runj is an OCI runtime for FreeBSD jails. Until recently, it relied on the jail(8) command to actually set up and manage the jail in the FreeBSD kernel. It had been a to-do item on my list for a long time to migrate to directly-invoking the jail(2) family of syscalls. This is now done, but I learned some new things along the way.
runj 0.2.0 now supports the new OCI Runtime Spec 1.3.0, which includes official FreeBSD support!
This post is part of the Lobste.rs blog carnival. A while ago I read this blog post “An app can be a home-cooked meal”. It really resonated with me. Later, I realized it’s because I’ve been doing this for a while, just without a name. While I don’t have a ton of home-cooked apps, I have written a few over the years for some different specific reasons.
containerd 2.1 is here! Delivering new features and improvements, this release also launches our new six-month cadence – just half a year after containerd 2.0.
I’ll be speaking at KubeCon EU 2025 in London tomorrow! As I like to do, here’s what I’m thinking of attending at the conference this week.
Welcome to day 4 of our series on containerd internals! Container images are the mechanism that we use to capture a container’s filesystem, distribute it to nodes that will eventually run containers, and ensure that containers start from a known-identical configuration. In many ways, images are the defining characteristic of a containerized system; they are the interaction point for users who want to create a workload and make it repeatable and predictable. Without images, you could still have similar isolation characteristics that are available in containerized systems today, but it would be more difficult to achieve reliable, production-ready, and understandable workloads.
Welcome to day 3 of our series on containerd internals! This post will cover ctr, a command-line tool for containerd.
Derek already announced this on his blog, but I figured I can post here too. This month, a few of the containerd maintainers plan to write a series of blog posts about containerd internals that we think are interesting and not well-known. Our hope through this series is that you’ll find some useful takeaways in operating containerd (and understanding how to debug), integrating with containerd (through our many extension points), contributing to containerd, or even in writing your own projects.
The containerd maintainers (including me) are happy to announce the release of containerd 2.0! This is the first major release of containerd since 1.0 was released in 2017, and represents a commitment both to the evolution of the containerd project and continued investment in stability, reliability, and efficiency.
containerd 2.0 will be the first new major release of containerd since the initial stable release of 1.0 in December, 2017. After six years of iteration, development, and refinement, 2.0 will encapsulate the learning we’ve had building and supporting containerd at large scale (and as the default container runtime for a number of managed container offerings). With that, 2.0 brings some major refactorings of core services (CRI, image management), new functionality (sandbox plugins, transfer plugins, image verifier plugins), improvements (better user namespace support, NRI updates), and removals of deprecated functionality.