{"id":3039,"date":"2024-06-26T10:24:48","date_gmt":"2024-06-26T02:24:48","guid":{"rendered":"https:\/\/199604.com\/?p=3039"},"modified":"2024-06-26T16:54:54","modified_gmt":"2024-06-26T08:54:54","slug":"nerdctl-%e5%9f%ba%e4%ba%8e-containerd-%e5%85%bc%e5%ae%b9-docker-cli","status":"publish","type":"post","link":"https:\/\/199604.com\/3039","title":{"rendered":"nerdctl \u57fa\u4e8e containerd \u517c\u5bb9 docker CLI"},"content":{"rendered":"

nerdctl \u57fa\u4e8e containerd \u517c\u5bb9 docker CLI<\/h1>\n

\u7b80\u4ecb<\/h2>\n

nerdctl<\/code> \u662f\u7528\u4e8e containerd<\/code> \u7684\u4e0e Docker<\/code>\u517c\u5bb9\u7684 CLI\u3002\u4e3b\u8981\u9002\u7528\u4e8e Docker<\/code>\u8f6c\u5230 Containerd<\/code> \u7684\u7528\u6237\uff0c\u64cd\u4f5c Containerd<\/code> \u7684\u547d\u4ee4\u884c\u5de5\u5177 ctr \u548c crictl<\/code> \u4e0d\u600e\u4e48\u597d\u7528\uff0c\u6240\u4ee5\u51fa\u73b0\u4e86 nerdctl<\/code>\u5de5\u5177\u3002<\/p>\n

\n nerdctl \u64cd\u4f5c\u7684\u662f containerd \u800c\u975e docker\uff0c\u4f46\u5b83\u53ea\u662f\u7528\u6cd5\u4fdd\u6301\u4e86 docker cli \u7684\u4e60\u60ef\uff0c\u5b9e\u8d28\u4e0a\u64cd\u4f5c\u7684\u662f containerd\u3002\n<\/p><\/blockquote>\n

✅ Same UI\/UX as docker<\/code>
\n✅ \u4e0e UI\/UX docker<\/code> \u76f8\u540c<\/p>\n

✅ Supports Docker Compose (nerdctl compose up<\/code>)
\n✅ \u652f\u6301 Docker Compose \uff08 nerdctl compose up<\/code> \uff09<\/p>\n

✅ [Optional] Supports rootless mode, without slirp overhead (bypass4netns)<\/a>
\n✅ [\u53ef\u9009] \u652f\u6301\u65e0\u6839\u6a21\u5f0f\uff0c\u65e0 slirp \u5f00\u9500 \uff08bypass4netns\uff09<\/p>\n

✅ [Optional] Supports lazy-pulling (Stargz<\/a>, Nydus<\/a>, OverlayBD<\/a>)
\n✅ [\u53ef\u9009] \u652f\u6301\u5ef6\u8fdf\u62c9\u53d6\uff08Stargz\u3001Nydus\u3001OverlayBD\uff09<\/p>\n

✅ [Optional] Supports encrypted images (ocicrypt)<\/a>
\n✅ [\u53ef\u9009] \u652f\u6301\u52a0\u5bc6\u56fe\u50cf \uff08ocicrypt\uff09<\/p>\n

✅ [Optional] Supports P2P image distribution (IPFS)<\/a> (1)
\n✅ [\u53ef\u9009] \u652f\u6301 P2P \u56fe\u50cf\u5206\u53d1 \uff08IPFS\uff09 \uff08<\/em>1\uff09<\/p>\n

✅ [Optional] Supports container image signing and verifying (cosign)<\/a>
\n✅ [\u53ef\u9009] \u652f\u6301\u5bb9\u5668\u955c\u50cf\u7b7e\u540d\u548c\u9a8c\u8bc1\uff08cosign\uff09
\nNERDCTL \u662f containerd \u7684\u4e00\u4e2a\u975e\u6838\u5fc3\u5b50\u9879\u76ee\u3002<\/p>\n

\n \u53c2\u8003\uff1ahttps:\/\/github.com\/containerd\/nerdctl<\/code>\n<\/p><\/blockquote>\n

\u5b89\u88c5<\/h2>\n

nerdctl<\/code> \u5b98\u65b9\u53d1\u5e03\u5305\u542b\u4e24\u4e2a\u5b89\u88c5\u7248\u672c\uff1a<\/p>\n

    \n
  • Minimal\uff1a\u4ec5\u5305\u542b nerdctl \u4e8c\u8fdb\u5236\u6587\u4ef6\u53ca rootless \u6a21\u5f0f\u4e0b\u7684\u8f85\u52a9\u5b89\u88c5\u811a\u672c\uff1b<\/li>\n
  • Full\uff1a\u5168\u91cf\u5305\uff0c\u5176\u4e2d\u5305\u542b\u4e86 Containerd\u3001CNI\u3001runc\u3001BuildKit \u7b49\u5b8c\u6574\u7ec4\u4ef6\u3002<\/li>\n<\/ul>\n

    \u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/github.com\/containerd\/nerdctl\/releases<\/code><\/p>\n

    \n \u6ce8\u610f\uff1a\u5b89\u88c5 nerdctl-full \u7248\u672c\u96c6\u6210\u4e86 containerd \u3002\u5982\u4e3b\u673a\u5df2\u5b89\u88c5 containerd \u8bf7\u9009\u62e9 nerdctl\u7b80\u6613\u7248\n<\/p><\/blockquote>\n

    #nerdctl \u5b89\u88c5\uff1a\n# nerdctl\u63d2\u4ef6\u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/github.com\/containerd\/nerdctl\/releases\/\n# \u4e0a\u4f20nerdctl\u5b89\u88c5\u5305\ntar -zxvf nerdctl-1.7.6-linux-amd64.tar.gz -C \/usr\/local\/bin\/\n\n# \u67e5\u770b\u7248\u672c\nnerdctl -v\n\n\n# nerdctl\u547d\u4ee4\u8865\u5168\nyum install bash-completion -y\n\nvim \/etc\/profile\nsource <(nerdctl completion bash)\nsource \/etc\/profile\n<\/code><\/pre>\n
    \u5c06nerdctl\u66f4\u540d\u4e3a docker<\/strong><\/h3>\n
    cat << 'EOF' > \/usr\/local\/bin\/docker\n#!\/bin\/bash\n\/usr\/local\/bin\/nerdctl $@\nEOF\nchmod +x \/usr\/local\/bin\/docker\n\n\n# \u751f\u6210\u81ea\u52a8\u8865\u5168\u6587\u4ef6\n# nerdctl completion bash > \/etc\/bash_completion.d\/nerdctl\n# nerdctl completion bash > \/etc\/bash_completion.d\/docker\n<\/code><\/pre>\n
    \u5b89\u88c5buildkit\uff08\u53ef\u7701\u7565\uff0c\u7528\u4e8e\u6784\u5efa\u955c\u50cf\uff09<\/h3>\n
    # \u4e0b\u8f7d\u6587\u4ef6 https:\/\/github.com\/moby\/buildkit\n# \u4e0a\u4f20\u5b89\u88c5\u5305\n# \u521b\u5efa\u89e3\u538b\u7684\u76ee\u5f55\nmkdir -p \/usr\/local\/buildkit\n\n# \u89e3\u538b\u5230\u6307\u5b9a\u7684\u76ee\u5f55\ntar -xf buildkit-v0.13.2.linux-amd64.tar.gz -C \/usr\/local\/buildkit\n\n# \u67e5\u770b\u89e3\u538b\u7684\u76ee\u5f55\nyum -y install tree\ntree \/usr\/local\/buildkit\n\n# \u4fee\u6539PATH\u73af\u5883\u53d8\u91cf\n# \u6ce8\u610f\u8fd9\u91cc\u7684echo \u8981\u4f7f\u7528\u5355\u5f15\u53f7\uff0c\u5355\u5f15\u53f7\u4f1a\u539f\u6837\u8f93\u51fa\uff0c\u53cc\u5f15\u53f7\u4f1a\u89e3\u6790\u53d8\u91cf\necho 'export PATH=\/usr\/local\/buildkit\/bin:$PATH' >> \/etc\/profile\ncat \/etc\/profile\n\n# \u4f7f\u521a\u624d\u914d\u7f6e\u751f\u6548\nsource \/etc\/profile\n\n# \u521b\u5efabuildkitd\u81ea\u542f\u52a8\u670d\u52a1\ncat > \/etc\/systemd\/system\/buildkitd.service << 'EOF'\n[Unit]\nDocumentation=https:\/\/github.com\/moby\/buildkit\nDescription=buildkitd\nAfter=network.target\n\n[Service]\nExecStart=\/usr\/local\/buildkit\/bin\/buildkitd --oci-worker=false --containerd-worker=true\n\n[Install]\nWantedBy=multi-user.target\nEOF\n# \u91cd\u65b0\u52a0\u8f7dUnit file\nsystemctl daemon-reload\n# \u542f\u52a8\u670d\u52a1\nsystemctl start buildkitd\n# \u5f00\u673a\u81ea\u542f\u52a8\nsystemctl enable buildkitd\n<\/code><\/pre>\n
    \u547d\u4ee4<\/h4>\n
    \u8f93\u5165 nerdctl -h<\/code> \u67e5\u770b\u5e2e\u52a9\uff0c\u5217\u51fa\u6240\u6709\u547d\u4ee4\u8bf4\u660e\uff0c\u5982\u4e0b\uff1a<\/p>\n
    [root@k146 rke2]# nerdctl -h\nnerdctl is a command line interface for containerd\n\nConfig file ($NERDCTL_TOML): \/etc\/nerdctl\/nerdctl.toml\n\nUsage: nerdctl [flags]\n\nManagement commands:\n  apparmor   Manage AppArmor profiles\n  builder    Manage builds\n  container  Manage containers\n  image      Manage images\n  ipfs       Distributing images on IPFS\n  namespace  Manage containerd namespaces\n  network    Manage networks\n  system     Manage containerd\n  volume     Manage volumes\n\nCommands:\n  attach      Attach stdin, stdout, and stderr to a running container.\n  build       Build an image from a Dockerfile. Needs buildkitd to be running.\n  commit      Create a new image from a container's changes\n  completion  Generate the autocompletion script for the specified shell\n  compose     Compose\n  cp          Copy files\/folders between a running container and the local filesystem.\n  create      Create a new container. Optionally specify \"ipfs:\/\/\" or \"ipns:\/\/\" scheme to pull image from IPFS.\n  diff        Inspect changes to files or directories on a container's filesystem\n  events      Get real time events from the server\n  exec        Run a command in a running container\n  help        Help about any command\n  history     Show the history of an image\n  images      List images\n  info        Display system-wide information\n  inspect     Return low-level information on objects.\n  kill        Kill one or more running containers\n  load        Load an image from a tar archive or STDIN\n  login       Log in to a container registry\n  logout      Log out from a container registry\n  logs        Fetch the logs of a container. Expected to be used with 'nerdctl run -d'.\n  pause       Pause all processes within one or more containers\n  port        List port mappings or a specific mapping for the container\n  ps          List containers\n  pull        Pull an image from a registry. Optionally specify \"ipfs:\/\/\" or \"ipns:\/\/\" scheme to pull image from IPFS.\n  push        Push an image or a repository to a registry. Optionally specify \"ipfs:\/\/\" or \"ipns:\/\/\" scheme to push image to IPFS.\n  rename      rename a container\n  restart     Restart one or more running containers\n  rm          Remove one or more containers\n  rmi         Remove one or more images\n  run         Run a command in a new container. Optionally specify \"ipfs:\/\/\" or \"ipns:\/\/\" scheme to pull image from IPFS.\n  save        Save one or more images to a tar archive (streamed to STDOUT by default)\n  start       Start one or more running containers\n  stats       Display a live stream of container(s) resource usage statistics.\n  stop        Stop one or more running containers\n  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE\n  top         Display the running processes of a container\n  unpause     Unpause all processes within one or more containers\n  update      Update one or more running containers\n  version     Show the nerdctl version information\n  wait        Block until one or more containers stop, then print their exit codes.\n\nFlags:\n  -H, --H string                 Alias of --address (default \"\/run\/containerd\/containerd.sock\")\n  -a, --a string                 Alias of --address (default \"\/run\/containerd\/containerd.sock\")\n      --address string           containerd address, optionally with \"unix:\/\/\" prefix [$CONTAINERD_ADDRESS] (default \"\/run\/containerd\/containerd.sock\")\n      --cgroup-manager string    Cgroup manager to use (\"cgroupfs\"|\"systemd\") (default \"cgroupfs\")\n      --cni-netconfpath string   cni config directory [$NETCONFPATH] (default \"\/etc\/cni\/net.d\")\n      --cni-path string          cni plugins binary directory [$CNI_PATH] (default \"\/opt\/cni\/bin\")\n      --data-root string         Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default \"\/var\/lib\/nerdctl\")\n      --debug                    debug mode\n      --debug-full               debug mode (with full output)\n      --experimental             Control experimental: https:\/\/github.com\/containerd\/nerdctl\/blob\/main\/docs\/experimental.md [$NERDCTL_EXPERIMENTAL] (default true)\n  -h, --help                     help for nerdctl\n      --host string              Alias of --address (default \"\/run\/containerd\/containerd.sock\")\n      --host-gateway-ip string   IP address that the special 'host-gateway' string in --add-host resolves to. Defaults to the IP address of the host. It has no effect without setting --add-host [$NERDCTL_HOST_GATEWAY_IP] (default \"192.168.111.146\")\n      --hosts-dir strings        A directory that contains <HOST:PORT>\/hosts.toml (containerd style) or <HOST:PORT>\/{ca.cert, cert.pem, key.pem} (docker style) (default [\/etc\/containerd\/certs.d,\/etc\/docker\/certs.d])\n      --insecure-registry        skips verifying HTTPS certs, and allows falling back to plain HTTP\n  -n, --n string                 Alias of --namespace (default \"default\")\n      --namespace string         containerd namespace, such as \"moby\" for Docker, \"k8s.io\" for Kubernetes [$CONTAINERD_NAMESPACE] (default \"default\")\n      --snapshotter string       containerd snapshotter [$CONTAINERD_SNAPSHOTTER] (default \"overlayfs\")\n      --storage-driver string    Alias of --snapshotter (default \"overlayfs\")\n  -v, --version                  version for nerdctl\n\nRun 'nerdctl COMMAND --help' for more information on a command.\n<\/code><\/pre>\n
    \u5e38\u7528nerdctl\u547d\u4ee4<\/h2>\n
    #nerdctl run :\u521b\u5efa\u5bb9\u5668\nnerdctl run -d -p 80:80 --name=nginx --restart=always nginx\n\n#nerdctl exec :\u8fdb\u5165\u5bb9\u5668\nnerdctl exec -it nginx \/bin\/sh\n\n#nerdctl ps :\u5217\u51fa\u5bb9\u5668\nnerdctl ps -a\nnerdctl -n k8s.io ps -a\n#nerdctl inspect :\u83b7\u53d6\u5bb9\u5668\u7684\u8be6\u7ec6\u4fe1\u606f \nnerdctl inspect nginx\n\n#nerdctl logs :\u83b7\u53d6\u5bb9\u5668\u65e5\u5fd7\nnerdctl logs -f nginx\n\n#nerdctl stop :\u505c\u6b62\u5bb9\u5668\nnerdctl stop nginx\n\n#nerdctl rm :\u5220\u9664\u5bb9\u5668\nnerdctl rm -f nginx\nnerdctl rmi -f <IMAGE ID>\n\n#nerdctl images\uff1a\u955c\u50cf\u5217\u8868\nnerdctl images\nnerdctl -n=k8s.io images\nnerdctl -n=k8s.io images | grep -v '<none>'\n\n#nerdctl pull :\u62c9\u53d6\u955c\u50cf\nnerdctl pull nginx\nnerdctl -n k8s.io pull nginx\n#\u4f7f\u7528 nerdctl login --username xxx --password xxx \u8fdb\u884c\u767b\u5f55\uff0c\u4f7f\u7528 nerdctl logout \u53ef\u4ee5\u6ce8\u9500\u9000\u51fa\u767b\u5f55\nnerdctl login\nnerdctl logout\n\n#nerdctl tag :\u955c\u50cf\u6807\u7b7e\nnerdctl tag nginx:latest harbor.k8s\/image\/nginx:latest\n\n#nerdctl push :\u63a8\u9001\u955c\u50cf\nnerdctl push harbor.k8s\/image\/nginx:latest\nnerdctl -n k8s.io push harbor.k8s\/image\/nginx:latest\n#nerdctl save :\u5bfc\u51fa\u955c\u50cf\nnerdctl save -o busybox.tar.gz busybox:latest\n\n#nerdctl load :\u5bfc\u5165\u955c\u50cf\nnerdctl load -i busybox.tar.gz\n\n#nerdctl rmi :\u5220\u9664\u955c\u50cf\nnerdctl rmi busybox\n\n#nerdctl build :\u4eceDockerfile\u6784\u5efa\u955c\u50cf\nnerdctl build -t centos:v1.0 -f centos.dockerfile .\n<\/code><\/pre>\n
    \n  \u6ce8\u610f\uff1actr<\/code>\u548cnerdctl<\/code>\u547d\u4ee4\u9700\u8981\u6307\u5b9a\u540d\u5b57\u7a7a\u95f4\uff0c\u7ba1\u7406k8s\u521b\u5efa\u7684\u5bb9\u5668\uff0c\u9700\u8981\u4f7f\u7528k8s.io<\/code>\u540d\u5b57\u7a7a\u95f4\uff0c\u5373ctr\/nerdctl -n k8s.io<\/code>\n<\/p><\/blockquote>\n
    \u53c2\u8003<\/h2>\n
    1.https:\/\/www.cnblogs.com\/lifuqiang\/articles\/17850939.html<\/code><\/p>\n
    2.https:\/\/www.cnblogs.com\/hsyw\/p\/17695809.html<\/code><\/p>\n
    3.https:\/\/github.com\/containerd\/nerdctl<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"
    nerdctl \u57fa\u4e8e containerd \u517c\u5bb9 docker CLI \u7b80\u4ecb nerdctl \u662f\u7528\u4e8e cont […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[332,353],"tags":[525,226,524],"class_list":["post-3039","post","type-post","status-publish","format-standard","hentry","category-docker","category-kubernetes","tag-containerd","tag-docker","tag-nerdctl"],"_links":{"self":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts\/3039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/comments?post=3039"}],"version-history":[{"count":2,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts\/3039\/revisions"}],"predecessor-version":[{"id":3043,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts\/3039\/revisions\/3043"}],"wp:attachment":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/media?parent=3039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/categories?post=3039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/tags?post=3039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}