Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to use nerdctl". In daily operation, I believe many people have doubts about how to use nerdctl. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to use nerdctl". Next, please follow the editor to study!

Shortcomings of existing CLI

Although Containerd can do anything Docker can do now, Containerd has a very obvious flaw: CLI is not friendly enough. It can't start a container with a simple command like Docker and Podman, and neither of its two CLI tools, ctr and crictl, can implement such a very simple requirement that most people need. I can't deploy a Kubernetes cluster to test the container locally, can I?

The design of ctr is not very human-friendly, for example, it lacks the following functions similar to Docker:

Docker run-p

Docker run-restart=always

Pull the image through the credential file ~ / .docker/config.json

Docker logs

In addition, there is a CLI tool called crictl, which is as unfriendly as ctr.

To address this pain point, Containerd officially launched a new CLI called nerdctl. The experience of using nerdctl is as smooth as docker, for example:

→ nerdctl run-d-p 8080 name=nginx 80-- name=nginx-- restart=always nginxnerdctl is just a copy of docker?

The goal of nerdctl is not simply to copy the functions of docker, it also implements many functions that docker does not have, such as delayed pull image (lazy-pulling), image encryption (imgcrypt) and so on.

For the delay pull image feature, please refer to this article: Containerd uses Stargz Snapshotter delay to pull the image.

Although these capabilities are expected to eventually be implemented in Docker, it may take months or even years, as Docker's current design uses only a small number of Containerd subsystems. In the future, it is possible for Docker to ReFactor the code to use the full Containerd, but so far no real progress has been seen. So the Containerd community decided to create a new CLI to use Containerd more amicably.

Nerdctl trial

You can download the latest executable from nerdctl's release, and there are two distributions available for each version:

Nerdctl--linux-amd64.tar.gz: contains only nerdctl.

Nerdctl-full--linux-amd64.tar.gz: contains nerdctl and related dependent components (containerd, runc, CNI, … ).

If you have already installed Containerd, you only need to select the previous release, otherwise you will choose the full version.

Once nerdctl is installed, you can use nerdctl to run the container:

→ nerdctl run-d-p 80:80-- name=nginx-- restart=always nginx:alpinedocker.io/library/nginx:alpine: resolved | + + | index-sha256:d33e9e24389d7d8b90fe2bcc2dd1bc09b4d235e916ba9d5d9a71cf52e340edb6: done | + + | manifest-sha256:c1f4e1974241c3f9ddb2866b2bf8e7afbceaa42dae82aabda5e946d03f054ed2: done | + + | config-sha256:bfad9487e175364fd6315426feeee34bf5e6f516d2fe6a4e9b592315e330828e: done | + + | layer-sha256:29d3f97df6fd99736a0676f9e57e53dfa412cf60b26d95008df9da8197f1f366: done | + + | layer-sha256:9aae54b2144e5b2b00c610f8805128f4f86822e1e52d3714c463744a431f0f4a : done | + + | layer-sha256:a5f0adaddd5456b7c5a3753ab541b5fad750f0a6499a15f63571b964eb3e2616: done | + + | layer-sha256:5df810e1c460527fe400cdd2cab62228f5fb3da0f2dce86a6a6c354972f19b6e: done | + + | layer-sha256:345aee38d3533398e0eb7118e4323a8970f7615136f2170dfb2b0278bbd9099d: done | + + | layer-sha256:e6a4c36d7c0e358e5fc02ccdac645b18b85dcfec09d4fb5f8cbdc187ce9467a0: done | + + | elapsed: 5.7s total: 9.4Mi (1.6MiB/s) 27b55e0b18b10c4c8f34e3ba709614e7b1760a75db061d2ce5183e8b1101ce09

View the created container:

→ nerdctl psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES3b5faa266a43 docker.io/library/nginx:alpine "/ docker-entrypoint." 3 minutes ago Up 0.0.0.0 80-> 80/tcp nginx

Like Docker, Containerd has a subcommand network:

? → nerdctl network lsNETWORK ID NAME FILE0 bridge k8s-pod-network / etc/cni/net.d/10-calico.conflist host none

Take a look at the default bridge configuration:

→ nerdctl network inspect bridge [{"CNI": {"cniVersion": "0.4.0", "name": "bridge", "nerdctlID": 0, "plugins": [{"type": "bridge", "bridge": "nerdctl0" "isGateway": true, "ipMasq": true, "hairpinMode": true, "ipam": {"type": "host-local" "routes": [{"dst": "0.0.0.0max 0"}] "ranges": [{"subnet": "10.4.0.0Univer 24" "gateway": "10.4.0.1"}]}}, {"type": "portmap" "capabilities": {"portMappings": true}}, {"type": "firewall"} {"type": "tuning"}]}, "NerdctlID": 0}]

You can see that CNI is still running behind the network subcommand, which is different from the docker network subcommand.

Build an image

Nerdctl can also be used in conjunction with buildkit to build a container image. You need to download the executable file of buildkit:

→ wget https://github.com/moby/buildkit/releases/download/v0.8.2/buildkit-v0.8.2.darwin-amd64.tar.gz

Extract it into $PATH:

→ tar-C / usr/local/-zxvf buildkit-v0.8.2.linux-amd64.tar.gz

Write a systemd unit file:

# / etc/systemd/system/buildkit.service [Unit] Description=BuildKitDocumentation= https://github.com/moby/buildkit[Service]ExecStart=/usr/local/bin/buildkitd-- oci-worker=false-- containerd-worker=true [Install] WantedBy=multi-user.target

Enable buildkit.service and set the boot autorun:

→ systemctl enable-- now buildkit.service

Let's take the KubeSphere project as an example to show how to use nerdctl to build an image.

First, clone the official KubeSphere repository:

→ git clone-- depth=1 https://github.com.cnpmjs.org/kubesphere/kubesphere.git

Go to the warehouse directory and compile the binaries:

? → cd kubesphere???? → make ks-apiserver

Copy the binaries to the Dockerfile directory:

? → cp bin/cmd/ks-apiserver build/ks-apiserver

Enter the Dockerfile directory and modify Dockerfile:

# Copyright 2020 The KubeSphere Authors. All rights reserved.# Use of this source code is governed by an Apache license# that can be found in the LICENSE file.FROM alpine:3.11ARG HELM_VERSION=v3.5.2RUN apk add-- no-cache ca-certificates# install helmRUN wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz & &\ tar xvf helm-$ {HELM_VERSION}-linux-amd64.tar.gz & &\ rm helm-$ {HELM_VERSION}-linux -amd64.tar.gz & &\ mv linux-amd64/helm / usr/bin/ & &\ rm-rf linux-amd64# To speed up building process We copy binary directly from make# result instead of building it again, so make sure you run the# following command first before building docker image# make ks-apiserver#COPY ks-apiserver / usr/local/bin/EXPOSE 9090CMD ["sh"]

Build an image:

→ cd build/ks-apiserver???? → nerdctl build-t ks-apiserver. [+] Building 22.6s (9 Universe 9) FINISHED = > [internal] load build definition from Dockerfile 0.0s = > transferring dockerfile: 812B 0.0s = > [internal] load .dockerboards 0.0s = > > transferring context: 2B 0.0s = > [internal] load metadata for docker.io/library/alpine:3.11 1.0s = > [1max 4] FROM docker.io/library/alpine:3.11@sha256:bf5fa774f08a9ed2cb301e522b769d43d48124315a4ec50eae3228d03b9dc558 7.9s = > = > resolve docker.io/library/alpine:3.11@sha256:bf5fa774f08a9ed2cb301e522b769d43d48124315a4ec50eae3228d03b9dc558 0.0s = > = > sha256:9b794450f7b6db7c944ba1f4161edb68cb535052fe7db8ac06e613516c4a658d 2.10MB / 2.82MB 21.4s = > > extracting sha256:9b794450f7b6db7c944ba1f4161edb68cb535052fe7db8ac06e613516c4a658d 0.1s = > [internal] load build context 1.0s = > = > transferring context: 115.87MB 1.0s = > [2pm 4] RUN apk add-- no-cache ca-certificates 2.7s = > [3gamma 4] RUN wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz & & tar xvf helm-v3.5.2-linux-amd64.tar .gz & & rm helm-v3.5.2-linux-amd64.tar.gz & & mv linux-amd64 4.7s = > [4 + 4] COPY ks-apiserver / usr/local/bin/ 0. 2s = > exporting to oci image format 5.9s = > = > exporting layers 4.6s = > = > exporting manifest sha256:d7eb2a90496678d11ac5c363b7743ffe2b8e23e7071b94556a5e3231f50f5a6e 0.0s = > = > exporting config sha256:8eb6a5187ce958e76c8d37e18221d88f25b48dd7e6672021d0fce21bb071f284 0.0s = > = > sending tarball 1.3sunpacking docker.io/ Library/ks-apiserver:latest (sha256:d7eb2a90496678d11ac5c363b7743ffe2b8e23e7071b94556a5e3231f50f5a6e)... doneunpacking overlayfs@sha256:d7eb2a90496678d11ac5c363b7743ffe2b8e23e7071b94556a5e3231f50f5a6e (sha256:d7eb2a90496678d11ac5c363b7743ffe2b8e23e7071b94556a5e3231f50f5a6e)... done

View the built image:

→ nerdctl imagesREPOSITORY TAG IMAGE ID CREATED SIZEalpine 3.11 bf5fa774f08a 3 seconds ago 2.7 MiBks-apiserver latest d7eb2a904966 6 minutes ago 57.7 MiB here The study on "how to use nerdctl" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.