Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,相信大部分人都用过或者听说过,随着技术的发展,后起的新秀containerd正在逐渐取代docker的位置。
containerd的由来
containerd是CNCF(云原生基金会)中的一个重要项目,是一个中立的“工业标准容器运行时”, 它来源于CNCF与docker公司的相爱相杀(具体可自行百度),containerd原先是docker中的核心依赖,但比较简单,并不能直接提供给终端用户直接使用,后来docker公司将其捐赠给了CNCF,在CNCF大佬们的完善下,containerd逐渐成为了一个成熟的容器运行时服务,拥有和docker一样的容器管理能力,
docker,containerd,runc的关系
相信大家可能或多或少都听过这几个概念,简单介绍一下
docker: 或者应该叫docker deamon,集容器管理与编排于一身的容器引擎,其中容器管理能力就是依赖于containerd,容器编排能力是集成了docker swarm
containerd: 是一个标准的容器运行时,提供标准rpc接口对容器进行管理, 可以对接各种容器相关系统
runc: 由libcontainer(旧版docker中管理容器的库)演变而来,实现了开放容器接口(OCI), 是一个命令行工具,直接与cgroup或linux内核交互, 进行容器的创建删除等操作
他们的调用关系如下:
docker cli -> docker daemon -> containerd -> runc
nerdctl介绍
containerd虽然可直接提供给终端用户直接使用,也提供了命令行工具(ctr),但并不是很友好,所以nerdctl应运而生,它也是containerd的命令行工具,支持docker cli关于容器生命周期管理的所有命令,并且支持docker compose (nerdctl compose up)
二进制方式安装
下载地址: https://github.com/containerd/nerdctl/releases
- 精简 (nerdctl-0.8.2-linux-amd64.tar.gz): 只包含nerdctl
- 完整 (nerdctl-full-0.8.2-linux-amd64.tar.gz): 包含 containerd, runc, and CNI等依赖
下载
wget https://github.com/containerd/nerdctl/releases/download/v0.8.2/nerdctl-full-0.8.2-linux-amd64.tar.gz
解压到/usr/local下(最好解压到此目录,否则就需要更改lib/systemd/system/containerd.service中的二进制路径)
tar Cxzvvf /usr/local nerdctl-full-0.8.2-linux-amd64.tar.gz
查看
# ls /usr/local/bin/
buildctl containerd containerd-rootless-setuptool.sh containerd-shim-runc-v2 containerd-stress ctr ctr-remote nerdctl rootlesskit slirp4netns
buildkitd containerd-fuse-overlayfs-grpc containerd-rootless.sh containerd-stargz-grpc ctd-decoder ctr-enc fuse-overlayfs rootlessctl runc stargz-store
确保/usr/local/bin在环境变量PATH中(默认是在的),就可以直接使用nerdctl命令了
# nerdctl --help
NAME:
nerdctl - Docker-compatible CLI for containerd
USAGE:
nerdctl [global options] command [command options] [arguments...]
VERSION:
0.8.2.m
COMMANDS:
run Run a command in a new container
exec Run a command in a running container
ps List containers
logs Fetch the logs of a container. Currently, only containers created with `nerdctl run -d` are supported.
port List port mappings or a specific mapping for the container
stop Stop one or more running containers
start Start one or more running containers
kill Kill one or more running containers
rm Remove one or more containers
pause Pause all processes within one or more containers
unpause Unpause all processes within one or more containers
commit [flags] CONTAINER REPOSITORY[:TAG]
wait Block until one or more containers stop, then print their exit codes.
build Build an image from a Dockerfile. Needs buildkitd to be running.
images List images
pull Pull an image from a registry
push Push an image or a repository to a registry
load Load an image from a tar archive or STDIN
save Save one or more images to a tar archive (streamed to STDOUT by default)
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
rmi Remove one or more images
events Get real time events from the server
info Display system-wide information
version Show the nerdctl version information
inspect Return low-level information on objects. Currently, only supports container objects.
login Log in to a Docker registry
logout Log out from a Docker registry
compose Compose
completion Show shell completion
help, h Shows a list of commands or help for one command
Management:
container Manage containers
image Manage images
network Manage networks
volume Manage volumes
system Manage containerd
namespace Manage containerd namespaces
启动containerd
systemctl start containerd
# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/local/lib/systemd/system/containerd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2021-05-25 22:51:34 CST; 4s ago
Docs: https://containerd.io
Process: 1745 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 1748 (containerd)
Tasks: 7
Memory: 20.7M
CGroup: /system.slice/containerd.service
└─1748 /usr/local/bin/containerd
设置开机启动
systemctl enable containerd
使用
下载nginx镜像
nerdctl pull nginx:alpine
运行nginx镜像
# nerdctl run -d --name nginx -p 80:80 nginx:alpine
# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0857f7aed52a docker.io/library/nginx:alpine "/docker-entrypoint.…" About a minute ago Up 0.0.0.0:80->80/tcp nginx
访问浏览器: http://[服务器ip]:80 端口可看到nginx页面
如果nerdctl不习惯,可以设置别名为docker
# alias docker=nerdctl
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0857f7aed52a docker.io/library/nginx:alpine "/docker-entrypoint.…" 3 minutes ago Up 0.0.0.0:80->80/tcp nginx
[root@localhost ~]#
docker compose支持
先删掉之前的容器
nerdctl rm -f nginx
准备docker compose的定义文件
# cat docker-compose.yml
version: "3.5"
services:
nginx:
image: nginx:alpine
deploy:
replicas: 1
restart_policy:
condition: on-failure
ports:
- "80:80"
启动
nerdctl compose up -d
# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fb12aff45422 docker.io/library/nginx:alpine "/docker-entrypoint.…" 8 seconds ago Up 0.0.0.0:80->80/tcp test_nginx_1
