Docker 是一个开源的应用容器引擎，让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中，然后发布到任何流行的 Linux或Windows 机器上，相信大部分人都用过或者听说过，随着技术的发展，后起的新秀containerd正在逐渐取代docker的位置。

containerd的由来

containerd是CNCF(云原生基金会)中的一个重要项目，是一个中立的“工业标准容器运行时”, 它来源于CNCF与docker公司的相爱相杀(具体可自行百度)，containerd原先是docker中的核心依赖，但比较简单，并不能直接提供给终端用户直接使用，后来docker公司将其捐赠给了CNCF，在CNCF大佬们的完善下，containerd逐渐成为了一个成熟的容器运行时服务，拥有和docker一样的容器管理能力，

docker，containerd，runc的关系

相信大家可能或多或少都听过这几个概念，简单介绍一下
docker: 或者应该叫docker deamon，集容器管理与编排于一身的容器引擎，其中容器管理能力就是依赖于containerd，容器编排能力是集成了docker swarm
containerd: 是一个标准的容器运行时，提供标准rpc接口对容器进行管理， 可以对接各种容器相关系统
runc: 由libcontainer(旧版docker中管理容器的库)演变而来，实现了开放容器接口(OCI)， 是一个命令行工具，直接与cgroup或linux内核交互, 进行容器的创建删除等操作

他们的调用关系如下:
docker cli -> docker daemon -> containerd -> runc

nerdctl介绍

containerd虽然可直接提供给终端用户直接使用，也提供了命令行工具(ctr)，但并不是很友好，所以nerdctl应运而生，它也是containerd的命令行工具，支持docker cli关于容器生命周期管理的所有命令，并且支持docker compose (nerdctl compose up)

二进制方式安装

下载地址: https://github.com/containerd/nerdctl/releases

• 精简 (nerdctl-0.8.2-linux-amd64.tar.gz): 只包含nerdctl
• 完整 (nerdctl-full-0.8.2-linux-amd64.tar.gz): 包含 containerd, runc, and CNI等依赖

下载

 wget https://github.com/containerd/nerdctl/releases/download/v0.8.2/nerdctl-full-0.8.2-linux-amd64.tar.gz

解压到/usr/local下(最好解压到此目录，否则就需要更改lib/systemd/system/containerd.service中的二进制路径)

tar Cxzvvf /usr/local nerdctl-full-0.8.2-linux-amd64.tar.gz

查看

# ls /usr/local/bin/
buildctl   containerd                      containerd-rootless-setuptool.sh  containerd-shim-runc-v2  containerd-stress  ctr      ctr-remote      nerdctl      rootlesskit  slirp4netns
buildkitd  containerd-fuse-overlayfs-grpc  containerd-rootless.sh            containerd-stargz-grpc   ctd-decoder        ctr-enc  fuse-overlayfs  rootlessctl  runc         stargz-store

确保/usr/local/bin在环境变量PATH中（默认是在的），就可以直接使用nerdctl命令了

# nerdctl --help
NAME:
   nerdctl - Docker-compatible CLI for containerd

USAGE:
   nerdctl [global options] command [command options] [arguments...]

VERSION:
   0.8.2.m

COMMANDS:
   run         Run a command in a new container
   exec        Run a command in a running container
   ps          List containers
   logs        Fetch the logs of a container. Currently, only containers created with `nerdctl run -d` are supported.
   port        List port mappings or a specific mapping for the container
   stop        Stop one or more running containers
   start       Start one or more running containers
   kill        Kill one or more running containers
   rm          Remove one or more containers
   pause       Pause all processes within one or more containers
   unpause     Unpause all processes within one or more containers
   commit      [flags] CONTAINER REPOSITORY[:TAG]
   wait        Block until one or more containers stop, then print their exit codes.
   build       Build an image from a Dockerfile. Needs buildkitd to be running.
   images      List images
   pull        Pull an image from a registry
   push        Push an image or a repository to a registry
   load        Load an image from a tar archive or STDIN
   save        Save one or more images to a tar archive (streamed to STDOUT by default)
   tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
   rmi         Remove one or more images
   events      Get real time events from the server
   info        Display system-wide information
   version     Show the nerdctl version information
   inspect     Return low-level information on objects. Currently, only supports container objects.
   login       Log in to a Docker registry
   logout      Log out from a Docker registry
   compose     Compose
   completion  Show shell completion
   help, h     Shows a list of commands or help for one command
   Management:
     container  Manage containers
     image      Manage images
     network    Manage networks
     volume     Manage volumes
     system     Manage containerd
     namespace  Manage containerd namespaces

启动containerd

systemctl start containerd
# systemctl status containerd
● containerd.service - containerd container runtime
   Loaded: loaded (/usr/local/lib/systemd/system/containerd.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-05-25 22:51:34 CST; 4s ago
     Docs: https://containerd.io
  Process: 1745 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
 Main PID: 1748 (containerd)
    Tasks: 7
   Memory: 20.7M
   CGroup: /system.slice/containerd.service
           └─1748 /usr/local/bin/containerd

设置开机启动

systemctl enable containerd

使用

下载nginx镜像

nerdctl pull nginx:alpine

运行nginx镜像

# nerdctl run -d --name nginx -p 80:80 nginx:alpine
# nerdctl ps
CONTAINER ID    IMAGE                             COMMAND                   CREATED               STATUS    PORTS                 NAMES
0857f7aed52a    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    About a minute ago    Up        0.0.0.0:80->80/tcp    nginx

访问浏览器: http://[服务器ip]:80 端口可看到nginx页面

如果nerdctl不习惯，可以设置别名为docker

# alias docker=nerdctl
# docker ps
CONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS    PORTS                 NAMES
0857f7aed52a    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    3 minutes ago    Up        0.0.0.0:80->80/tcp    nginx
[root@localhost ~]# 

docker compose支持

先删掉之前的容器

nerdctl rm -f nginx

准备docker compose的定义文件

# cat docker-compose.yml 
version: "3.5"
services:
  nginx:
    image: nginx:alpine
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
    ports:
       - "80:80"

启动

nerdctl compose up -d  
# nerdctl ps
CONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS    PORTS                 NAMES
fb12aff45422    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    8 seconds ago    Up        0.0.0.0:80->80/tcp    test_nginx_1