containerd客户端工具nerdctl的使用

kubernetes发布v1.20时宣布将弃用docker，并且在2021年下半年发布的v1.23版本中，彻底移除dockershim 代码，意味着那时kubernetes支持的容器运行时不再包括docker，那么我们使用containerd作为runtime。

docker命令大家非常熟悉且好用，但containerd的客户端工具ctr及crictl却是极其难用，给大家带来了诸多不变。本文主要讲containerd 全新的一个客户端工具nerdctl的使用。

步骤1：安装containerd

[root@vms101 ~]# yum install  containerd.io cri-tools  -y

...大量输出...

作为依赖被升级:

audit.x86_64 0:2.8.5-4.el7         audit-libs.x86_64 0:2.8.5-4.el7

libselinux.x86_64 0:2.5-15.el7      libselinux-python.x86_64 0:2.5-15.el7

libselinux-utils.x86_64 0:2.5-15.el7   libsemanage.x86_64 0:2.5-14.el7

libsepol.x86_64 0:2.5-10.el7          policycoreutils.x86_64 0:2.5-34.el7

selinux-policy.noarch 0:3.13.1-268.el7_9.2

完毕！

[root@vms101 ~]#

步骤2：启动containerd并设置开机自动启动

[root@vms101 ~]# systemctl enable containerd  --now

Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.

[root@vms101 ~]#

步骤3：修改containerd配置文件并配置加速器

[root@vms101 ~]# cat /etc/containerd/config.toml

disabled_plugins = ["restart"]

[plugins]

  [plugins.cri.registry.mirrors."docker.io"]

     endpoint = ["https://frz7i079.mirror.aliyuncs.com"]

[root@vms101 ~]#

步骤4：重启containerd

重启containerd

[root@vms101 ~]# systemctl restart containerd

[root@vms101 ~]#

步骤5：下载并安装nerdctl

https://github.com/containerd/nerdctl/releases

下载最新版本的nerdctl

解压到/usr/local/bin里：

[root@vms101 ~]# tar zxvf nerdctl-0.8.0-linux-amd64.tar.gz -C /usr/local/bin/

nerdctl

containerd-rootless-setuptool.sh

containerd-rootless.sh

[root@vms101 ~]# ls /usr/local/bin/

containerd-rootless-setuptool.sh  containerd-rootless.sh  nerdctl

[root@vms101 ~]#

 

步骤6：安装网络插件

到https://github.com/containernetworking/plugins/releases下载最新版本CNI插件，解压放在/opt/cni/bin目录中。

[root@vms101 ~]# mkdir -p /opt/cni/bin/

[root@vms101 ~]# tar zxf cni-plugins-linux-amd64-v0.9.1.tgz -C /opt/cni/bin/

[root@vms101 ~]#

步骤7：设置nerdctl子命令可以使用tab键

在/etc/profile里添加source <(nerdctl completion bash)，如下：

[root@vms101 ~]# head -2 /etc/profile

# /etc/profile

source <(nerdctl completion bash)

[root@vms101 ~]#

让设置生效：

[root@vms101 ~]# source /etc/profile

[root@vms101 ~]#

步骤8：镜像管理

[root@vms101 ~]# nerdctl pull nginx #拉取镜像

docker.io/library/nginx:latest:                resolved       |++++++++++++++++++++++++++++++++++++++|

index-sha256:75a55d33ecc73c2a242450a9f1cc858499d468f077ea942867e662c247b5e412:    done           |++++++++++++++++++++++++++++++++++++++|

...大量输出...

done           |++++++++++++++++++++++++++++++++++++++|

layer-sha256:aa1efa14b3bfc78fab92952a716bb9d6bda5de150727297dbd8bda66c933a0f3:    done           |++++++++++++++++++++++++++++++++++++++|

elapsed: 47.7s                                                                    total:  51.2 M (1.1 MiB/s)

[root@vms101 ~]#

[root@vms101 ~]# nerdctl images

REPOSITORY    TAG       IMAGE ID        CREATED               SIZE

nginx         latest    75a55d33ecc7    About a minute ago    51.2 MiB

[root@vms101 ~]#

给nginx镜像做标签为192.168.26.101/cka/nginx:v1

[root@vms101 ~]# nerdctl tag docker.io/library/nginx:latest 192.168.26.101/cka/nginx:v1

[root@vms101 ~]# nerdctl images

REPOSITORY             TAG    IMAGE ID      CREATED           SIZE

192.168.26.101/cka/nginx  v1     75a55d33ecc7   1 second ago       51.2 MiB

nginx                   latest  75a55d33ecc7    About a minute ago   51.2 MiB

[root@vms101 ~]#

步骤9：创建容器

[root@vms101 ~]# nerdctl run -d  --name=c1 --restart=always -p 80:80 192.168.26.101/cka/nginx:v1

9ba001a932043d9e15c67ed610dfe2255b80926bf5a77f372d6183512b1e73be

[root@vms101 ~]#

[root@vms101 ~]# nerdctl ps

CONTAINER ID    IMAGE                          COMMAND                   CREATED          STATUS    PORTS                 NAMES

9ba001a93204    192.168.26.101/cka/nginx:v1    "/docker-entrypoint.…"    5 seconds ago    Up        0.0.0.0:80->80/tcp    c1

[root@vms101 ~]#

在物理机上访问此容器

步骤10：容器管理

[root@vms101 ~]# nerdctl exec -it c1 bash

root@9ba001a93204:/# exit

exit

[root@vms101 ~]#