简介
nerdctl 是用于 containerd 并且 兼容 docker cli 习惯的管理工具,主要适用于刚从 docker 转到 containerd 的用户,操作 containerd 的命令行工具 ctr 和 crictl 不怎么好用,所以就有了 nerdctl。
要特别说明的是:nerdctl 操作的是 containerd 而非 docker,所以 nerdctl images 和 docker images 看到的内容不同,它只是用法保持了 docker cli 的习惯,实质上操作的是 containerd。
nerdctl 的使用和 docker 一致,与 docker 具有相同的体验,主要特征如下:
✅ 与 docker 的 UI/UX 相同
✅ 支持 docker-compose ( 例如:nerdctl compose up)
✅ [可选] 支持 rootless 模式,无 slirp 开销(bypass4netns)
✅ [可选] 支持延迟拉取(Stargz、Nydus、OverlayBD)
✅ [可选] 支持加密镜像(ocicrypt)
✅ [可选] 支持 P2P 镜像分发 (IPFS) (*1)
✅ [可选] 支持容器镜像签名和验证(cosign)
✅ [可选] 支持 containerd 的命名空间查看,nerdctl不仅可以管理Docker容器,也可以直接管理本地的的Kubernetes pod。
✅ [可选] 支持将Docker Image Manifest镜像转换为OCI镜像、estargz镜像。
nerdctl 是 containerd 的非核心子项目,更多资料详见官网。
安装
nerdctl 的安装分为 Minimal 精简安装和包含一些插件的 Full 完整安装。精简版只包含 nerdctl,完整版包含 nerdctl 和 CNI 插件等依赖(当然你也可以在精简安装的基础上再自己添加 CNI 等插件)。
- Minimal (nerdctl-1.0.0-linux-amd64.tar.gz): nerdctl only
- Full (nerdctl-full-1.0.0-linux-amd64.tar.gz): Includes dependencies such as containerd, runc, and CNI
下载安装
官方下载地址: https://github.com/containerd/nerdctl/releases,在 Asset 中选择下载精简或者完全安装包(本例精简安装)。
wget https://github.com/containerd/nerdctl/releases/download/v1.0.0/nerdctl-1.0.0-linux-amd64.tar.gz
tar -xzvf nerdctl-*-linux-amd64.tar.gz -C /usr/local/bin/
查看版本号验证安装
[root@test tmp] nerdctl --version
nerdctl version 1.0.0
命令
输入 nerdctl -h 查看帮助,列出所有命令说明,如下:
[root@test tmp]# nerdctl -h
nerdctl is a command line interface for containerd
Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml
Usage: nerdctl [flags]
Management commands:
apparmor Manage AppArmor profiles
builder Manage builds
container Manage containers
image Manage images
Commands:
build Build an image from a Dockerfile. Needs buildkitd to be running.
commit Create a new image from a container's changes
completion Generate the autocompletion script for the specified shell
compose Compose
cp Copy files/folders between a running container and the local filesystem.
create Create a new container. Optionally specify "ipfs://" or "ipns://"
Run 'nerdctl COMMAND --help' for more information on a command.
可以通过配置文件
/etc/nerdctl/nerdctl.toml对 nerdctl 进行更多配置。
手工添加插件(按需可选)
以添加 CNI 插件为例,先到 CNI 插件的官方地址下载插件文件。
CNI 需放在指定目录,默认目录为 /opt/cni/bin (这个默认目录在 nerdctl --help 帮助中 --cni-path 后面有说明),nerdctl 会默认查找该目录。
[root@test tmp]# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
[root@test tmp]# mkdir -p /opt/cni/bin
[root@test tmp]# tar -xzvf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin
[root@test tmp]# ll /opt/cni/bin/
total 63728
-rwxr-xr-x 1 root root 3780654 Mar 10 2022 bandwidth
-rwxr-xr-x 1 root root 4221977 Mar 10 2022 bridge
-rwxr-xr-x 1 root root 9742834 Mar 10 2022 dhcp
-rwxr-xr-x 1 root root 4345726 Mar 10 2022 firewall
-rwxr-xr-x 1 root root 3811793 Mar 10 2022 host-device
-rwxr-xr-x 1 root root 3241605 Mar 10 2022 host-local
-rwxr-xr-x 1 root root 3922560 Mar 10 2022 ipvlan
-rwxr-xr-x 1 root root 3295519 Mar 10 2022 loopback
-rwxr-xr-x 1 root root 3959868 Mar 10 2022 macvlan
-rwxr-xr-x 1 root root 3679140 Mar 10 2022 portmap
-rwxr-xr-x 1 root root 4092460 Mar 10 2022 ptp
-rwxr-xr-x 1 root root 3484284 Mar 10 2022 sbr
-rwxr-xr-x 1 root root 2818627 Mar 10 2022 static
-rwxr-xr-x 1 root root 3379564 Mar 10 2022 tuning
-rwxr-xr-x 1 root root 3920827 Mar 10 2022 vlan
-rwxr-xr-x 1 root root 3523475 Mar 10 2022 vrf
测试一下
启动一个 nginx 容器,名称为 nginx-test,将宿主机端口 10800 和容器的 80 端口映射
# 启动容器
[root@test tmp]# nerdctl run -d --name nginx-test -p 10800:80 nginx:1.22.1
docker.io/library/nginx:1.22.1: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:809f0924101d9c07322d69ab0705e1a0d85b1d0f287e320ae19b0826979c56e9: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:fa7e5dee56197a5cbb5b346b3c2c41d91ffa57eb1efcabb5ff09483c87270ccb: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:404359394820dad4c8f210f935939f5890a02ccf82302e1a1068bd0723149736: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:50b97857b95c8b58fbaa89e528105534fc73606f71e0c4866566b2d6dda2f907: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f3c8f37c59f021e336eb6064cb5ef086a44630c8a1cd0728d9b56d584a89fbaf: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a603fa5e3b4127f210503aaa6189abf6286ee5a73deeaab460f8f33ebc6b64e2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:0edfe97a837abe97ce52b42da5fad5df39a3daccc47b5e4d3bc294375b481a0a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:0bf5e07cb0afcd466f3b9f207c8cbaf77a1d483779f37d0189115282e4374dc1: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f95a257c65b62fcb59f62f64ab3212e47226f460e9cbfa8c9187f2ab1923ca8c: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 20.9s total: 30.0 M (1.4 MiB/s)
d550e2afd0c1ac924a3047a559c38697167b6b2317a19b3336e43285c6e558dc
# 查看运行中的容器
[root@test tmp]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d550e2afd0c1 docker.io/library/nginx:1.22.1 "/docker-entrypoint.…" 32 seconds ago Up 0.0.0.0:10080->80/tcp nginx-test
# 根据容器名称删除容器
[root@test tmp]# nerdctl rm -f nginx-test
nginx-test
通过浏览器可以正常访问:
image.png
网友评论