docs: fix nerdctl guest image command

the image name is delivered via annotation than label in nerdctl >= 2.0 version. See the release note https://github.com/containerd/nerdctl/releases/tag/v2.0.0 and PR https://github.com/containerd/nerdctl/pull/2906 If an old version of nerdctl (< 2.0), --label will still work. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-08-20 08:54:03 +00:00 · 2025-07-22 14:03:34 +08:00 · 2025-07-22 14:03:34 +08:00 · 527a1abc1d
commit 527a1abc1d
parent 09efcfbd86
1 changed files with 5 additions and 2 deletions
--- a/docs/design/kata-guest-image-management-design.md
+++ b/docs/design/kata-guest-image-management-design.md
@ -160,11 +160,14 @@ Next, the kata-agent's RPC module will handle the create container request which

 ## Using guest image pull with `nerdctl`

-When running a workload, add the `--label io.kubernetes.cri.image-name=<image>` option e.g.:
+When running a workload, add the `--annotation io.kubernetes.cri.image-name=<image>` option e.g.:
 ```sh
-nerdctl run --runtime io.containerd.kata.v2 --snapshotter nydus --label io.kubernetes.cri.image-name=docker.io/library/busybox:latest --rm docker.io/library/busybox:latest uname -r
+nerdctl run --runtime io.containerd.kata.v2 --snapshotter nydus --annotation io.kubernetes.cri.image-name=docker.io/library/busybox:latest --rm docker.io/library/busybox:latest uname -r
 ```

+> [!NOTE]
+> The command above is for `nerdctl` >= `2.0`. If `nerdctl` is older than `2.0`, use `--label io.containerd.kata.v2.image-name=<image>`.
+
 References:
 1. [[RFC] Image management proposal for hosting sharing and peer pods](https://github.com/confidential-containers/confidential-containers/issues/137)
 2. https://github.com/containerd/containerd/blob/main/docs/content-flow.md