Fix containerd client and update docs

README.md

@@ -89,17 +89,28 @@ Pumba supports both Docker and containerd runtimes. You can select the runtime u
     *   TLS options (`--tls`, `--tlsverify`, etc.) are applicable for Docker TCP connections.
 
 *   **containerd**: To use Pumba with containerd, specify `--runtime containerd`.
-    *   `--containerd-address`: Set the path to the containerd socket (default: `/run/containerd/containerd.sock`).
-    *   `--containerd-namespace`: Specify the containerd namespace to operate within (default: `k8s.io`, common in Kubernetes; other typical namespaces include `default`).
+    *   `--containerd-address`: Path to the containerd socket (default: `/run/containerd/containerd.sock`).
+    *   `--containerd-namespace`: Containerd namespace to operate within (default: `k8s.io`).
 
-**Example with containerd:**
-This example targets a container in the `k8s.io` namespace using a k3s containerd socket.
+**Quick start with containerd (Linux):**
 ```bash
-# Ensure Pumba binary has access to the containerd socket
-./pumba --runtime containerd --containerd-address /run/k3s/containerd/containerd.sock --containerd-namespace k8s.io \
-  netem --duration 1m my-target-container-name delay --time 500
+# Start a container using containerd's ctr tool
+ctr -n demo run -d --name ping docker.io/library/alpine:latest ping 1.1.1.1
+
+# Run Pumba against it
+pumba --runtime containerd \
+  --containerd-address /run/containerd/containerd.sock \
+  --containerd-namespace demo \
+  netem --duration 30s delay --time 300 ping
 ```
 
+On macOS, containerd typically runs inside Docker Desktop. Expose the socket or
+run Pumba inside the Docker Desktop VM and use the same command, adjusting the
+`--containerd-address` to the VM's socket path.
+
+See [examples/pumba_containerd_delay.sh](examples/pumba_containerd_delay.sh) for a
+scripted demo.
+
 **Note on `stress` command with containerd**: The `stress` command relies on cgroup access. When targeting containerd containers, Pumba attempts to place the `stress-ng` helper container into the target container's cgroup. This requires Pumba to have sufficient privileges to interact with containerd and for the `stress-ng` helper image to be compatible. The default `stress-image` (`alexeiled/stress-ng:latest-ubuntu`) should work if Pumba has appropriate host access or equivalent privileges.
 
 ### Kill Container command
@@ -645,7 +656,7 @@ DESCRIPTION:
 OPTIONS:
    --duration value, -d value  stress duration: must be shorter than recurrent interval; use with optional unit suffix: 'ms/s/m/h'
    --stress-image value        Docker image with stress-ng tool, cgroup-bin and docker packages, and dockhack script (default: "alexeiled/stress-ng:latest-ubuntu")
-   --pull-image                pull stress-image form Docker registry
+   --pull-image                pull stress-image from Docker registry
    --stressors value           stress-ng stressors; see https://kernel.ubuntu.com/~cking/stress-ng/ (default: "--cpu 4 --timeout 60s")
 ```
 
@@ -1061,7 +1072,7 @@ DESCRIPTION:
 OPTIONS:
    --duration value, -d value  stress duration: must be shorter than recurrent interval; use with optional unit suffix: 'ms/s/m/h'
    --stress-image value        Docker image with stress-ng tool, cgroup-bin and docker packages, and dockhack script (default: "alexeiled/stress-ng:latest-ubuntu")
-   --pull-image                pull stress-image form Docker registry
+   --pull-image                pull stress-image from Docker registry
    --stressors value           stress-ng stressors; see https://kernel.ubuntu.com/~cking/stress-ng/ (default: "--cpu 4 --timeout 60s")
 ```
 

deploy/pumba_kube.yml

@@ -52,6 +52,9 @@ spec:
           volumeMounts:
             - name: dockersocket
               mountPath: /var/run/docker.sock
+            # Uncomment for containerd runtime
+            # - name: containerdsocket
+            #   mountPath: /run/containerd/containerd.sock
         # randomly add a  3000ms ± 30ms delay to 'test-2' Pod containers every 5m for 2m, where variation in delay is described by `normal` distribution,
         - image: gaiaadm/pumba
           imagePullPolicy: Always
@@ -86,6 +89,9 @@ spec:
           volumeMounts:
             - name: dockersocket
               mountPath: /var/run/docker.sock
+            # Uncomment for containerd runtime
+            # - name: containerdsocket
+            #   mountPath: /run/containerd/containerd.sock
       # limit to specific k8s nodes
       # EKS node group
       # nodeSelector:
@@ -97,3 +103,7 @@ spec:
         - hostPath:
             path: /var/run/docker.sock
           name: dockersocket
+        # Uncomment below to use containerd runtime instead of Docker
+        # - hostPath:
+        #     path: /run/containerd/containerd.sock
+        #   name: containerdsocket

docs/advanced-network-chaos.md

@@ -9,6 +9,16 @@ Pumba now offers support for both outgoing traffic manipulation (using `tc` with
 
 **Runtime Note**: Pumba supports both Docker and containerd runtimes. The examples in this guide are applicable to both. Remember to use the global `--runtime` flag (e.g., `--runtime containerd`) and provide necessary runtime-specific options (like `--containerd-address` and `--containerd-namespace` for containerd) when running these commands. If `--runtime` is not specified, Pumba defaults to the Docker runtime.
 
+Example using containerd:
+```bash
+# Add 200ms delay to a container started with containerd
+ctr -n demo run -d --name web docker.io/library/nginx:alpine
+pumba --runtime containerd \
+  --containerd-address /run/containerd/containerd.sock \
+  --containerd-namespace demo \
+  netem --duration 30s delay --time 200 web
+```
+
 ![Pumba Network Chaos Testing](img/nettools-diagram.svg)
 
 The diagram above illustrates how Pumba uses a single nettools container to manipulate both incoming traffic (via iptables) and outgoing

examples/README.md

@@ -18,6 +18,12 @@
 1. Run "ping" container pinging `1.1.1.1`: `./delay_demo.sh`
 1. Run `pumba` adding `3000ms ± 20` delay to the "ping" container: `./pumba_delay.sh`
 
+## Delay containerd container
+
+1. Split screen horizontally
+1. Run "ping" container using containerd: `./containerd_delay_demo.sh`
+1. Run `pumba` with containerd runtime to add `300ms` delay: see script `./pumba_containerd_delay.sh`
+
 ## Add packet loss to egress traffic
 
 1. Split screen horizontally

examples/containerd_delay_demo.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -o xtrace
+
+# create namespace if not exists
+ctr ns create demo 2>/dev/null || true
+
+# pull and run a simple ping container using containerd
+ctr -n demo image pull docker.io/library/alpine:latest
+ctr -n demo run -d --name ping docker.io/library/alpine:latest ping 1.1.1.1

examples/pumba_containerd_delay.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -o xtrace
+
+pumba --runtime containerd \
+  --containerd-address /run/containerd/containerd.sock \
+  --containerd-namespace demo \
+  --log-level=info --interval=20s \
+  netem --duration=10s delay --time=300 ping