerd` `containers` `cri` `docker` `hacktoberfest` `kubernetes` `oci` ## Description Containerd is a daemon-based container runtime that manages the complete lifecycle of containers on a host system. It functions as a core orchestration backend, handling image distribution, storage, and process execution while adhering to industry-standard specifications for container execution and configuration. The project is distinguished by its modular, plugin-based architecture, which allows for the extension of storage, runtime, and networking capabilities without requiring a full daemon recompile. It utilizes a shim-based execution model to delegate low-level operations, ensuring isolation and support for diverse environments. Furthermore, it employs content-addressable storage for efficient image management and provides a gRPC-based interface for programmatic control by external infrastructure applications. Beyond its core execution duties, the project covers a broad capability surface including comprehensive filesystem management, secure resource isolation, and advanced observability. It supports complex deployment requirements through features like container checkpointing, hardware resource exposure, and flexible network configuration. Security is enforced through image verification, kernel-level isolation policies, and support for unprivileged container execution. The project provides extensive documentation and tooling, including command-line utilities with shell completion and automated test suites for validating runtime interface compliance. ## Tags ### DevOps & Infrastructure - [Container Runtimes](https://awesome-repositories.com/f/devops-infrastructure/container-runtimes.md) — Executes and supervises container processes on a host system as a core container runtime. ([source](https://containerd.io/docs/2.3/ADOPTERS)) - [Container Lifecycle Managers](https://awesome-repositories.com/f/devops-infrastructure/container-lifecycle-managers.md) — Handles the full lifecycle of pods and containers, including image retrieval and process execution. ([source](https://containerd.io/docs/2.3/cri/architecture/)) - [Container Orchestration Platforms](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration-platforms.md) — Acts as a low-level runtime component providing interfaces for orchestration platforms to manage container lifecycles. - [Container Runtime Interfaces](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-orchestration-interfaces/container-runtime-interfaces.md) — Implements standardized runtime specifications for executing container images. ([source](https://containerd.io/docs/2.3/containerd-2.0/)) - [Container Runtime Managers](https://awesome-repositories.com/f/devops-infrastructure/container-runtime-managers.md) — Manages the lifecycle, configuration, and execution of container runtime instances as a core orchestration backend. ([source](https://containerd.io/docs/2.3/runtime-v2/)) - [Container Storage Drivers](https://awesome-repositories.com/f/devops-infrastructure/container-storage-drivers.md) — Manages and stacks filesystem layers for containerized environments using pluggable storage drivers. ([source](https://containerd.io/docs/2.3/snapshotters/devmapper/)) - [Container Image Management](https://awesome-repositories.com/f/devops-infrastructure/container-image-management.md) — Stores and retrieves container images and their constituent layers as immutable blobs indexed by cryptographic hashes. ([source](https://containerd.io/docs/2.3/content-flow/)) - [Runtime Specifications](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration-specifications/runtime-specifications.md) — Adheres to industry-standard specifications to ensure compatibility across different host systems. - [Container Daemons](https://awesome-repositories.com/f/devops-infrastructure/container-daemons.md) — Integrates with init systems to manage daemon lifecycles and cgroup hierarchies without interrupting container processes. ([source](https://containerd.io/docs/2.3/ops/)) - [Image Integrity Verification](https://awesome-repositories.com/f/devops-infrastructure/container-images/image-integrity-verification.md) — Enforces security policies by validating image signatures before allowing pull operations. ([source](https://containerd.io/docs/2.3/containerd-2.0/)) - [Container Isolation Technologies](https://awesome-repositories.com/f/devops-infrastructure/container-isolation-technologies.md) — Enforces kernel-level security policies and resource constraints to isolate containerized workloads. - [Container Orchestration Management](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration-management.md) — Groups multiple containers into a single sandbox primitive to share host resources and maintain a unified lifecycle. ([source](https://containerd.io/docs/2.3/sandbox-api/)) - [Filesystem Storage Drivers](https://awesome-repositories.com/f/devops-infrastructure/filesystem-storage-drivers.md) — Uses pluggable storage drivers to create and mount thin-provisioned filesystem layers for containers. - [Container Image Registries](https://awesome-repositories.com/f/devops-infrastructure/container-image-registries.md) — Retrieves container images from standard-compliant registries to prepare them for execution on the host system. ([source](https://containerd.io/docs/2.3/)) - [Container Management Daemons](https://awesome-repositories.com/f/devops-infrastructure/container-management-daemons.md) — Integrates custom runtime, storage, and interface implementations by loading modules without requiring a full daemon recompile. ([source](https://containerd.io/docs/2.3/plugins/)) - [Container Security](https://awesome-repositories.com/f/devops-infrastructure/container-security.md) — Applies kernel-level security mechanisms to container processes to restrict system calls and isolate workloads from the host. ([source](https://containerd.io/docs/2.3/runc/)) - [Cgroup Driver Configurations](https://awesome-repositories.com/f/devops-infrastructure/resource-isolation/cgroup-driver-configurations.md) — Selects the underlying driver for managing container cgroups to ensure compatibility with host system init processes and resource management policies. ([source](https://containerd.io/docs/2.3/cri/config/)) - [Programmatic Clients](https://awesome-repositories.com/f/devops-infrastructure/container-api-clients/programmatic-clients.md) — Provides a programmatic client package for direct infrastructure control by external applications. ([source](https://containerd.io/docs/2.3/getting-started)) - [Container Garbage Collection](https://awesome-repositories.com/f/devops-infrastructure/container-garbage-collection.md) — Identifies and removes orphaned system resources to maintain storage efficiency. ([source](https://containerd.io/docs/2.3/garbage-collection/)) - [Image Decryption](https://awesome-repositories.com/f/devops-infrastructure/container-images/image-decryption.md) — Unpacks encrypted image layers during the pull process using local keys and decryption metadata. ([source](https://containerd.io/docs/2.3/cri/decryption/)) - [Layer Flatteners](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/image-management-tools/image-layer-analyzers/layer-flatteners.md) — Transforms compressed image layers into mountable filesystem snapshots by applying layer diffs to committed snapshots. ([source](https://containerd.io/docs/2.3/content-flow/)) - [Cgroup Drivers](https://awesome-repositories.com/f/devops-infrastructure/container-storage-drivers/cgroup-drivers.md) — Configures system resource management drivers to ensure compatibility between container execution and host-level supervision. ([source](https://containerd.io/docs/2.3/cri/config)) - [Storage Backend Integrations](https://awesome-repositories.com/f/devops-infrastructure/storage-backend-integrations.md) — Integrates custom external snapshot plugins via a standard interface to support specialized filesystem storage requirements. ([source](https://containerd.io/docs/2.3/features/)) - [Stream Management](https://awesome-repositories.com/f/devops-infrastructure/container-management/stream-management.md) — Connects container standard streams to host-side pipes and terminals for interactive process communication. ([source](https://containerd.io/docs/2.3/runtime-v2/)) - [Container Image Caching](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/image-management-tools/container-image-caching.md) — Delegates image pulling to background services to improve deployment performance and reliability. ([source](https://containerd.io/docs/2.3/cri/config/)) - [Container Runtime Integrations](https://awesome-repositories.com/f/devops-infrastructure/container-runtime-integrations.md) — Integrates external plugins to monitor container states and dynamically modify configuration settings throughout the lifecycle. ([source](https://containerd.io/docs/2.3/nri/)) - [Operation Tracing](https://awesome-repositories.com/f/devops-infrastructure/container-runtimes/operation-tracing.md) — Collects and exports diagnostic telemetry data to monitor performance and troubleshoot container lifecycle events. ([source](https://containerd.io/docs/2.3/containerd-2.0/)) - [Daemon Management](https://awesome-repositories.com/f/devops-infrastructure/daemon-management.md) — Customizes runtime settings, storage paths, and metrics endpoints through a centralized configuration file. ([source](https://containerd.io/docs/2.3/getting-started/)) - [Remote File System Mounts](https://awesome-repositories.com/f/devops-infrastructure/remote-file-system-mounts.md) — Integrates external storage backends to mount container layers directly from remote sources. ([source](https://containerd.io/docs/2.3/snapshotters/remote-snapshotter/)) ### Data & Databases - [Content-Addressable Storage](https://awesome-repositories.com/f/data-databases/content-addressable-storage.md) — Uses content-addressable storage to manage immutable image layers indexed by cryptographic hashes. - [Virtualized Filesystem Layers](https://awesome-repositories.com/f/data-databases/storage-abstraction/local-filesystem-storage/virtualized-filesystem-layers.md) — Unpacks container image layers into individual disk image files that can be loopback mounted or attached to virtual machines. ([source](https://containerd.io/docs/2.3/snapshotters/blockfile/)) ### Security & Cryptography - [Rootless Container Runtimes](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/container-security/rootless-container-runtimes.md) — Runs the container runtime and managed workloads as a non-privileged user by leveraging kernel user namespaces to isolate system access. ([source](https://containerd.io/docs/2.3/rootless/)) - [Container-Based Sandboxes](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/execution-sandboxes/container-based-sandboxes.md) — Creates and manages isolated execution environments for containers using configuration files to define boundaries. ([source](https://containerd.io/docs/2.3/cri/crictl/)) - [Container Security](https://awesome-repositories.com/f/security-cryptography/container-security.md) — Enforces strict read-only access across filesystem mounts to prevent unauthorized modifications. ([source](https://containerd.io/docs/2.3/containerd-2.0/)) - [Plugin Security Policies](https://awesome-repositories.com/f/security-cryptography/container-security/plugin-security-policies.md) — Enforces security policies by selectively disabling specific container configuration adjustments and requiring mandatory plugins for container creation. ([source](https://containerd.io/docs/2.3/nri/)) - [Registry Access Controls](https://awesome-repositories.com/f/security-cryptography/registry-access-controls.md) — Configures TLS verification, custom certificate authorities, and client certificates to authenticate and encrypt communication with container registries. ([source](https://containerd.io/docs/2.3/hosts)) - [Security Isolation Mechanisms](https://awesome-repositories.com/f/security-cryptography/security-isolation-mechanisms.md) — Assigns specific runtime handlers to containers identified as untrusted to enforce stricter security boundaries and prevent host system compromise. ([source](https://containerd.io/docs/2.3/cri/config)) - [Integrity Verification](https://awesome-repositories.com/f/security-cryptography/integrity-verification.md) — Protects container layers from unauthorized modification or corruption using immutable file attributes or block-level verification. ([source](https://containerd.io/docs/2.3/snapshotters/erofs/)) ### Software Engineering & Architecture - [Plugin-Based Architectures](https://awesome-repositories.com/f/software-engineering-architecture/software-architecture/architectural-patterns/plugin-module-systems/modular-plugin-architectures/plugin-based-architectures.md) — Features a modular, plugin-based architecture for extending storage, runtime, and networking capabilities. - [Namespace Isolation](https://awesome-repositories.com/f/software-engineering-architecture/execution-control/namespace-isolation.md) — Organizes containers and images into logical namespaces to allow secure resource sharing on a single host. - [Type-Safe Configurations](https://awesome-repositories.com/f/software-engineering-architecture/application-lifecycle-management/configuration-management/configuration-formats-and-schemas/type-safe-configurations.md) — Provides type-safe configuration for modular components like snapshotters and runtimes to extend core functionality. ([source](https://containerd.io/docs/2.3/ops)) ### Development Tools & Productivity - [Shim Execution Models](https://awesome-repositories.com/f/development-tools-productivity/process-execution-layers/shim-execution-models.md) — Utilizes a shim-based execution model to delegate low-level operations and support diverse environments. - [Command Shims](https://awesome-repositories.com/f/development-tools-productivity/command-shims.md) — Offloads low-level start and stop operations to external runtime shims to ensure isolation and support for diverse environments. ([source](https://containerd.io/docs/2.3/runtime-v2/)) ### Networking & Communication - [gRPC Administrative Interfaces](https://awesome-repositories.com/f/networking-communication/grpc-administrative-interfaces.md) — Provides a gRPC-based interface for remote infrastructure control and container lifecycle management. - [Container Networking Tools](https://awesome-repositories.com/f/networking-communication/container-networking-tools.md) — Manages network namespaces for pods by integrating with network plugins to ensure connectivity and isolation. ([source](https://containerd.io/docs/2.3/cri/architecture/)) - [Performance Monitoring](https://awesome-repositories.com/f/networking-communication/grpc-interfaces/performance-monitoring.md) — Captures and exports telemetry data from gRPC calls to monitor system performance. ([source](https://containerd.io/docs/2.3/tracing/)) ### System Administration & Monitoring - [Metrics Exporters](https://awesome-repositories.com/f/system-administration-monitoring/metrics-exporters.md) — Exposes daemon and container-level performance data in standard formats for external collection. ([source](https://containerd.io/docs/2.3/ops)) - [Log Routing](https://awesome-repositories.com/f/system-administration-monitoring/container-observability-tools/log-routing.md) — Forwards container standard output and error streams to external destinations using pluggable logging schemes. ([source](https://containerd.io/docs/2.3/runtime-v2/)) - [Resource Lifecycle Management](https://awesome-repositories.com/f/system-administration-monitoring/resource-lifecycle-management.md) — Uses leases to explicitly protect resources from automatic removal and ensure availability. ([source](https://containerd.io/docs/2.3/garbage-collection/)) ### Artificial Intelligence & ML - [Hardware Resource Exposure](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-protocols-interoperability/resource-exposure-frameworks/hardware-resource-exposure.md) — Standardizes how hardware like GPUs are described and accessed by containers to ensure consistent resource availability. ([source](https://containerd.io/docs/2.3/containerd-2.0/))