nerdctl - 兼容 Docker 语法 的 containerd 命令行界面

Nerdctl 是一个专为 containerd 环境设计的容器运行时工具,它与 Docker 语法兼容,提供了类似的命令行接口,但专注于更高效的容器管理。以下是关于 Nerdctl 的详细介绍:

nerdctl 是 containerd 的一个非核心子项目。

核心特点

  1. 轻量级设计:作为 containerd 的原生客户端,避免了不必要的组件层级,提升性能。
  2. Kubernetes 集成:无缝对接 Kubernetes 生态,支持 kubelet 直接调用。
  3. 兼容 Docker:大部分 Docker 命令可直接替换为 nerdctl 使用。
  4. 安全增强:默认启用 cgroups v2 和 seccomp 等安全特性。

基础命令示例

# 拉取镜像
nerdctl pull nginx:alpine

# 运行容器
nerdctl run -d -p 8080:80 --name web nginx:alpine

# 列出容器
nerdctl ps

# 构建镜像
nerdctl build -t myapp:v1 .

# 推送镜像
nerdctl push myapp:v1

与 Kubernetes 协同

Nerdctl 可直接操作 Kubernetes 节点上的容器:

# 在节点上执行命令
kubectl exec -it node-name -- bash
nerdctl ps  # 查看该节点上的所有容器

安装方法

下载地址:
https://github.com/containerd/nerdctl/releases

手动安装最新版本

# 1. 下载预编译二进制文件(替换为最新版本)
VERSION=$(curl -s https://api.github.com/repos/containerd/nerdctl/releases/latest | grep 'tag_name' | cut -d'"' -f4)
ARCH=$(uname -m)
curl -LO https://github.com/containerd/nerdctl/releases/download/${VERSION}/nerdctl-${VERSION#v}-linux-${ARCH}.tar.gz

# 2. 解压并安装
sudo tar -C /usr/local/bin -xzf nerdctl-${VERSION#v}-linux-${ARCH}.tar.gz

配置示例

完整参考:

https://github.com/containerd/nerdctl/blob/main/docs/config.md

修改 /etc/nerdctl/nerdctl.toml 配置文件:

# This is an example of /etc/nerdctl/nerdctl.toml .
# Unrelated to the daemon's /etc/containerd/config.toml .

debug          = false
debug_full     = false
address        = "unix:///run/k3s/containerd/containerd.sock"
namespace      = "k8s.io"
snapshotter    = "stargz"
cgroup_manager = "cgroupfs"
hosts_dir      = ["/etc/containerd/certs.d", "/etc/docker/certs.d"]
experimental   = true
userns_remap   = ""
dns            = ["8.8.8.8", "1.1.1.1"]
dns_opts       = ["ndots:1", "timeout:2"]
dns_search     = ["example.com", "example.org"]
Properties
TOML propertyCLI flagEnv varDescriptionAvailability
debug--debugDebug modeSince 0.16.0
debug_full--debug-fullDebug mode (with full output)Since 0.16.0
address--address,--host,-a,-H$CONTAINERD_ADDRESScontainerd addressSince 0.16.0
namespace--namespace,-n$CONTAINERD_NAMESPACEcontainerd namespaceSince 0.16.0
snapshotter--snapshotter,--storage-driver$CONTAINERD_SNAPSHOTTERcontainerd snapshotterSince 0.16.0
cni_path--cni-path$CNI_PATHCNI binary directorySince 0.16.0
cni_netconfpath--cni-netconfpath$NETCONFPATHCNI config directorySince 0.16.0
data_root--data-rootPersistent state directorySince 0.16.0
cgroup_manager--cgroup-managercgroup managerSince 0.16.0
insecure_registry--insecure-registryAllow insecure registrySince 0.16.0
hosts_dir--hosts-dircerts.d directorySince 0.16.0
experimental--experimentalNERDCTL_EXPERIMENTALEnable experimental featuresSince 0.22.3
host_gateway_ip--host-gateway-ipNERDCTL_HOST_GATEWAY_IPIP address that the special ‘host-gateway’ string in --add-host resolves to. Defaults to the IP address of the host. It has no effect without setting --add-hostSince 1.3.0
bridge_ip--bridge-ipNERDCTL_BRIDGE_IPIP address for the default nerdctl bridge network, e.g., 10.1.100.1/24Since 2.0.1
kube_hide_dupe--kube-hide-dupeDeduplicate images for Kubernetes with namespace k8s.io, no more redundant ones are displayedSince 2.0.3
cdi_spec_dirs--cdi-spec-dirsThe folders to use when searching for CDI (container-device-interface) specifications.Since 2.1.0
userns_remap--userns-remapSupport idmapping of containers. This options is only supported on rootful linux. If host is passed, no idmapping is done. if a user name is passed, it does idmapping based on the uidmap and gidmap ranges specified in /etc/subuid and /etc/subgid respectively.Since 2.1.0
dnsSet global DNS servers for containersSince 2.1.3
dns_optsSet global DNS options for containersSince 2.1.3
dns_searchSet global DNS search domains for containersSince 2.1.3
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值