Your submission was sent successfully! Close

You have successfully unsubscribed! Close

containerd charm

This subordinate charm deploys the Containerd engine within a running Juju model. Containerd is an open platform for developers and sysadmins to build, ship, and run distributed applications in containers.

Containerd focuses on distributing applications as containers that can be quickly assembled from components that are run the same on different servers without environmental dependencies. This eliminates the friction between development, QA, and production environments.


The following states are set by this subordinate:

  • endpoint.{relation name}.available

    This state is set when containerd is available for use.

Using the Containerd subordinate charm

The Containerd subordinate charm is to be used with principal charms that need a container runtime. To use, we deploy the Containerd subordinate charm and then relate it to the principal charm.

juju deploy cs:~containers/containerd
juju add-relation containerd [principal charm]

Scale out Usage

This charm will automatically scale out with the principal charm.


name type Default Description
custom-registry-ca string Base64 encoded Certificate Authority (CA) bundle. Setting this config allows container runtimes to pull images from registries with TLS certificates signed by an external CA.
custom_registries string [] See notes
disable-juju-proxy boolean False Ignore juju-http(s) proxy settings on this charm. If set to true, all juju https proxy settings will be ignored
enable-cgroups boolean False Enable GRUB cgroup overrides cgroup_enable=memory swapaccount=1. WARNING changing this option will reboot the host - use with caution on production services.
gpu_driver string auto Override GPU driver installation. Options are "auto", "nvidia", "none".
http_proxy string URL to use for HTTP_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images.
https_proxy string URL to use for HTTPS_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images.
no_proxy string See notes
runtime string auto Set a custom containerd runtime. Set "auto" to select based on hardware.
shim string containerd-shim Set a custom containerd shim.



Registry endpoints and credentials. Setting this config allows Kubelet to pull images from registries where auth is required.

The value for this config must be a JSON array of credential objects, like this: [{"host": "my.registry:port", "username": "user", "password": "pass"}]

host could be registry host address, e.g.:, or a name, e.g.:, myregistry. It will be derived from url if not provided, e.g.:

  url: <> --> host:

If required, you can supply credentials with option keys 'username' and 'password', or 'ca_file', 'cert_file', and 'key_file' for ssl/tls communication, which should be base64 encoded file contents in string form:

"ca_file": "'"$(base64 -w 0 < my.custom.registry.pem)"'"

example config:

juju config containerd custom_registries='[{
    "url": "",
    "ca_file": "'"$(base64 -w 0 < ~/"'",
    "cert_file": "'"$(base64 -w 0 < ~/my.custom.cert.pem)"'",
    "key_file": "'"$(base64 -w 0 < ~/my.custom.key.pem)"'",

Back to table



Comma-separated list of destinations (either domain names or IP addresses) which should be accessed directly, rather than through the proxy defined in http_proxy or https_proxy. Must be less than 2023 characters long.

Back to table


You can run an action with the following

juju run-action containerd ACTION [parameters] [--wait]


Collect debug data


Force upgrades Containerd to latest repository version