--
:
--
:
--
命令行工具Nerdctl
最后更新于:
命令行工具Nerdctl
目录
[toc]
nerdctl安装
🚩 实战-nerdctl安装-2023.12.20(测试成功)
实验环境
1实验环境:
21、win10笔记本
32、1台centos7.6虚机(vmwrokstation虚机)
4 cri-containerd-cni-1.5.5-linux-amd64.tar.gz
5 nerdctl-0.12.1-linux-amd64.tar.gz
实验软件
链接:https://pan.baidu.com/s/1Im37YWoOibJ009hEAD_HBQ
提取码:jiik
nerdctl-0.12.1-linux-amd64.tar.gz、buildkit-v0.9.1.linux-amd64.tar.gz
注意:
nerdctl-1.7.2的安装方法和下面的一样!
- 同样直接在 GitHub Release 页面下载对应的压缩包解压到 PATH 路径下即可:
[https://github.com/containerd/nerdctl](https://github.com/containerd/nerdctl
- 下载nerdctl-0.12.1-linux-amd64.tar.gz软件包:
1# 如果没有安装 containerd,则可以下载 nerdctl-full-<VERSION>-linux-amd64.tar.gz 包进行安装
2➜ ~ wget https://github.com/containerd/nerdctl/releases/download/v0.12.1/nerdctl-0.12.1-linux-amd64.tar.gz
3#https://github.com/containerd/nerdctl/releases/download/v1.7.2/nerdctl-1.7.2-linux-amd64.tar.gz
4
5# 如果有限制,也可以替换成下面的 URL 加速下载
6[root@containerd ~]#wget https://download.fastgit.org/containerd/nerdctl/releases/download/v0.12.1/nerdctl-0.12.1-linux-amd64.tar.gz
7--2021-10-25 13:13:43-- https://download.fastgit.org/containerd/nerdctl/releases/download/v0.12.1/nerdctl-0.12.1-linux-amd64.tar.gz
8Resolving download.fastgit.org (download.fastgit.org)... 88.198.10.254
9Connecting to download.fastgit.org (download.fastgit.org)|88.198.10.254|:443... connected.
10HTTP request sent, awaiting response... 200 OK
11Length: 7528755 (7.2M) [application/octet-stream]
12Saving to: ‘nerdctl-0.12.1-linux-amd64.tar.gz’
13
14100%[===============================================================================================================================>] 7,528,755 3.31MB/s in 2.2s
15
162021-10-25 13:13:46 (3.31 MB/s) - ‘nerdctl-0.12.1-linux-amd64.tar.gz’ saved [7528755/7528755][root@containerd ~]#ll -h nerdctl-0.12.1-linux-amd64.tar.gz
17-rw-r--r-- 1 root root 7.2M Oct 5 15:10 nerdctl-0.12.1-linux-amd64.tar.gz
18[root@containerd ~]#
- 解压软件包到相应目录:
1[root@containerd ~]#tar tf nerdctl-0.12.1-linux-amd64.tar.gz #先查看下压缩包文件内容
2nerdctl
3containerd-rootless-setuptool.sh
4containerd-rootless.sh
5[root@containerd ~]#mkdir -p /usr/local/containerd/bin && tar -zxvf nerdctl-0.12.1-linux-amd64.tar.gz nerdctl && mv nerdctl /usr/local/containerd/bin
6nerdctl
7[root@containerd ~]#ln -s /usr/local/containerd/bin/nerdctl /usr/bin/nerdctl
- 验证:
1[root@containerd ~]#nerdctl version
2Client:
3 Version: v0.12.1
4 Git commit: 6f0c8b7bc63270404c9f5810a899e6bae7546608
5
6Server:
7 containerd:
8 Version: v1.5.5
9 GitCommit: 72cec4be58a9eb6b2910f5d10f1c01ca47d231c0
10[root@containerd ~]#
- 代码汇总
1wget https://github.com/containerd/nerdctl/releases/download/v1.7.2/nerdctl-1.7.2-linux-amd64.tar.gz
2
3tar tf nerdctl-1.7.2-linux-amd64.tar.gz
4
5mkdir -p /usr/local/containerd/bin && tar -zxvf nerdctl-1.7.2-linux-amd64.tar.gz nerdctl && mv nerdctl /usr/local/containerd/bin
6
7ln -s /usr/local/containerd/bin/nerdctl /usr/bin/nerdctl
8
9nerdctl version
至此,nerdctl安装完成。
安装完成后接下来学习下 nerdctl 命令行工具的使用。
0、nerd帮助命令
1[root@containerd ~]#nerdctl
2NAME:
3 nerdctl - Docker-compatible CLI for containerd
4
5USAGE:
6 nerdctl [global options] command [command options] [arguments...]
7
8VERSION:
9 0.12.1
10
11COMMANDS:
12 run Run a command in a new container
13 exec Run a command in a running container
14 ps List containers
15 logs Fetch the logs of a container. Currently, only containers created with `nerdctl run -d` are supported.
16 port List port mappings or a specific mapping for the container
17 stop Stop one or more running containers
18 start Start one or more running containers
19 kill Kill one or more running containers
20 rm Remove one or more containers
21 pause Pause all processes within one or more containers
22 unpause Unpause all processes within one or more containers
23 commit [flags] CONTAINER REPOSITORY[:TAG]
24 wait Block until one or more containers stop, then print their exit codes.
25 build Build an image from a Dockerfile. Needs buildkitd to be running.
26 images List images
27 pull Pull an image from a registry
28 push Push an image or a repository to a registry
29 load Load an image from a tar archive or STDIN
30 save Save one or more images to a tar archive (streamed to STDOUT by default)
31 tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
32 rmi Remove one or more images
33 events Get real time events from the server
34 info Display system-wide information
35 version Show the nerdctl version information
36 inspect Return low-level information on objects.
37 top Display the running processes of a container
38 login Log in to a Docker registry
39 logout Log out from a Docker registry
40 compose Compose
41 completion Show shell completion
42 help, h Shows a list of commands or help for one command
43 Management:
44 container Manage containers
45 image Manage images
46 network Manage networks
47 volume Manage volumes
48 system Manage containerd
49 namespace Manage containerd namespaces
50
51GLOBAL OPTIONS:
52 --debug debug mode (default: false)
53 --debug-full debug mode (with full output) (default: false)
54 --address value, -a value, --host value, -H value containerd address, optionally with "unix://" prefix (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
55 --namespace value, -n value containerd namespace, such as "moby" for Docker, "k8s.io" for Kubernetes (default: "default") [$CONTAINERD_NAMESPACE]
56 --snapshotter value, --storage-driver value containerd snapshotter (default: "overlayfs") [$CONTAINERD_SNAPSHOTTER]
57 --cni-path value Set the cni-plugins binary directory (default: "/opt/cni/bin") [$CNI_PATH]
58 --cni-netconfpath value Set the CNI config directory (default: "/etc/cni/net.d") [$NETCONFPATH]
59 --data-root value Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default: "/var/lib/nerdctl")
60 --cgroup-manager value Cgroup manager to use ("cgroupfs"|"systemd") (default: "cgroupfs")
61 --insecure-registry skips verifying HTTPS certs, and allows falling back to plain HTTP (default: false)
62 --help, -h show help (default: false)
63 --version, -v print the version (default: false)
64[root@containerd ~]#
1、Run&Exec
nerdctl run
和 docker run 类似可以使用 nerdctl run 命令运行容器,例如:
1➜ ~ nerdctl run -d -p 80:80 --name=nginx --restart=always nginx:alpine
2docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
3index-sha256:bead42240255ae1485653a956ef41c9e458eb077fcb6dc664cbc3aa9701a05ce: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:ce6ca11a3fa7e0e6b44813901e3289212fc2f327ee8b1366176666e8fb470f24: done |++++++++++++++++++++++++++++++++++++++| config-sha256:7ce0143dee376bfd2937b499a46fb110bda3c629c195b84b1cf6e19be1a9e23b: done |++++++++++++++++++++++++++++++++++++++| elapsed: 5.3 s total: 3.1 Ki (606.0 B/s) 6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8
可选的参数使用和 docker run 基本一直,比如 -i、-t、--cpus、--memory 等选项,可以使用 nerdctl run --help 获取可使用的命令选项:
1[root@containerd ~]#nerdctl run --help
2NAME:
3 nerdctl run - Run a command in a new container
4
5USAGE:
6 nerdctl run [command options] [arguments...]
7
8OPTIONS:
9 --help show help (default: false)
10 --tty, -t (Currently -t needs to correspond to -i) (default: false)
11 --interactive, -i Keep STDIN open even if not attached (default: false)
12 --detach, -d Run container in background and print container ID (default: false)
13 --restart value Restart policy to apply when a container exits (implemented values: "no"|"always") (default: "no")
14 --rm Automatically remove the container when it exits (default: false)
15 --pull value Pull image before running ("always"|"missing"|"never") (default: "missing")
16 --network value, --net value Connect a container to a network ("bridge"|"host"|"none") (default: "bridge")
17 --dns value Set custom DNS servers
18 --publish value, -p value Publish a container's port(s) to the host
19 --hostname value, -h value Container host name
20 --cpus value Number of CPUs (default: 0)
21 --memory value, -m value Memory limit
22 --pid value PID namespace to use
23 --pids-limit value Tune container pids limit (set -1 for unlimited) (default: -1)
24 --cgroupns value Cgroup namespace to use, the default depends on the cgroup version ("host"|"private") (default: "host")
25 --cpuset-cpus value CPUs in which to allow execution (0-3, 0,1)
26 --cpu-shares value CPU shares (relative weight) (default: 0)
27 --device value Add a host device to the container
28 --user value, -u value Username or UID (format: <name|uid>[:<group|gid>])
29 --security-opt value Security options
30 --cap-add value Add Linux capabilities
31 --cap-drop value Drop Linux capabilities
32 --privileged Give extended privileges to this container (default: false)
33 --runtime value Runtime to use for this container, e.g. "crun", or "io.containerd.runsc.v1" (default: "io.containerd.runc.v2")
34 --sysctl value Sysctl options
35 --gpus value GPU devices to add to the container ('all' to pass all GPUs)
36 --volume value, -v value Bind mount a volume
37 --read-only Mount the container's root filesystem as read only (default: false)
38 --rootfs The first argument is not an image but the rootfs to the exploded container (default: false)
39 --entrypoint value Overwrite the default ENTRYPOINT of the image
40 --workdir value, -w value Working directory inside the container
41 --env value, -e value Set environment variables
42 --add-host value Add a custom host-to-IP mapping (host:ip)
43 --env-file value Set environment variables from file
44 --name value Assign a name to the container
45 --label value, -l value Set meta data on a container
46 --label-file value Read in a line delimited file of labels
47 --cidfile value Write the container ID to the file
48 --shm-size value Size of /dev/shm
49 --pidfile value file path to write the task's pid
50 --ulimit value Ulimit options
51
52[root@containerd ~]#
nerdctl exec
同样也可以使用 exec 命令执行容器相关命令,例如:
1➜ ~ nerdctl exec -it nginx /bin/sh
2/ # date
3Thu Aug 19 06:43:19 UTC 2021
4/ #
2、容器管理
nerdctl ps:列出容器
使用 nerdctl ps 命令可以列出所有容器。
1➜ ~ nerdctl ps
2CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
36e489777d2f7 docker.io/library/nginx:alpine "/docker-entrypoint.…" 10 minutes ago Up 0.0.0.0:80->80/tcp nginx
同样可以使用 -a 选项显示所有的容器列表,默认只显示正在运行的容器,不过需要注意的是 nerdctl ps 命令并没有实现 docker ps 下面的 --filter、--format、--last、--size 等选项。
nerdctl inspect:获取容器的详细信息。
1➜ ~ nerdctl inspect nginx
2[
3 {
4 "Id": "6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8",
5 "Created": "2021-08-19T06:35:46.403464674Z",
6 "Path": "/docker-entrypoint.sh",
7 "Args": [
8 "nginx",
9 "-g",
10 "daemon off;"
11 ],
12 "State": {
13 "Status": "running",
14 "Running": true,
15 "Paused": false,
16 "Pid": 2002,
17 "ExitCode": 0,
18 "FinishedAt": "0001-01-01T00:00:00Z"
19 },
20 "Image": "docker.io/library/nginx:alpine",
21 "ResolvConfPath": "/var/lib/nerdctl/1935db59/containers/default/6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8/resolv.conf",
22 "LogPath": "/var/lib/nerdctl/1935db59/containers/default/6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8/6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8-json.log",
23 "Name": "nginx",
24 "Driver": "overlayfs",
25 "Platform": "linux",
26 "AppArmorProfile": "nerdctl-default",
27 "NetworkSettings": {
28 "Ports": {
29 "80/tcp": [
30 {
31 "HostIp": "0.0.0.0",
32 "HostPort": "80"
33 }
34 ]
35 },
36 "GlobalIPv6Address": "",
37 "GlobalIPv6PrefixLen": 0,
38 "IPAddress": "10.4.0.3",
39 "IPPrefixLen": 24,
40 "MacAddress": "f2:b1:8e:a2:fe:18",
41 "Networks": {
42 "unknown-eth0": {
43 "IPAddress": "10.4.0.3",
44 "IPPrefixLen": 24,
45 "GlobalIPv6Address": "",
46 "GlobalIPv6PrefixLen": 0,
47 "MacAddress": "f2:b1:8e:a2:fe:18"
48 }
49 }
50 }
51 }
52]
可以看到显示结果和 docker inspect 也基本一致的。
nerdctl logs:获取容器日志
查看容器日志是我们平时经常会使用到的一个功能,同样我们可以使用 nerdctl logs 来获取日志数据:
1➜ ~ nerdctl logs -f nginx
2......
32021/08/19 06:35:46 [notice] 1#1: start worker processes
42021/08/19 06:35:46 [notice] 1#1: start worker process 32
52021/08/19 06:35:46 [notice] 1#1: start worker process 33
同样支持 -f、-t、-n、--since、--until 这些选项。
1#-n选项:
2[root@containerd ~]#nerdctl logs -n 3 nginx_bak
32021/10/24 23:17:40 [notice] 1#1: start worker process 32
42021/10/24 23:17:40 [notice] 1#1: start worker process 33
510.4.0.1 - - [24/Oct/2021:23:42:57 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.29.0" "-"
6[root@containerd ~]#
🍀 nerdctl不能使logs命令查看kubelet创建出来的容器日志(不应该吧……)
nerdctl stop:停止容器
1➜ ~ nerdctl stop nginx
2nginx
3➜ ~ nerdctl ps
4CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5➜ ~ nerdctl ps -a
6CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
76e489777d2f7 docker.io/library/nginx:alpine "/docker-entrypoint.…" 20 minutes ago Up 0.0.0.0:80->80/tcp nginx
nerdctl rm:删除容器
1➜ ~ nerdctl rm nginx
2You cannot remove a running container f4ac170235595f28bf962bad68aa81b20fc83b741751e7f3355bd77d8016462d. Stop the container before attempting removal or force remove
3➜ ~ nerdctl rm -f ginx
4nginx
5➜ ~ nerdctl ps
6CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
要强制删除同样可以使用 -f 或 --force 选项来操作。
3、镜像管理
nerdctl images:镜像列表
1➜ ~ nerdctl images
2REPOSITORY TAG IMAGE ID CREATED SIZE
3alpine latest eb3e4e175ba6 6 days ago 5.9 MiB
4nginx alpine bead42240255 29 minutes ago 16.0 KiB
也需要注意的是没有实现 docker images 的一些选项,比如 --all、--digests、--filter、--format。
nerdctl images 和 ctr i ls的对比,nerctl更友好:
1[root@containerd ~]#nerdctl images
2REPOSITORY TAG IMAGE ID CREATED SIZE
3nginx alpine 686aac2769fd 38 hours ago 24.9 MiB
4[root@containerd ~]#ctr i ls
5REF TYPE DIGEST SIZE PLATFORMS LABELS
6docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 9.5 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
7[root@containerd ~]#
nerdctl pull:拉取镜像
1[root@containerd ~]#nerdctl images
2REPOSITORY TAG IMAGE ID CREATED SIZE
3nginx alpine 686aac2769fd 38 hours ago 24.9 MiB
4[root@containerd ~]#nerdctl pull busybox #nerdctl很优秀,可以直接接镜像名的,而不像ctr命令那样繁琐。
5docker.io/library/busybox:latest: resolved |++++++++++++++++++++++++++++++++++++++|
6index-sha256:f7ca5a32c10d51aeda3b4d01c61c6061f497893d7f6628b92f822f7117182a57: done |++++++++++++++++++++++++++++++++++++++|
7manifest-sha256:febcf61cd6e1ac9628f6ac14fa40836d16f3c6ddef3b303ff0321606e55ddd0b: done |++++++++++++++++++++++++++++++++++++++|
8config-sha256:16ea53ea7c652456803632d67517b78a4f9075a10bfdc4fc6b7b4cbf2bc98497: done |++++++++++++++++++++++++++++++++++++++|
9layer-sha256:24fb2886d6f6c5d16481dd7608b47e78a8e92a13d6e64d87d57cb16d5f766d63: done |++++++++++++++++++++++++++++++++++++++|
10elapsed: 5.9 s total: 753.5 (127.7 KiB/s)
11[root@containerd ~]#nerdctl images
12REPOSITORY TAG IMAGE ID CREATED SIZE
13busybox latest f7ca5a32c10d 2 seconds ago 1.2 MiB
14nginx alpine 686aac2769fd 38 hours ago 24.9 MiB
15[root@containerd ~]#
nerdctl push:推送镜像
当然在推送镜像之前也可以使用 nerdctl login 命令登录到镜像仓库,然后再执行 push 操作。
可以使用 nerdctl login --username xxx --password xxx 进行登录,使用 nerdctl logout 可以注销退出登录。
1[root@containerd ~]#nerdctl push harbor.k8s.local/course/nginx:alpine
2
3[root@containerd ~]#nerdctl login --username xxx --password xxx harbor.k8s.local
4
5[root@containerd ~]#nerdctl logout
6Removing login credentials for https://index.docker.io/v1/
7[root@containerd ~]#
nerdctl tag:镜像标签
使用 tag 命令可以为一个镜像创建一个别名镜像:
1➜ ~ nerdctl images
2REPOSITORY TAG IMAGE ID CREATED SIZE
3busybox latest 0f354ec1728d 6 minutes ago 1.3 MiB
4nginx alpine bead42240255 41 minutes ago 16.0 KiB
5➜ ~ nerdctl tag nginx:alpine harbor.k8s.local/course/nginx:alpine
6➜ ~ nerdctl images
7REPOSITORY TAG IMAGE ID CREATED SIZE
8busybox latest 0f354ec1728d 7 minutes ago 1.3 MiB
9nginx alpine bead42240255 41 minutes ago 16.0 KiB
10harbor.k8s.local/course/nginx alpine bead42240255 2 seconds ago 16.0 KiB
注意:用tag打的镜像,其Image ID都是相同的:
nerdctl save:导出镜像
使用 save 命令可以导出镜像为一个 tar 压缩包。
1➜ ~ nerdctl save -o busybox.tar.gz busybox:latest
2➜ ~ ls -lh busybox.tar.gz
3-rw-r--r-- 1 root root 761K Aug 19 15:19 busybox.tar.gz
nerdctl rmi:删除镜像
1➜ ~ nerdctl rmi busybox
2Untagged: docker.io/library/busybox:latest@sha256:0f354ec1728d9ff32edcd7d1b8bbdfc798277ad36120dc3dc683be44524c8b60
3Deleted: sha256:5b8c72934dfc08c7d2bd707e93197550f06c0751023dabb3a045b723c5e7b373
nerdctl load:导入镜像
使用 load 命令可以将上面导出的镜像再次导入:
1➜ ~ nerdctl load -i busybox.tar.gz
2unpacking docker.io/library/busybox:latest (sha256:0f354ec1728d9ff32edcd7d1b8bbdfc798277ad36120dc3dc683be44524c8b60)...done
使用 -i 或 --input 选项指定需要导入的压缩包。
****nerdctl命令转存镜像
老师这里已经做好了镜像转存,我这里再推送到自己仓库下。
查看之前从老师做好的镜像转存那里下载好的镜像:
1[root@master1 ~]#ctr -n k8s.io i ls -q|grep k8s-dns-node-cache
2docker.io/cnych/k8s-dns-node-cache:1.21.1
3docker.io/cnych/k8s-dns-node-cache@sha256:04c4f6b1f2f2f72441dadcea1c8eec611af4d963315187ceb04b939d1956782f
4nerdctl -n k8s.io images|grep k8s-dns-node-cache
5
6#注意:ctr命令和nerdctl命令在k8s里使用都是需要加上,-n k8s.io命名空间的。
开始转存:
1#登录自己的阿里云仓库
2[root@master1 ~]#nerdctl login --username=执次一生为寻爱zxl registry.cn-hangzhou.aliyuncs.com
3Enter Password: Login Succeeded
4
5#重新打tag
6[root@master1 ~]#nerdctl -n k8s.io tag cnych/k8s-dns-node-cache:1.21.1 registry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache:1.21.1
7
8#注意:打好的tag也是在-n k8s.io下的。
9[root@master1 ~]#nerdctl -n k8s.io images|grep k8s-dns-node-cache
10……
11cnych/k8s-dns-node-cache 1.21.1 04c4f6b1f2f2 10 hours ago 104.3 MiB
12registry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache 1.21.1 04c4f6b1f2f2 About a minute ago 104.3 MiB
13[root@master1 ~]#
14
15#开始push
16[root@master1 ~]#nerdctl -n k8s.io push registry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache:1.21.1
17INFO[0000] pushing as a single-platform image (application/vnd.docker.distribution.manifest.v2+json, sha256:04c4f6b1f2f2f72441dadcea1c8eec611af4d963315187ceb04b939d1956782f)
18manifest-sha256:04c4f6b1f2f2f72441dadcea1c8eec611af4d963315187ceb04b939d1956782f: waiting |--------------------------------------|
19layer-sha256:af833073aa9559031531fca731390d329e083cccc0b824c236e7efc5742ae666: waiting |--------------------------------------|
20config-sha256:5bae806f8f123c54ca6a754c567e8408393740792ba8b89ee3bb6c5f95e6fbe1: waiting |--------------------------------------|
21layer-sha256:20b09fbd30377e1315a8bc9e15b5f8393a1090a7ec3f714ba5fce0c9b82a42f2: waiting |--------------------------------------|
22elapsed: 0.8 s total: 0.0 B (0.0 B/s)
23[root@master1 ~]#
发现已经成功推送了:
1docker pull registry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache:1.21.1
自己下去拉取测试下吧:
我这里在云虚机上拉取测试下:
4、镜像构建
镜像构建是平时我们非常重要的一个需求,我们知道 ctr 并没有构建镜像的命令,而现在我们又不使用 Docker 了,那么如何进行镜像构建了,幸运的是 nerdctl 就提供了 nerdctl build 这样的镜像构建命令。
nerdctl build:从 Dockerfile 构建镜像
比如现在我们定制一个 nginx 镜像,新建一个如下所示的 Dockerfile 文件:
1[root@containerd ~]#mkdir -p /root/nerctl_demo
2[root@containerd ~]#cd /root/nerctl_demo/
3[root@containerd nerctl_demo]#cat > Dockerfile <<EOF
4> FROM nginx:alpine
5> RUN echo 'Hello Nerdctl From Containerd' > /usr/share/nginx/html/index.html
6> EOF
7[root@containerd nerctl_demo]#cat Dockerfile
8FROM nginx:alpine
9RUN echo 'Hello Nerdctl From Containerd' > /usr/share/nginx/html/index.html
然后在文件所在目录执行镜像构建命令:
1[root@containerd nerctl_demo]#nerdctl build -t nginx:nerctl -f Dockefile .
2FATA[0000] `buildctl` needs to be installed and `buildkitd` needs to be running, see https://github.com/moby/buildkit: exec: "buildctl": executable file not found in $PATH
3[root@containerd nerctl_demo]#
注意:也可以加上这个–no-cache选项
1#--no-cache选项
2--no-cache Do not use cache when building the image (default: false)
可以看到有一个错误提示,需要我们安装 buildctl 并运行 buildkitd,这是因为 nerdctl build 需要依赖 buildkit 工具。
buildkit 项目也是 Docker 公司开源的一个构建工具包,支持 OCI 标准的镜像构建。它主要包含以下部分:
- 服务端
buildkitd:当前支持 runc 和 containerd 作为 worker,默认是 runc,我们这里使用 containerd - 客户端
buildctl:负责解析 Dockerfile,并向服务端 buildkitd 发出构建请求
buildkit 是典型的 C/S 架构,客户端和服务端是可以不在一台服务器上,而 nerdctl 在构建镜像的时候也作为 buildkitd 的客户端,所以需要我们安装并运行 buildkitd。
https://github.com/moby/buildkit
所以接下来我们先来安装 buildkit:
1➜ ~ wget https://github.com/moby/buildkit/releases/download/v0.9.1/buildkit-v0.9.1.linux-amd64.tar.gz
2# 如果有限制,也可以替换成下面的 URL 加速下载
3# wget https://download.fastgit.org/moby/buildkit/releases/download/v0.9.1/buildkit-v0.9.1.linux-amd64.tar.gz
4[root@containerd ~]#ll -h buildkit-v0.9.1.linux-amd64.tar.gz
5-rw-r--r-- 1 root root 46M Oct 5 03:51 buildkit-v0.9.1.linux-amd64.tar.gz
6[root@containerd ~]#tar tf buildkit-v0.9.1.linux-amd64.tar.gz
7bin/
8bin/buildctl
9bin/buildkit-qemu-aarch64
10bin/buildkit-qemu-arm
11bin/buildkit-qemu-i386
12bin/buildkit-qemu-mips64
13bin/buildkit-qemu-mips64el
14bin/buildkit-qemu-ppc64le
15bin/buildkit-qemu-riscv64
16bin/buildkit-qemu-s390x
17bin/buildkit-runc
18bin/buildkitd
19[root@containerd ~]#
20
21➜ ~ tar -zxvf buildkit-v0.9.1.linux-amd64.tar.gz -C /usr/local/containerd/
22bin/
23bin/buildctl
24bin/buildkit-qemu-aarch64
25bin/buildkit-qemu-arm
26bin/buildkit-qemu-i386
27bin/buildkit-qemu-mips64
28bin/buildkit-qemu-mips64el
29bin/buildkit-qemu-ppc64le
30bin/buildkit-qemu-riscv64
31bin/buildkit-qemu-s390x
32bin/buildkit-runc
33bin/buildkitd
34➜ ~ ln -s /usr/local/containerd/bin/buildkitd /usr/local/bin/buildkitd
35➜ ~ ln -s /usr/local/containerd/bin/buildctl /usr/local/bin/buildctl
这里我们使用 Systemd 来管理 buildkitd,创建如下所示的 systemd unit 文件:
1cat > /etc/systemd/system/buildkit.service <<EOF
2[Unit]
3Description=BuildKit
4Documentation=https://github.com/moby/buildkit
5
6[Service]
7ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
8
9[Install]
10WantedBy=multi-user.target
11EOF
然后启动 buildkitd:
1[root@containerd ~]#systemctl deamon-reload
2Unknown operation 'deamon-reload'.
3[root@containerd ~]#systemctl daemon-reload
4[root@containerd ~]#systemctl enable buildkit --now
5Created symlink from /etc/systemd/system/multi-user.target.wants/buildkit.service to /etc/systemd/system/buildkit.service.
6[root@containerd ~]#systemctl status buildkit
7● buildkit.service - BuildKit
8 Loaded: loaded (/etc/systemd/system/buildkit.service; enabled; vendor preset: disabled)
9 Active: active (running) since Mon 2021-10-25 16:11:47 CST; 13s ago
10 Docs: https://github.com/moby/buildkit
11 Main PID: 26680 (buildkitd)
12 Tasks: 7
13 Memory: 13.5M
14 CGroup: /system.slice/buildkit.service
15 └─26680 /usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
16
17Oct 25 16:11:47 containerd systemd[1]: Started BuildKit.
18Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=warning msg="using host network as the default"
19Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=info msg="found worker \"72ur53vv5olwy9wv0oc46...
20Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=info msg="found 1 workers, default=\"72u...cc6\""
21Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=warning msg="currently, only the default...used."
22Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=info msg="running server on /run/buildki....sock"
23Hint: Some lines were ellipsized, use -l to show in full.
24[root@containerd ~]#
25
26#可以看下日志
27[root@containerd ~]#journalctl -u buildkit
28-- Logs begin at Sat 2021-10-23 13:52:41 CST, end at Mon 2021-10-25 16:11:47 CST. --
29Oct 25 16:11:47 containerd systemd[1]: Started BuildKit.
30Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=warning msg="using host network as the default"
31Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=info msg="found worker \"72ur53vv5olwy9wv0oc46bcc
32Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=info msg="found 1 workers, default=\"72ur53vv5olw
33Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=warning msg="currently, only the default worker c
34Oct 25 16:11:47 containerd buildkitd[26680]: time="2021-10-25T16:11:47+08:00" level=info msg="running server on /run/buildkit/buildki
35lines 1-7/7 (END)
现在我们再来重新构建镜像:
1[root@containerd ~]#cd nerctl_demo/
2[root@containerd nerctl_demo]#ls
3Dockerfile
4[root@containerd nerctl_demo]#nerdctl build -t nginx:nerctl -f Dockerfile .
5[+] Building 7.2s (6/6) FINISHED
6 => [internal] load build definition from Dockerfile 0.0s
7 => => transferring dockerfile: 131B 0.0s
8 => [internal] load .dockerignore 0.0s
9 => => transferring context: 2B 0.0s
10 => [internal] load metadata for docker.io/library/nginx:alpine 4.1s
11 => [1/2] FROM docker.io/library/nginx:alpine@sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 1.1s
12 => => resolve docker.io/library/nginx:alpine@sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 0.0s
13 => => extracting sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e 0.2s
14 => => extracting sha256:4dd4efe90939ab5711aaf5fcd9fd8feb34307bab48ba93030e8b845f8312ed8e 0.8s
15 => => extracting sha256:c1368e94e1ec563b31c3fb1fea02c9fbdc4c79a95e9ad0cac6df29c228ee2df3 0.0s
16 => => extracting sha256:3e72c40d0ff43c52c5cc37713b75053e8cb5baea8e137a784d480123814982a2 0.0s
17 => => extracting sha256:969825a5ca61c8320c63ff9ce0e8b24b83442503d79c5940ba4e2f0bd9e34df8 0.0s
18 => => extracting sha256:61074acc7dd227cfbeaf719f9b5cdfb64711bc6b60b3865c7b886b7099c15d15 0.0s
19 => [2/2] RUN echo 'Hello Nerdctl From Containerd' > /usr/share/nginx/html/index.html 0.5s
20 => exporting to oci image format 1.3s
21 => => exporting layers 0.3s
22 => => exporting manifest sha256:c5ab5ef3d410c1e7e8140eaf48f92c7b2a70d6f8d75a4bd26636db0e886101aa 0.0s
23 => => exporting config sha256:faa17ba50c10a48d128f1369bca7640083c48249239d9dd95ea30f88a4e387b5 0.0s
24 => => sending tarball 0.9s
25unpacking docker.io/library/nginx:nerctl (sha256:c5ab5ef3d410c1e7e8140eaf48f92c7b2a70d6f8d75a4bd26636db0e886101aa)...done
26[root@containerd nerctl_demo]#nerdctl images
27REPOSITORY TAG IMAGE ID CREATED SIZE
28nginx alpine 686aac2769fd 47 hours ago 24.9 MiB
29nginx nerctl c5ab5ef3d410 9 seconds ago 24.9 MiB
30[root@containerd nerctl_demo]#
构建完成后查看镜像是否构建成功:
1[root@containerd nerctl_demo]#nerdctl images
2REPOSITORY TAG IMAGE ID CREATED SIZE
3nginx alpine 686aac2769fd 47 hours ago 24.9 MiB
4nginx nerctl c5ab5ef3d410 9 seconds ago 24.9 MiB
5[root@containerd nerctl_demo]#
我们可以看到已经有我们构建的 nginx:nerdctl 镜像了。接下来使用上面我们构建的镜像来启动一个容器进行测试:
1[root@containerd ~]#nerdctl ps -a
2CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3[root@containerd ~]#nerdctl images
4REPOSITORY TAG IMAGE ID CREATED SIZE
5nginx alpine 686aac2769fd 47 hours ago 24.9 MiB
6nginx nerctl c5ab5ef3d410 4 minutes ago 24.9 MiB
7[root@containerd ~]#nerdctl run -d -p 80:80 --name=nginx88 nginx:nerctl
81a5ae8262e78b3c0bf9e9da56789b9b6529e11ab7b53934841ada4e712210001
9[root@containerd ~]#nerdctl ps -a
10CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
111a5ae8262e78 docker.io/library/nginx:nerctl "/docker-entrypoint.…" 6 seconds ago Up 0.0.0.0:80->80/tcp nginx88
12[root@containerd ~]#curl localhost
13Hello Nerdctl From Containerd
14[root@containerd ~]#
这样我们就使用 nerdctl + buildkitd 轻松完成了容器镜像的构建。
完美。
当然如果你还想在单机环境下使用 Docker Compose,在 containerd 模式下,我们也可以使用 nerdctl 来兼容该功能。同样我们可以使用 nerdctl compose、nerdctl compose up、nerdctl compose logs、nerdctl compose build、nerdctl compose down 等命令来管理 Compose 服务。这样使用 containerd、nerdctl 结合 buildkit 等工具就完全可以替代 docker 在镜像构建、镜像容器方面的管理功能了。
1[root@containerd ~]#nerdctl volume ls
2VOLUME NAME DIRECTORY
3[root@containerd ~]#nerdctl network ls
4NETWORK ID NAME FILE
50 bridge
6 containerd-net /etc/cni/net.d/10-containerd-net.conflist
7 host
8 none
9[root@containerd ~]#nerdctl namespace ls
10NAME CONTAINERS IMAGES VOLUMES
11buildkit 0 0 0
12default 1 2 0
13test 0 1 0
14[root@containerd ~]#
关于我
我的博客主旨:
- 排版美观,语言精炼;
- 文档即手册,步骤明细,拒绝埋坑,提供源码;
- 本人实战文档都是亲测成功的,各位小伙伴在实际操作过程中如有什么疑问,可随时联系本人帮您解决问题,让我们一起进步!
🍀 微信二维码 x2675263825 (舍得), qq:2675263825。
🍀 微信公众号 《云原生架构师实战》
🍀 网站
🍀 csdn https://blog.csdn.net/weixin_39246554?spm=1010.2135.3001.5421
🍀 知乎 https://www.zhihu.com/people/foryouone
最后
好了,关于本次就到这里了,感谢大家阅读,最后祝大家生活快乐,每天都过的有意义哦,我们下期见!
📡
推荐使用微信支付
推荐使用支付宝
