一款小工具,將Docker使用體驗(yàn)復(fù)制粘貼到Containerd
作者簡(jiǎn)介
自從 Kubernetes 宣布在 v1.20 之后棄用 Docker 作為容器運(yùn)行時(shí),而改用 containerd 之后,大家對(duì) containerd 的關(guān)注度越來越高。近些年 CNCF 社區(qū)一直在不斷完善 containerd,其定位也發(fā)生了改變,由原來的系統(tǒng)嵌入組件,變成了今天的“工業(yè)級(jí)標(biāo)準(zhǔn)的容器運(yùn)行時(shí)”。
而對(duì)于我們習(xí)慣使用的 Docker CLI 的用戶來說,Containerd 雖然提供的 CLI( ctr 和 crictl ),但使用體驗(yàn)并不友好,因?yàn)樗鼰o法像 Docker 一樣去全生命周期地管理容器。
還好,另外一個(gè)命令行工具項(xiàng)目 nerdctl 可供我們選擇。nerdctl 是一個(gè)與 Docker CLI 風(fēng)格兼容的 containerd 的 CLI 工具,使用體驗(yàn)和 Docker 基本一致。
目前,nerdctl 已經(jīng)作為子項(xiàng)目加入了 containerd 項(xiàng)目,它的 github 地址是 :
https://github.com/containerd/nerdctl
Nerdctl 基本涵蓋了 Docker CLI 的所有功能,同時(shí),它還實(shí)現(xiàn)了很多 Docker 中不具備的功能,比如:延遲拉取鏡像(lazy-pulling)、鏡像加密(imgcrypt)等。
K3s 默認(rèn)使用 containerd 作為容器運(yùn)行時(shí),下文將給大家介紹如何在 K3s 中使用 nerdctl 輕松管理容器。
安裝 K3s
root@k3s:~# curl -sfL https://get.k3s.io | sh -[INFO] Finding release for channel stable[INFO] Using v1.21.5+k3s1 as release[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.21.5+k3s1/sha256sum-amd64.txt[INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.21.5+k3s1/k3s[INFO] Verifying binary download[INFO] Installing k3s to /usr/local/bin/k3s[INFO] Creating /usr/local/bin/kubectl symlink to k3s[INFO] Creating /usr/local/bin/crictl symlink to k3s[INFO] Creating /usr/local/bin/ctr symlink to k3s[INFO] Creating killall script /usr/local/bin/k3s-killall.sh[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env[INFO] systemd: Creating service file /etc/systemd/system/k3s.service[INFO] systemd: Enabling k3s unitCreated symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.[INFO] systemd: Starting k3s
安裝并配置 Nerdctl
從 nerdctl 的 release(https://github.com/containerd/nerdctl/releases) 中下載二進(jìn)制文件,然后將 nerdctl 移動(dòng)到/usr/local/bin 下即可完成安裝。
因?yàn)樯弦徊桨惭b的 K3s 中已經(jīng)包含了 containerd,所以只需要下載 nerdctl---.tar.gz 即可,否則需要安裝 nerdctl-full---.tar.gz
如果要使用 nerdctl 管理 K3s 環(huán)境中的容器,還需要手動(dòng)指定 containerd socket:
root:~# export CONTAINERD_ADDRESS="unix:///run/k3s/containerd/containerd.sock"接下來,就可以使用 nerdctl 來查詢 K3s 中的容器了:
root@k3s:~# nerdctl -n k8s.io psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES19a2751ecaf2 docker.io/rancher/pause:3.1 "/pause" 24 minutes ago Up1fb15a152a65 docker.io/rancher/coredns-coredns:1.8.3 "/coredns -conf /etc…" 24 minutes ago Up3005a774e1c1 docker.io/rancher/library-traefik:2.4.8 "/entrypoint.sh --gl…" 23 minutes ago Up364c9f6a7a5a docker.io/rancher/pause:3.1 "/pause" 24 minutes ago Up46aac7428aec docker.io/rancher/klipper-lb:v0.2.0 "entry" 23 minutes ago Up6442944d5514 docker.io/rancher/pause:3.1 "/pause" 23 minutes ago Up6f2a5e9a955c docker.io/rancher/local-path-provisioner@sha256:9666b1635fec95d4e2251661e135c90678b8f45fd0f8324c55db99c80e2a958c "local-path-provisio…" 24 minutes ago Up758b0400700f docker.io/rancher/klipper-lb:v0.2.0 "entry" 23 minutes ago Up808fdd380c8b docker.io/rancher/pause:3.1 "/pause" 24 minutes ago Up8421cc3f260d docker.io/rancher/pause:3.1 "/pause" 23 minutes ago Upc16c1a7560e8 docker.io/rancher/metrics-server:v0.3.6 "/metrics-server" 24 minutes ago Uproot@k3s:~#
通過 nerdctl 創(chuàng)建容器
如果要使用 nerdctl 創(chuàng)建容器,需要提前配置 CNI Plugins:
root@k3s:~# mkdir -p /opt/cni/binroot@k3s:~# wget -c https://github.com/containernetworking/plugins/releases/download/v1.0.1/cni-plugins-linux-amd64-v1.0.1.tgz -O - | tar -xz -C /opt/cni/bin/
使用 nerdctl 運(yùn)行容器:
root@k3s:~# nerdctl run -d --name nginx -p 8000:80 nginx:alpinedocker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|index-sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3: done |++++++++++++++++++++++++++++++++++++++|manifest-sha256:af466e4f12e3abe41fcfb59ca0573a3a5c640573b389d5287207a49d1324abd8: done |++++++++++++++++++++++++++++++++++++++|config-sha256:513f9a9d8748b25cdb0ec6f16b4523af7bba216a6bf0f43f70af75b4cf7cb780: done |++++++++++++++++++++++++++++++++++++++|elapsed: 4.8 s total: 3.1 Ki (669.0 B/s)4dbc8925dcb69082c9a4c9959853280a9154d2b42cbbf4ce3bdb846b955d34c1
查看創(chuàng)建的容器:
root@k3s:~# nerdctl psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES4dbc8925dcb6 docker.io/library/nginx:alpine "/docker-entrypoint.…" About a minute ago Up 0.0.0.0:8000->80/tcp nginx
Build 鏡像
Nerdctl 構(gòu)建鏡像需要結(jié)合 buildkit (https://github.com/moby/buildkit),所以,我們需要先安裝并啟動(dòng) buildkit:
root:~# wget -c https://github.com/moby/buildkit/releases/download/v0.9.0/buildkit-v0.9.0.linux-amd64.tar.gz -O - | tar -xz -C /usr/local/root:~# buildkitd --containerd-worker-addr="/run/k3s/containerd/containerd.sock" --oci-worker=false --containerd-worker=true &
接下來,我們就可以使用 nerdctl 構(gòu)建容器鏡像:
root@k3s:~# nerdctl build -t "nginx:t1" .[+] Building 7.6s (4/6)[+] Building 7.9s (4/6)[+] Building 8.2s (4/6)[+] Building 8.4s (4/6)[+] Building 9.1s (4/6)[+] Building 9.5s (4/6)[+] Building 14.6s (7/7) FINISHED=> [internal] load build definition from Dockerfile 0.1s=> => transferring dockerfile: 93B 0.0s=> [internal] load .dockerignore 0.0s=> => transferring context: 2B 0.0s=> [internal] load metadata for docker.io/library/nginx:alpine 6.4s=> [internal] load build context 0.1s=> => transferring context: 652B 0.0s=> [1/2] FROM docker.io/library/nginx:alpine@sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 4.2s=> => resolve docker.io/library/nginx:alpine@sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 0.1s=> => sha256:61074acc7dd227cfbeaf719f9b5cdfb64711bc6b60b3865c7b886b7099c15d15 0B / 1.39kB 7.3s=> => sha256:969825a5ca61c8320c63ff9ce0e8b24b83442503d79c5940ba4e2f0bd9e34df8 0B / 663B 7.3s=> => sha256:3e72c40d0ff43c52c5cc37713b75053e8cb5baea8e137a784d480123814982a2 0B / 891B 7.2s=> => sha256:c1368e94e1ec563b31c3fb1fea02c9fbdc4c79a95e9ad0cac6df29c228ee2df3 0B / 602B 7.3s=> => sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e 2.81MB / 2.81MB 6.9s=> => sha256:4dd4efe90939ab5711aaf5fcd9fd8feb34307bab48ba93030e8b845f8312ed8e 6.29MB / 7.15MB 6.7s=> => extracting sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e 0.7s=> => extracting sha256:4dd4efe90939ab5711aaf5fcd9fd8feb34307bab48ba93030e8b845f8312ed8e 1.4s=> => extracting sha256:c1368e94e1ec563b31c3fb1fea02c9fbdc4c79a95e9ad0cac6df29c228ee2df3 0.0s=> => extracting sha256:3e72c40d0ff43c52c5cc37713b75053e8cb5baea8e137a784d480123814982a2 0.0s=> => extracting sha256:969825a5ca61c8320c63ff9ce0e8b24b83442503d79c5940ba4e2f0bd9e34df8 0.0s=> => extracting sha256:61074acc7dd227cfbeaf719f9b5cdfb64711bc6b60b3865c7b886b7099c15d15 0.0s=> [2/2] ADD index.html /usr/share/nginx/html/ 0.3s=> exporting to oci image format 2.8s=> => exporting layers 0.4s=> => exporting manifest sha256:b9bd561041b26c433f0d556c9b14496a543746cc6ffceaa5d86efcaae8fd60e3 0.0s=> => exporting config sha256:016a6b9885092667ab5418dbad43f3d1ac35056452431fe8d1a4b0e895ad76f3 0.0s=> => sending tarball 2.4sunpacking docker.io/library/nginx:t1 (sha256:b9bd561041b26c433f0d556c9b14496a543746cc6ffceaa5d86efcaae8fd60e3)...done
查看構(gòu)建鏡像:
:~# nerdctl imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx alpine 686aac2769fd About an hour ago 26.0 MiBnginx t1 b9bd561041b2 2 minutes ago 26.0 MiB
總 結(jié)
實(shí)際上,nerdctl 的使用方式和 Docker CLI 幾乎一致,我們可以輕松從 Docker 過渡到 nerdctl+containerd。如果你是因?yàn)榱?xí)慣了 docker cli 才在 K3s 集群中使用 Docker 容器運(yùn)行時(shí)的話,那么現(xiàn)在借助 nerdctl 管理 containerd 也許是更好的選擇。
本文只是給大家 demo 了如何在 K3s 中借助 nerdctl 管理本地容器,如果你使用的是 RKE2 集群,你也可以參考本文的說明來在 RKE2 集群中使用 nerdctl 來管理 containerd。
掃碼添加k3s中文社區(qū)助手
加入官方中文技術(shù)社區(qū)
官網(wǎng):https://k3s.io