前言
对于习惯了使用docker cli的用户来说,containerd的命令行工具ctr使用起来不是很顺手,此时别慌,还有另外一个命令行工具项目nerdctl可供我们选择。 nerdctl是一个与docker cli风格兼容的containerd的cli工具。 nerdctl已经作为子项目加入了containerd项目,它的github地址是https://github.com/containerd/nerdctl,而且从最近的nerdctl 0.8开始,nerdctl直接兼容了docker compose的语法(不包含swarm), 这很大提高了直接将containerd作为本地开发、测试和单机容器部署使用的体验。本来k8s后续将不再支持dockershim,docker在k8s社区的地位急剧下降,现在单机直接使用containerd易用性也不断被完善,也许docker的辉煌已经远去了。
实际上nerdctl compose实现的是Compose Specification规范, 这个规范是从自Docker Compose file version 3 specification规范发展而来的。
安装nerdctl
本章节在上一章节的基础下进行,containerd都已安装并启动完成。nerdctl下载链接:https://github.com/containerd/nerdctl/releases/tag/v1.7.6
nerdctl 官方发布包含两个安装版本:
- Minimal:仅包含 nerdctl 二进制文件及 rootless 模式下的辅助安装脚本;
- Full:全量包,其中包含了 Containerd、CNI、runc、BuildKit 等完整组件。
如下:
下载nerdctl
注意:安装 nerdctl-full 版本集成了 containerd 。由于我之前虽然安装了containerd,但是没有安装其他插件如CNI、BuildKit 等。我还是选择了安装nerdctl-full版本
[root@kube-master ~]# wget https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-full-1.7.6-linux-amd64.tar.gz
解压安装
[root@kube-master ~]# tar -xvf v1.7.6/nerdctl-full-1.7.6-linux-amd64.tar.gz -C /usr/local
验证查看
[root@kube-master ~]# ctr version
Client:
Version: v1.7.18
Revision: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
Go version: go1.21.11
Server:
Version: 1.6.33
Revision: d2d58213f83a351ca8f528a95fbd145f5654e957
UUID: 2bf0456c-c052-4d37-83b7-3d58cf632b91
WARNING: version mismatch
WARNING: revision mismatch
[root@kube-master ~]# nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH
Client:
Version: v1.7.6
OS/Arch: linux/amd64
Git commit: 845e989f69d25b420ae325fedc8e70186243fd93
buildctl:
Version:
Server:
containerd:
Version: 1.6.33
GitCommit: d2d58213f83a351ca8f528a95fbd145f5654e957
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e946
nerdctl使用
nerdctl 是 containerd 的命令行界面的工具。nerdctl 兼容 docker ,如果会使用 docker-cli 就等于掌握了 nerdctl 80% 的使用方法。nerdctl 不但兼容docker-cli 甚至还兼容了 docker-compose的功能点。
更名docker
甚至可以直接将nerdctl更名为 docker,注意如果服务器本身安装了docker需要注意到底使用的哪个目录的。
[root@kube-master ~]# cat << 'EOF' > /usr/local/bin/docker
> #!/bin/bash
> /usr/local/bin/nerdctl $@
> EOF
[root@kube-master ~]# chmod +x /usr/local/bin/docker
nerdctl bash自动补全
[root@kube-master ~]# yum install bash-completion -y
[root@kube-master ~]# nerdctl completion bash > /etc/bash_completion.d/nerdctl
[root@kube-master ~]# source /etc/bash_completion.d/nerdctl
上面补全的是 nerdctl 的命令,而当 nerdctl 重命名 docker 后,没有 docker 的自动补全。
添加 docker 别名的自动补全:
生成自动补全文件
[root@kube-master ~]#nerdctl completion bash > /etc/bash_completion.d/docker
生效
[root@kube-master ~]# source /etc/bash_completion.d/nerdctl
[root@kube-master ~]# source /etc/bash_completion.d/docker
测试
输入 docker image + 两下 tab
[root@kube-master ~]# nerdctl image
image (Manage images) images (List images)
安装常用插件
安装docker常用扩展插件
[root@kube-master ~]# docker run -it registry.cn-beijing.aliyuncs.com/k7scn/tools bash
Unable to find image 'registry.cn-beijing.aliyuncs.com/k7scn/tools:latest' locally
latest: Pulling from k7scn/tools
88ecf269dec3: Pull complete
7e3e2c929b89: Pull complete
dedb8fce9b84: Pull complete
Digest: sha256:71442d19f1f35271a66de5c9d1f869c61946b25b991544b99b1de3cc2a9129c3
Status: Downloaded newer image for registry.cn-beijing.aliyuncs.com/k7scn/tools:latest
bash-5.2#
bash-5.2# ls
bin dev etc home lib media mnt opt pkg.tgz proc root run sbin srv sys tmp usr var
bash-5.2# mkdir /sysdir
bash-5.2# tar xf pkg.tgz -C /sysdir/
bash-5.2# cd /sysdir/
bash-5.2# ls
cclear ctop docker-compose ergoget iclear kdtoken upgrade-tools
crictl din dps helminit kbtoken scope
可以看到有很多常用的命令,下面我们通过一条命令直接拷贝到本地。
[root@kube-master cni]# nerdctl run --rm -v /usr/local/bin:/sysdir registry.cn-beijing.aliyuncs.com/k7scn/tools tar zxf /pkg.tgz -C /sysdir
FATA[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2024-06-20T14:32:18+08:00" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): incompatible CNI versions; config is \"1.0.0\", plugin supports [\"0.1.0\" \"0.2.0\" \"0.3.0\" \"0.3.1\"]"
Failed to write to log, write /var/lib/nerdctl/1935db59/containers/default/4cb2dd96d087592d4b69a09e3c992e52e3bbb90c226df698887eedd015565095/oci-hook.createRuntime.log: file already closed: unknown
可以看到在拷贝过程中出现了问题,在网上找了一下资料解决。如下:
# 下载包
[root@kube-master ~]# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
# 备份一下驱动
[root@kube-master ~]# mv /opt/cni/bin /opt/cni/bin.bak
# 解压到指定目录
[root@kube-master ~]# tar -zxvf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin
#然后再次执行拷贝
[root@kube-master ~]# nerdctl run --rm -v /usr/local/bin:/sysdir registry.cn-beijing.aliyuncs.com/k7scn/tools tar zxf /pkg.tgz -C /sysdir
执行完成后,就已经拷贝到 /usr/local/bin 目录下。
镜像管理
查看镜像
[root@kube-master cni]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
registry.cn-beijing.aliyuncs.com/k7scn/tools latest 71442d19f1f3 3 hours ago linux/amd64 55.4 MiB 45.7 MiB
[root@kube-master cni]#
或者
[root@kube-master cni]# nerdctl image ls
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
registry.cn-beijing.aliyuncs.com/k7scn/tools latest 71442d19f1f3 3 hours ago linux/amd64 55.4 MiB 45.7 MiB
下载镜像
[root@kube-master cni]# nerdctl pull nginx:alpine
WARN[0000] skipping verifying HTTPS certs for "docker.io"
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:eb05700fe7baa6890b74278e39b66b2ed1326831f9ec3ed4bdc6361a4ac2f333: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:544ba2bfe312bf2b13278495347bb9381ec342e630bcc8929af124f1291784bb: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:cc44224bfe208a46fbc45471e8f9416f66b75d6307573e29634e7f42e27a9268: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:40e5d2fe5bcd566dbde3e961f33ced0f1503fc6ee320a427b185a07afe2f96ae: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f3322597df46099a66ed5773c10a9d1cb587faca7be14ceba985e3d1fbfdbc36: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:d09cf91cabdcf5f64672598b8e4da9b0b7d8546e83ec49633bdd92abb994ba61: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3a97535ac2efcf94ab3e5f93a6ec4d934469de66909f17ba1229f86ee660970a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:919ade35f869e23d663ea51fdf2e99aa183239a73b4b4780e052c8b248ed5b7e: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 20.9s total: 9.7 Mi (475.7 KiB/s)
[root@kube-master cni]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
nginx alpine eb05700fe7ba 13 seconds ago linux/amd64 26.4 MiB 9.7 MiB
registry.cn-beijing.aliyuncs.com/k7scn/tools latest 71442d19f1f3 3 hours ago linux/amd64 55.4 MiB 45.7 MiB
查看镜像详细信息
[root@kube-master ~]# nerdctl inspect nginx:alpine
构建镜像
[root@kube-master ~]# cd /tmp/
[root@kube-master tmp]# cat > /tmp/Dockerfile <<EOF
FROM ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
RUN echo "hello world!" > /usr/share/nginx/html/index.html
EOF
[root@kube-master tmp]# nerdctl build -t mynginx:v1 /tmp
ERRO[0000] `buildctl` needs to be installed and `buildkitd` needs to be running, see https://github.com/moby/buildkit error="failed to ping to host unix:///run/buildkit-default/buildkitd.sock: exit status 1\nfailed to ping to host unix:///run/buildkit/buildkitd.sock: exit status 1"
FATA[0000] no buildkit host is available, tried 2 candidates: failed to ping to host unix:///run/buildkit-default/buildkitd.sock: exit status 1
failed to ping to host unix:///run/buildkit/buildkitd.sock: exit status 1
当构建镜像时,出现如上报错信息,是因为 buildkit.service 服务没有启动,下面先添加启动文件,然后启动服务:
#添加buildkit.service文件
[root@kube-master tmp]# vim /usr/lib/systemd/system/buildkit.service
[Unit]
Description=BuildKit
Requires=buildkit.socket
After=buildkit.socket
Documentation=https://github.com/moby/buildkit
[Service]
Type=notify
ExecStart=/usr/local/bin/buildkitd --addr fd://
[Install]
WantedBy=multi-user.target
#添加buildkit.socket文件
[root@kube-master tmp]# vim /usr/lib/systemd/system/buildkit.socket
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Socket]
ListenStream=%t/buildkit/buildkitd.sock
SocketMode=0660
[Install]
WantedBy=sockets.target
#启动服务
[root@kube-master tmp]# systemctl enable buildkit.service ; systemctl start buildkit.service
Created symlink from /etc/systemd/system/multi-user.target.wants/buildkit.service to /usr/local/lib/systemd/system/buildkit.service.
BuildKit 是由 docker 公司开发的下一代 docker build 工具,具有更高效、更安全、 易于扩展等特点。BuildKit 是由 buildkitd 守护程序 和 buildctl 客户端组成。
- buildkitd 作为服务端,连接容器运行时,目前支持 runc 和 containerd 作为镜像构建环境,默认是 runc
- buildctl 作为客户端,负责解析 Dockerfile 文件,并向 buildkitd 发出构建请求。由于命令复杂,使用 nerdctl 替代
再次进行构建
[root@kube-master tmp]# nerdctl build -t mynginx:v1 /tmp/
[+] Building 17.8s (6/6) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 154B 0.0s
=> [internal] load metadata for ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest 15.6s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/2] FROM ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31 0.0s
=> => resolve ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31 0.0s
=> CACHED [2/2] RUN echo "hello world!" > /usr/share/nginx/html/index.html 0.0s
=> exporting to docker image format 2.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:786482a9a8cfc283cf2aa577c6428968660afc2a8fd334d37d9a4b06b80f0888 0.0s
=> => exporting config sha256:c3bc6d0ebbe5d11f803b6b783f69c494e22a17bcedafb74bbf9876052f57ff46 0.0s
=> => sending tarball 2.1s
unpacking docker.io/library/mynginx:v1 (sha256:786482a9a8cfc283cf2aa577c6428968660afc2a8fd334d37d9a4b06b80f0888)...
Loaded image: docker.io/library/mynginx:v1
查看镜像
[root@kube-master tmp]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
mynginx v1 786482a9a8cf About an hour ago linux/amd64 149.1 MiB 54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx latest 0d17b565c37b About an hour ago linux/amd64 149.1 MiB
注意:
nerdctl 构建的机制和 docker 是完全不同的。
- docker 首先会检查本地是否有 Dockerfile 中 FROM 的镜像。如果有,直接使用。没有则通过网络下载镜像;
- nerdctl 会根据 Dockerfile FROM参数指定镜像的域名去网上找这个镜像,找到后确认和本地同名镜像校验无误之后,才会使用本地的镜像构建新镜像。
举例:
通过tag 打标一个不存在域名的镜像
[root@kube-master tmp]# nerdctl tag ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest margu.com/library/nginx:latest
#查看镜像
[root@kube-master tmp]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
mynginx v1 786482a9a8cf About an hour ago linux/amd64 149.1 MiB 54.1 MiB
margu.com/library/nginx latest 0d17b565c37b 3 seconds ago linux/amd64 149.1 MiB 54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx latest 0d17b565c37b About an hour ago linux/amd64 149.1 MiB 54.1 MiB
通过margu.com/library/nginx:latest构建新镜像
[root@kube-master tmp]# cat > /tmp/Dockerfile <<EOF
FROM umargu.com/library/nginx:latest
RUN echo "hello world!" > /usr/share/nginx/html/index.html
EOF
[root@kube-master tmp]# nerdctl build -t mynginx:v2 /tmp/
[+] Building 12.1s (2/2) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 132B 0.0s
=> ERROR [internal] load metadata for margu.com/library/nginx:latest 12.1s
------
> [internal] load metadata for margu.com/library/nginx:latest:
------
Dockerfile:1
--------------------
1 | >>> FROM margu.com/library/nginx:latest
2 | RUN echo "hello world!" > /usr/share/nginx/html/index.html
3 |
--------------------
error: failed to solve: margu.com/library/nginx:latest: failed to do request: Head "https://margu.com/v2/library/nginx/manifests/latest": dial tcp 5.161.180.74:443: connect: connection refused
FATA[0012] no image was built
构建时,直接就抛出了错误信息,这里要 非常注意!
镜像标签TAG
[root@kube-master tmp]# nerdctl tag ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest margu.com/library/nginx:latest
[root@kube-master tmp]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
mynginx v1 786482a9a8cf About an hour ago linux/amd64 149.1 MiB 54.1 MiB
margu.com/library/nginx latest 0d17b565c37b 6 seconds ago linux/amd64 149.1 MiB 54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx latest 0d17b565c37b About an hour ago linux/amd64 149.1 MiB 54.1 MiB
删除镜像
[root@kube-master tmp]# nerdctl rmi margu.com/library/nginx:latest
Untagged: margu.com/library/nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f
Deleted: sha256:e379e8aedd4d72bb4c529a4ca07a4e4d230b5a1d3f7a61bc80179e8f02421ad8
Deleted: sha256:b8d6e692a25e11b0d32c5c3dd544b71b1085ddc1fddad08e68cbd7fda7f70221
Deleted: sha256:f1db227348d0a5e0b99b15a096d930d1a69db7474a1847acbc31f05e4ef8df8c
Deleted: sha256:32ce5f6a5106cc637d09a98289782edf47c32cb082dc475dd47cbf19a4f866da
Deleted: sha256:d874fd2bc83bb3322b566df739681fbd2248c58d3369cb25908d68e7ed6040a6
[root@kube-master tmp]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
mynginx v1 786482a9a8cf About an hour ago linux/amd64 149.1 MiB 54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx latest 0d17b565c37b About an hour ago linux/amd64 149.1 MiB 54.1 MiB
导出镜像
#导出,不压缩
[root@kube-master tmp]# nerdctl save mynginx:v1 -o mynginx-1.tar
#导出且压缩
[root@kube-master tmp]# nerdctl save mynginx:v1|gzip >mynginx-2.tar
#比较两者大小,镜像太小大小差别不明显。越大的镜像越压缩后越明显
[root@kube-master tmp]# ll -h mynginx-*
-rw-r--r-- 1 root root 55M Jun 24 11:21 mynginx-1.tar
-rw-r--r-- 1 root root 54M Jun 24 11:22 mynginx-2.tar
导入镜像
[root@kube-master tmp]# nerdctl load < mynginx-1.tar
unpacking docker.io/library/mynginx:v1 (sha256:786482a9a8cfc283cf2aa577c6428968660afc2a8fd334d37d9a4b06b80f0888)...
Loaded image: mynginx:v1
#或
[root@kube-master tmp]# nerdctl load -i mynginx-1.tar
通过上面的展示,基本和docker无差别,其他镜像管理的功能不再赘述。
网络
在安装 nerdctl-full-1.7.6-linux-amd64.tar.gz 时,网络插件也安装了。主要文件在/etc/cni 目录。
[root@kube-master ~]# ll /etc/cni/*
total 8
-rw-r--r--. 1 root root 292 Apr 23 2020 10-flannel.conflist
-rw-r--r-- 1 root root 860 Jun 20 14:32 nerdctl-bridge.conflist
查看网络
[root@kube-master ~]# nerdctl network ls
NETWORK ID NAME FILE
cbr0 /etc/cni/net.d/10-flannel.conflist
17f29b073143 bridge /etc/cni/net.d/nerdctl-bridge.conflist
host
none
创建桥接网络
[root@kube-master ~]# nerdctl network create -d bridge --subnet 10.244.0.0/16 mynet
11c844f95e2862126712e209cd3acbc68c137931c639633da9dfc17b3a464bde
[root@kube-master ~]# nerdctl network ls
NETWORK ID NAME FILE
cbr0 /etc/cni/net.d/10-flannel.conflist
17f29b073143 bridge /etc/cni/net.d/nerdctl-bridge.conflist
11c844f95e28 mynet /etc/cni/net.d/nerdctl-mynet.conflist
host
none
#查看创建的网络的配置文件
[root@kube-master ~]# cat /etc/cni/net.d/nerdctl-mynet.conflist
{
"cniVersion": "1.0.0",
"name": "mynet",
"nerdctlID": "11c844f95e2862126712e209cd3acbc68c137931c639633da9dfc17b3a464bde",
"nerdctlLabels": {},
"plugins": [
{
"type": "bridge",
"bridge": "br-11c844f95e28",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"ranges": [
[
{
"gateway": "10.244.0.1",
"subnet": "10.244.0.0/16"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"type": "host-local"
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall",
"ingressPolicy": "same-bridge"
},
{
"type": "tuning"
}
nerdctl 所使用的网络及模式和 docker 完全一致,可以参考博客docker相关章节。
容器管理
nerdctl 和 dockerc-cli 类似,nerdctl 出现的原因之一就是为了 兼容 docker-cli,所以用法一致,这里只列举几个,其他使用请直接参考 docker-cli
启动容器
[root@kube-master ~]# nerdctl run --name ngx -d -p 80:80 ustc-edu-cn.mirror.aliyuncs.com/library/nginx
b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5
#启动容器并指定特定网络(使用宿主机网络直接启动容器)
[root@kube-master ~]# nerdctl run --name ngx1 --net host -d ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
20e071e36a5e8dab24be68baa6c40d74adda1a9c6f75bdc03210135d57b8ff0e
查看容器
[root@kube-master ~]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
20e071e36a5e ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest "/docker-entrypoint.…" 14 seconds ago Up ngx1
b42999d7549b ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest "/docker-entrypoint.…" 2 minutes ago Up 0.0.0.0:80->80/tcp ngx
#查看所有容器
[root@kube-master ~]# nerdctl ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0c671d5ac3f1 docker.io/library/nginx:alpine "/docker-entrypoint.…" About a minute ago Up 0.0.0.0:80->80/tcp ngx
5ff17a6ba473 docker.io/library/nginx:alpine "/docker-entrypoint.…" 19 seconds ago Exited (137) 14 seconds ago 0.0.0.0:80->80/tcp ngx-1
#查看容器详细信息
[root@kube-master ~]# nerdctl inspect ngx
[
{
"Id": "b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5",
"Created": "2024-06-24T03:38:51.736767639Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"Pid": 31207,
"ExitCode": 0,
"Error": "",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest",
"ResolvConfPath": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5/resolv.conf",
"HostnamePath": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5/hostname",
"LogPath": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5-json.log",
"Name": "ngx",
"RestartCount": 0,
"Driver": "overlayfs",
"Platform": "linux",
"AppArmorProfile": "",
"Mounts": null,
"Config": {
"Hostname": "b42999d7549b",
"AttachStdin": false,
"Labels": {
"io.containerd.image.config.stop-signal": "SIGQUIT",
"nerdctl/extraHosts": "null",
"nerdctl/hostname": "b42999d7549b",
"nerdctl/log-uri": "binary:///usr/local/bin/nerdctl?_NERDCTL_INTERNAL_LOGGING=%2Fvar%2Flib%2Fnerdctl%2F1935db59",
"nerdctl/name": "ngx",
"nerdctl/namespace": "default",
"nerdctl/networks": "[\"bridge\"]",
"nerdctl/platform": "linux/amd64",
"nerdctl/ports": "[{\"HostPort\":80,\"ContainerPort\":80,\"Protocol\":\"tcp\",\"HostIP\":\"0.0.0.0\"}]",
"nerdctl/state-dir": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5"
}
},
"NetworkSettings": {
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "80"
}
]
},
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "10.4.0.5",
"IPPrefixLen": 24,
"MacAddress": "b2:0f:dc:0d:9d:8a",
"Networks": {
"unknown-eth0": {
"IPAddress": "10.4.0.5",
"IPPrefixLen": 24,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "b2:0f:dc:0d:9d:8a"
}
}
}
}
]
删除容器
1.stop 容器
2.删除 容器
或者
强制删除容器
[root@kube-master ~]# nerdctl stop ngx
ngx
[root@kube-master ~]# nerdctl rm ngx
ngx
[root@kube-master ~]# nerdctl rm ngx1
FATA[0000] 1 errors:
container 20e071e36a5e8dab24be68baa6c40d74adda1a9c6f75bdc03210135d57b8ff0e is in running status. unpause/stop container first or force removal
[root@kube-master ~]# nerdctl rm ngx1 -f
ngx1
运行docker-compose
nerdctl 直接兼容了 docker-compose 。
docker-compose 配置清单文件
[root@kube-master ~]# cat > docker-compose.yml << EOF
version: "3.7"
services:
ngx:
container_name: "ngx"
image: ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
restart: always
networks:
- test_net
ports:
- 80:80
networks:
test_net:
name: test_net
driver: bridge
ipam:
config:
- subnet: "172.100.0.0/16"
EOF
通过docker-compose 启动
[root@kube-master ~]# nerdctl compose up -d
INFO[0000] Creating network test_net
INFO[0000] Creating network root_default
INFO[0000] Ensuring image ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
INFO[0000] Creating container ngx
查看启动
[root@kube-master ~]# nerdctl compose ps
NAME IMAGE COMMAND SERVICE STATUS PORTS
ngx ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest "/docker-entrypoint.…" ngx running 0.0.0.0:80->80/tcp
停止并删除
[root@kube-master ~]# nerdctl compose down
INFO[0000] Removing container ngx
INFO[0000] Removing network root_default
INFO[0000] Removing network test_net
[root@kube-master ~]# nerdctl compose ps
NAME IMAGE COMMAND SERVICE STATUS PORTS
更多关于containerd的知识分享,请前往博客主页。编写过程中,难免出现差错,敬请指出
