当前位置：首页 > news >正文

【containerd】Containerd高阶命令行工具nerdctl

news 2025/11/10 9:31:21

前言

对于习惯了使用docker cli的用户来说，containerd的命令行工具ctr使用起来不是很顺手，此时别慌，还有另外一个命令行工具项目nerdctl可供我们选择。 nerdctl是一个与docker cli风格兼容的containerd的cli工具。 nerdctl已经作为子项目加入了containerd项目，它的github地址是https://github.com/containerd/nerdctl，而且从最近的nerdctl 0.8开始，nerdctl直接兼容了docker compose的语法(不包含swarm)，这很大提高了直接将containerd作为本地开发、测试和单机容器部署使用的体验。本来k8s后续将不再支持dockershim，docker在k8s社区的地位急剧下降，现在单机直接使用containerd易用性也不断被完善，也许docker的辉煌已经远去了。

实际上nerdctl compose实现的是Compose Specification规范，这个规范是从自Docker Compose file version 3 specification规范发展而来的。

安装nerdctl

本章节在上一章节的基础下进行，containerd都已安装并启动完成。nerdctl下载链接：https://github.com/containerd/nerdctl/releases/tag/v1.7.6
nerdctl 官方发布包含两个安装版本：

Minimal：仅包含 nerdctl 二进制文件及 rootless 模式下的辅助安装脚本；
Full：全量包，其中包含了 Containerd、CNI、runc、BuildKit 等完整组件。

如下：
在这里插入图片描述

下载nerdctl

注意：安装 nerdctl-full 版本集成了 containerd 。由于我之前虽然安装了containerd，但是没有安装其他插件如CNI、BuildKit 等。我还是选择了安装nerdctl-full版本

[root@kube-master ~]# wget https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-full-1.7.6-linux-amd64.tar.gz

解压安装

[root@kube-master ~]# tar -xvf v1.7.6/nerdctl-full-1.7.6-linux-amd64.tar.gz -C /usr/local

验证查看

[root@kube-master ~]# ctr version
Client:Version:  v1.7.18Revision: ae71819c4f5e67bb4d5ae76a6b735f29cc25774eGo version: go1.21.11Server:Version:  1.6.33Revision: d2d58213f83a351ca8f528a95fbd145f5654e957UUID: 2bf0456c-c052-4d37-83b7-3d58cf632b91
WARNING: version mismatch
WARNING: revision mismatch
[root@kube-master ~]# nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH 
Client:Version:       v1.7.6OS/Arch:       linux/amd64Git commit:    845e989f69d25b420ae325fedc8e70186243fd93buildctl:Version:Server:containerd:Version:      1.6.33GitCommit:    d2d58213f83a351ca8f528a95fbd145f5654e957runc:Version:      1.1.12GitCommit:    v1.1.12-0-g51d5e946

nerdctl使用

nerdctl 是 containerd 的命令行界面的工具。nerdctl 兼容 docker ，如果会使用 docker-cli 就等于掌握了 nerdctl 80% 的使用方法。nerdctl 不但兼容docker-cli 甚至还兼容了 docker-compose的功能点。

更名docker

甚至可以直接将nerdctl更名为 docker，注意如果服务器本身安装了docker需要注意到底使用的哪个目录的。

[root@kube-master ~]# cat << 'EOF' > /usr/local/bin/docker
> #!/bin/bash
> /usr/local/bin/nerdctl $@
> EOF
[root@kube-master ~]# chmod +x /usr/local/bin/docker

nerdctl bash自动补全

[root@kube-master ~]# yum install bash-completion -y
[root@kube-master ~]# nerdctl completion bash > /etc/bash_completion.d/nerdctl
[root@kube-master ~]# source /etc/bash_completion.d/nerdctl

上面补全的是 nerdctl 的命令，而当 nerdctl 重命名 docker 后，没有 docker 的自动补全。

添加 docker 别名的自动补全：
生成自动补全文件

[root@kube-master ~]#nerdctl completion bash > /etc/bash_completion.d/docker

生效

[root@kube-master ~]# source /etc/bash_completion.d/nerdctl
[root@kube-master ~]# source /etc/bash_completion.d/docker

测试
输入 docker image + 两下 tab

[root@kube-master ~]# nerdctl image
image   (Manage images)  images  (List images)

安装常用插件

安装docker常用扩展插件
[root@kube-master ~]# docker run -it registry.cn-beijing.aliyuncs.com/k7scn/tools bash
Unable to find image 'registry.cn-beijing.aliyuncs.com/k7scn/tools:latest' locally
latest: Pulling from k7scn/tools
88ecf269dec3: Pull complete 
7e3e2c929b89: Pull complete 
dedb8fce9b84: Pull complete 
Digest: sha256:71442d19f1f35271a66de5c9d1f869c61946b25b991544b99b1de3cc2a9129c3
Status: Downloaded newer image for registry.cn-beijing.aliyuncs.com/k7scn/tools:latest
bash-5.2# 
bash-5.2# ls
bin      dev      etc      home     lib      media    mnt      opt      pkg.tgz  proc     root     run      sbin     srv      sys      tmp      usr      var
bash-5.2# mkdir /sysdir
bash-5.2# tar xf pkg.tgz -C /sysdir/
bash-5.2# cd /sysdir/
bash-5.2# ls
cclear          ctop            docker-compose  ergoget         iclear          kdtoken         upgrade-tools
crictl          din             dps             helminit        kbtoken         scope

可以看到有很多常用的命令，下面我们通过一条命令直接拷贝到本地。

[root@kube-master cni]# nerdctl run --rm -v /usr/local/bin:/sysdir registry.cn-beijing.aliyuncs.com/k7scn/tools tar zxf /pkg.tgz -C /sysdir
FATA[0000] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2024-06-20T14:32:18+08:00" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): incompatible CNI versions; config is \"1.0.0\", plugin supports [\"0.1.0\" \"0.2.0\" \"0.3.0\" \"0.3.1\"]"
Failed to write to log, write /var/lib/nerdctl/1935db59/containers/default/4cb2dd96d087592d4b69a09e3c992e52e3bbb90c226df698887eedd015565095/oci-hook.createRuntime.log: file already closed: unknown

可以看到在拷贝过程中出现了问题，在网上找了一下资料解决。如下：

# 下载包
[root@kube-master ~]# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
# 备份一下驱动
[root@kube-master ~]# mv /opt/cni/bin /opt/cni/bin.bak
# 解压到指定目录
[root@kube-master ~]# tar -zxvf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin        
#然后再次执行拷贝
[root@kube-master ~]# nerdctl run --rm -v /usr/local/bin:/sysdir registry.cn-beijing.aliyuncs.com/k7scn/tools tar zxf /pkg.tgz -C /sysdir

执行完成后，就已经拷贝到 /usr/local/bin 目录下。

镜像管理

查看镜像

[root@kube-master cni]# nerdctl images
REPOSITORY                                      TAG       IMAGE ID        CREATED        PLATFORM       SIZE        BLOB SIZE
registry.cn-beijing.aliyuncs.com/k7scn/tools    latest    71442d19f1f3    3 hours ago    linux/amd64    55.4 MiB    45.7 MiB
[root@kube-master cni]# 
或者
[root@kube-master cni]# nerdctl image ls
REPOSITORY                                      TAG       IMAGE ID        CREATED        PLATFORM       SIZE        BLOB SIZE
registry.cn-beijing.aliyuncs.com/k7scn/tools    latest    71442d19f1f3    3 hours ago    linux/amd64    55.4 MiB    45.7 MiB

下载镜像

[root@kube-master cni]# nerdctl pull nginx:alpine
WARN[0000] skipping verifying HTTPS certs for "docker.io" 
docker.io/library/nginx:alpine:                                                   resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:eb05700fe7baa6890b74278e39b66b2ed1326831f9ec3ed4bdc6361a4ac2f333:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:544ba2bfe312bf2b13278495347bb9381ec342e630bcc8929af124f1291784bb: done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:cc44224bfe208a46fbc45471e8f9416f66b75d6307573e29634e7f42e27a9268:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:40e5d2fe5bcd566dbde3e961f33ced0f1503fc6ee320a427b185a07afe2f96ae:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:f3322597df46099a66ed5773c10a9d1cb587faca7be14ceba985e3d1fbfdbc36:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:d09cf91cabdcf5f64672598b8e4da9b0b7d8546e83ec49633bdd92abb994ba61:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:3a97535ac2efcf94ab3e5f93a6ec4d934469de66909f17ba1229f86ee660970a:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:919ade35f869e23d663ea51fdf2e99aa183239a73b4b4780e052c8b248ed5b7e:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 20.9s                                                                    total:  9.7 Mi (475.7 KiB/s)                                     
[root@kube-master cni]# nerdctl images
REPOSITORY                                      TAG       IMAGE ID        CREATED           PLATFORM       SIZE        BLOB SIZE
nginx                                           alpine    eb05700fe7ba    13 seconds ago    linux/amd64    26.4 MiB    9.7 MiB
registry.cn-beijing.aliyuncs.com/k7scn/tools    latest    71442d19f1f3    3 hours ago       linux/amd64    55.4 MiB    45.7 MiB

查看镜像详细信息

[root@kube-master ~]# nerdctl inspect nginx:alpine

构建镜像

[root@kube-master ~]# cd /tmp/
[root@kube-master tmp]# cat > /tmp/Dockerfile <<EOF
FROM ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
RUN echo "hello world!" > /usr/share/nginx/html/index.html
EOF[root@kube-master tmp]# nerdctl build -t mynginx:v1 /tmp
ERRO[0000] `buildctl` needs to be installed and `buildkitd` needs to be running, see https://github.com/moby/buildkit  error="failed to ping to host unix:///run/buildkit-default/buildkitd.sock: exit status 1\nfailed to ping to host unix:///run/buildkit/buildkitd.sock: exit status 1"
FATA[0000] no buildkit host is available, tried 2 candidates: failed to ping to host unix:///run/buildkit-default/buildkitd.sock: exit status 1
failed to ping to host unix:///run/buildkit/buildkitd.sock: exit status 1

当构建镜像时，出现如上报错信息，是因为 buildkit.service 服务没有启动，下面先添加启动文件，然后启动服务：

#添加buildkit.service文件
[root@kube-master tmp]# vim /usr/lib/systemd/system/buildkit.service
[Unit]
Description=BuildKit
Requires=buildkit.socket
After=buildkit.socket
Documentation=https://github.com/moby/buildkit[Service]
Type=notify
ExecStart=/usr/local/bin/buildkitd --addr fd://[Install]
WantedBy=multi-user.target#添加buildkit.socket文件
[root@kube-master tmp]# vim /usr/lib/systemd/system/buildkit.socket
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit[Socket]
ListenStream=%t/buildkit/buildkitd.sock
SocketMode=0660[Install]
WantedBy=sockets.target#启动服务
[root@kube-master tmp]# systemctl enable buildkit.service ; systemctl start buildkit.service
Created symlink from /etc/systemd/system/multi-user.target.wants/buildkit.service to /usr/local/lib/systemd/system/buildkit.service.

BuildKit 是由 docker 公司开发的下一代 docker build 工具，具有更高效、更安全、易于扩展等特点。BuildKit 是由 buildkitd 守护程序和 buildctl 客户端组成。

buildkitd 作为服务端，连接容器运行时，目前支持 runc 和 containerd 作为镜像构建环境，默认是 runc
buildctl 作为客户端，负责解析 Dockerfile 文件，并向 buildkitd 发出构建请求。由于命令复杂，使用 nerdctl 替代
再次进行构建

[root@kube-master tmp]# nerdctl  build -t mynginx:v1 /tmp/ 
[+] Building 17.8s (6/6) FINISHED                                                                                                                      => [internal] load build definition from Dockerfile                                                                                              0.0s=> => transferring dockerfile: 154B                                                                                                              0.0s=> [internal] load metadata for ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest                                                            15.6s=> [internal] load .dockerignore                                                                                                                 0.0s=> => transferring context: 2B                                                                                                                   0.0s=> [1/2] FROM ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31       0.0s=> => resolve ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31       0.0s=> CACHED [2/2] RUN echo "hello world!" > /usr/share/nginx/html/index.html                                                                       0.0s=> exporting to docker image format                                                                                                              2.1s=> => exporting layers                                                                                                                           0.0s=> => exporting manifest sha256:786482a9a8cfc283cf2aa577c6428968660afc2a8fd334d37d9a4b06b80f0888                                                 0.0s=> => exporting config sha256:c3bc6d0ebbe5d11f803b6b783f69c494e22a17bcedafb74bbf9876052f57ff46                                                   0.0s=> => sending tarball                                                                                                                            2.1s
unpacking docker.io/library/mynginx:v1 (sha256:786482a9a8cfc283cf2aa577c6428968660afc2a8fd334d37d9a4b06b80f0888)...
Loaded image: docker.io/library/mynginx:v1

查看镜像

[root@kube-master tmp]# nerdctl  images
REPOSITORY                                       TAG       IMAGE ID        CREATED              PLATFORM       SIZE         BLOB SIZE
mynginx                                          v1        786482a9a8cf    About an hour ago    linux/amd64    149.1 MiB    54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx    latest    0d17b565c37b    About an hour ago    linux/amd64    149.1 MiB

注意：
nerdctl 构建的机制和 docker 是完全不同的。

docker 首先会检查本地是否有 Dockerfile 中 FROM 的镜像。如果有，直接使用。没有则通过网络下载镜像;
nerdctl 会根据 Dockerfile FROM参数指定镜像的域名去网上找这个镜像，找到后确认和本地同名镜像校验无误之后，才会使用本地的镜像构建新镜像。

举例：
通过tag 打标一个不存在域名的镜像

[root@kube-master tmp]# nerdctl tag ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest margu.com/library/nginx:latest
#查看镜像
[root@kube-master tmp]# nerdctl  images
REPOSITORY                                       TAG       IMAGE ID        CREATED              PLATFORM       SIZE         BLOB SIZE
mynginx                                          v1        786482a9a8cf    About an hour ago    linux/amd64    149.1 MiB    54.1 MiB
margu.com/library/nginx                          latest    0d17b565c37b    3 seconds ago        linux/amd64    149.1 MiB    54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx    latest    0d17b565c37b    About an hour ago    linux/amd64    149.1 MiB    54.1 MiB

通过margu.com/library/nginx:latest构建新镜像

[root@kube-master tmp]# cat > /tmp/Dockerfile <<EOF
FROM umargu.com/library/nginx:latest
RUN echo "hello world!" > /usr/share/nginx/html/index.html
EOF[root@kube-master tmp]# nerdctl  build -t mynginx:v2 /tmp/ 
[+] Building 12.1s (2/2) FINISHED                                                                                                                      => [internal] load build definition from Dockerfile                                                                                              0.0s=> => transferring dockerfile: 132B                                                                                                              0.0s=> ERROR [internal] load metadata for margu.com/library/nginx:latest                                                                            12.1s
------> [internal] load metadata for margu.com/library/nginx:latest:
------
Dockerfile:1
--------------------1 | >>> FROM margu.com/library/nginx:latest2 |     RUN echo "hello world!" > /usr/share/nginx/html/index.html3 |     
--------------------
error: failed to solve: margu.com/library/nginx:latest: failed to do request: Head "https://margu.com/v2/library/nginx/manifests/latest": dial tcp 5.161.180.74:443: connect: connection refused
FATA[0012] no image was built

构建时，直接就抛出了错误信息，这里要非常注意！

镜像标签TAG

[root@kube-master tmp]# nerdctl tag ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest margu.com/library/nginx:latest
[root@kube-master tmp]# nerdctl  images
REPOSITORY                                       TAG       IMAGE ID        CREATED              PLATFORM       SIZE         BLOB SIZE
mynginx                                          v1        786482a9a8cf    About an hour ago    linux/amd64    149.1 MiB    54.1 MiB
margu.com/library/nginx                          latest    0d17b565c37b    6 seconds ago        linux/amd64    149.1 MiB    54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx    latest    0d17b565c37b    About an hour ago    linux/amd64    149.1 MiB    54.1 MiB

删除镜像

[root@kube-master tmp]# nerdctl  rmi margu.com/library/nginx:latest
Untagged: margu.com/library/nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f
Deleted: sha256:e379e8aedd4d72bb4c529a4ca07a4e4d230b5a1d3f7a61bc80179e8f02421ad8
Deleted: sha256:b8d6e692a25e11b0d32c5c3dd544b71b1085ddc1fddad08e68cbd7fda7f70221
Deleted: sha256:f1db227348d0a5e0b99b15a096d930d1a69db7474a1847acbc31f05e4ef8df8c
Deleted: sha256:32ce5f6a5106cc637d09a98289782edf47c32cb082dc475dd47cbf19a4f866da
Deleted: sha256:d874fd2bc83bb3322b566df739681fbd2248c58d3369cb25908d68e7ed6040a6
[root@kube-master tmp]# nerdctl  images
REPOSITORY                                       TAG       IMAGE ID        CREATED              PLATFORM       SIZE         BLOB SIZE
mynginx                                          v1        786482a9a8cf    About an hour ago    linux/amd64    149.1 MiB    54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx    latest    0d17b565c37b    About an hour ago    linux/amd64    149.1 MiB    54.1 MiB

导出镜像

#导出，不压缩
[root@kube-master tmp]# nerdctl save mynginx:v1 -o mynginx-1.tar
#导出且压缩
[root@kube-master tmp]# nerdctl save mynginx:v1|gzip  >mynginx-2.tar#比较两者大小，镜像太小大小差别不明显。越大的镜像越压缩后越明显
[root@kube-master tmp]# ll -h mynginx-*
-rw-r--r-- 1 root root 55M Jun 24 11:21 mynginx-1.tar
-rw-r--r-- 1 root root 54M Jun 24 11:22 mynginx-2.tar

导入镜像

[root@kube-master tmp]# nerdctl load <  mynginx-1.tar 
unpacking docker.io/library/mynginx:v1 (sha256:786482a9a8cfc283cf2aa577c6428968660afc2a8fd334d37d9a4b06b80f0888)...
Loaded image: mynginx:v1
#或
[root@kube-master tmp]# nerdctl load -i mynginx-1.tar

通过上面的展示，基本和docker无差别，其他镜像管理的功能不再赘述。

网络

在安装 nerdctl-full-1.7.6-linux-amd64.tar.gz 时，网络插件也安装了。主要文件在/etc/cni 目录。

[root@kube-master ~]# ll /etc/cni/*
total 8
-rw-r--r--. 1 root root 292 Apr 23  2020 10-flannel.conflist
-rw-r--r--  1 root root 860 Jun 20 14:32 nerdctl-bridge.conflist

查看网络

[root@kube-master ~]# nerdctl network ls
NETWORK ID      NAME      FILEcbr0      /etc/cni/net.d/10-flannel.conflist
17f29b073143    bridge    /etc/cni/net.d/nerdctl-bridge.conflisthost      none

创建桥接网络

[root@kube-master ~]# nerdctl network create -d bridge --subnet 10.244.0.0/16 mynet
11c844f95e2862126712e209cd3acbc68c137931c639633da9dfc17b3a464bde
[root@kube-master ~]# nerdctl network ls
NETWORK ID      NAME      FILEcbr0      /etc/cni/net.d/10-flannel.conflist
17f29b073143    bridge    /etc/cni/net.d/nerdctl-bridge.conflist
11c844f95e28    mynet     /etc/cni/net.d/nerdctl-mynet.conflisthost      none                      #查看创建的网络的配置文件                
[root@kube-master ~]# cat /etc/cni/net.d/nerdctl-mynet.conflist
{"cniVersion": "1.0.0","name": "mynet","nerdctlID": "11c844f95e2862126712e209cd3acbc68c137931c639633da9dfc17b3a464bde","nerdctlLabels": {},"plugins": [{"type": "bridge","bridge": "br-11c844f95e28","isGateway": true,"ipMasq": true,"hairpinMode": true,"ipam": {"ranges": [[{"gateway": "10.244.0.1","subnet": "10.244.0.0/16"}]],"routes": [{"dst": "0.0.0.0/0"}],"type": "host-local"}},{"type": "portmap","capabilities": {"portMappings": true}},{"type": "firewall","ingressPolicy": "same-bridge"},{"type": "tuning"}

nerdctl 所使用的网络及模式和 docker 完全一致，可以参考博客docker相关章节。

容器管理

nerdctl 和 dockerc-cli 类似，nerdctl 出现的原因之一就是为了兼容 docker-cli，所以用法一致，这里只列举几个，其他使用请直接参考 docker-cli

启动容器

[root@kube-master ~]# nerdctl run --name ngx -d -p 80:80  ustc-edu-cn.mirror.aliyuncs.com/library/nginx
b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5#启动容器并指定特定网络(使用宿主机网络直接启动容器)
[root@kube-master ~]# nerdctl run --name ngx1 --net host -d   ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
20e071e36a5e8dab24be68baa6c40d74adda1a9c6f75bdc03210135d57b8ff0e

查看容器

[root@kube-master ~]# nerdctl  ps
CONTAINER ID    IMAGE                                                   COMMAND                   CREATED           STATUS    PORTS                 NAMES
20e071e36a5e    ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest    "/docker-entrypoint.…"    14 seconds ago    Up                              ngx1 
b42999d7549b    ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest    "/docker-entrypoint.…"    2 minutes ago     Up        0.0.0.0:80->80/tcp    ngx#查看所有容器
[root@kube-master ~]# nerdctl ps -a
CONTAINER ID    IMAGE                             COMMAND                   CREATED               STATUS                         PORTS                 NAMES
0c671d5ac3f1    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    About a minute ago    Up                             0.0.0.0:80->80/tcp    ngx
5ff17a6ba473    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    19 seconds ago        Exited (137) 14 seconds ago    0.0.0.0:80->80/tcp    ngx-1#查看容器详细信息
[root@kube-master ~]# nerdctl inspect  ngx
[{"Id": "b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5","Created": "2024-06-24T03:38:51.736767639Z","Path": "/docker-entrypoint.sh","Args": ["nginx","-g","daemon off;"],"State": {"Status": "running","Running": true,"Paused": false,"Restarting": false,"Pid": 31207,"ExitCode": 0,"Error": "","FinishedAt": "0001-01-01T00:00:00Z"},"Image": "ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest","ResolvConfPath": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5/resolv.conf","HostnamePath": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5/hostname","LogPath": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5-json.log","Name": "ngx","RestartCount": 0,"Driver": "overlayfs","Platform": "linux","AppArmorProfile": "","Mounts": null,"Config": {"Hostname": "b42999d7549b","AttachStdin": false,"Labels": {"io.containerd.image.config.stop-signal": "SIGQUIT","nerdctl/extraHosts": "null","nerdctl/hostname": "b42999d7549b","nerdctl/log-uri": "binary:///usr/local/bin/nerdctl?_NERDCTL_INTERNAL_LOGGING=%2Fvar%2Flib%2Fnerdctl%2F1935db59","nerdctl/name": "ngx","nerdctl/namespace": "default","nerdctl/networks": "[\"bridge\"]","nerdctl/platform": "linux/amd64","nerdctl/ports": "[{\"HostPort\":80,\"ContainerPort\":80,\"Protocol\":\"tcp\",\"HostIP\":\"0.0.0.0\"}]","nerdctl/state-dir": "/var/lib/nerdctl/1935db59/containers/default/b42999d7549bff53767152a364d14438360b7a2751b8b89be9872c199ed121c5"}},"NetworkSettings": {"Ports": {"80/tcp": [{"HostIp": "0.0.0.0","HostPort": "80"}]},"GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"IPAddress": "10.4.0.5","IPPrefixLen": 24,"MacAddress": "b2:0f:dc:0d:9d:8a","Networks": {"unknown-eth0": {"IPAddress": "10.4.0.5","IPPrefixLen": 24,"GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "b2:0f:dc:0d:9d:8a"}}}}
]

删除容器

1.stop 容器
2.删除容器
或者
强制删除容器

[root@kube-master ~]# nerdctl stop ngx
ngx
[root@kube-master ~]# nerdctl rm  ngx
ngx
[root@kube-master ~]# nerdctl rm  ngx1
FATA[0000] 1 errors:
container 20e071e36a5e8dab24be68baa6c40d74adda1a9c6f75bdc03210135d57b8ff0e is in running status. unpause/stop container first or force removal 
[root@kube-master ~]# nerdctl rm  ngx1 -f 
ngx1

运行docker-compose

nerdctl 直接兼容了 docker-compose 。
docker-compose 配置清单文件

[root@kube-master ~]# cat > docker-compose.yml << EOF
version: "3.7"
services:ngx:container_name: "ngx"image: ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latestrestart: alwaysnetworks:- test_netports:- 80:80networks:test_net:name: test_netdriver: bridgeipam:config:- subnet: "172.100.0.0/16"
EOF

通过docker-compose 启动

[root@kube-master ~]# nerdctl compose up -d
INFO[0000] Creating network test_net                    
INFO[0000] Creating network root_default                
INFO[0000] Ensuring image ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest 
INFO[0000] Creating container ngx

查看启动

[root@kube-master ~]# nerdctl compose ps
NAME    IMAGE                                                   COMMAND                   SERVICE    STATUS     PORTS
ngx     ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest    "/docker-entrypoint.…"    ngx        running    0.0.0.0:80->80/tcp

停止并删除

[root@kube-master ~]# nerdctl compose down
INFO[0000] Removing container ngx                       
INFO[0000] Removing network root_default                
INFO[0000] Removing network test_net                    
[root@kube-master ~]# nerdctl compose ps
NAME    IMAGE    COMMAND    SERVICE    STATUS    PORTS

更多关于containerd的知识分享，请前往博客主页。编写过程中，难免出现差错，敬请指出

前言

安装nerdctl

下载nerdctl

解压安装

验证查看

nerdctl使用

更名docker

nerdctl bash自动补全

安装常用插件

镜像管理

查看镜像

下载镜像

查看镜像详细信息

构建镜像

镜像标签TAG

删除镜像

导出镜像

导入镜像

网络

查看网络

创建桥接网络

容器管理

查看容器

删除容器

运行docker-compose

相关文章：