nerdctl 基于 containerd 兼容 docker CLI

#nerdctl 安装：
# nerdctl插件下载地址：https://github.com/containerd/nerdctl/releases/
# 上传nerdctl安装包
tar -zxvf nerdctl-1.7.6-linux-amd64.tar.gz -C /usr/local/bin/

# 查看版本
nerdctl -v


# nerdctl命令补全
yum install bash-completion -y

vim /etc/profile
source <(nerdctl completion bash)
source /etc/profile

cat << 'EOF' > /usr/local/bin/docker
#!/bin/bash
/usr/local/bin/nerdctl $@
EOF
chmod +x /usr/local/bin/docker


# 生成自动补全文件
# nerdctl completion bash > /etc/bash_completion.d/nerdctl
# nerdctl completion bash > /etc/bash_completion.d/docker

# 下载文件 https://github.com/moby/buildkit
# 上传安装包
# 创建解压的目录
mkdir -p /usr/local/buildkit

# 解压到指定的目录
tar -xf buildkit-v0.13.2.linux-amd64.tar.gz -C /usr/local/buildkit

# 查看解压的目录
yum -y install tree
tree /usr/local/buildkit

# 修改PATH环境变量
# 注意这里的echo 要使用单引号，单引号会原样输出，双引号会解析变量
echo 'export PATH=/usr/local/buildkit/bin:$PATH' >> /etc/profile
cat /etc/profile

# 使刚才配置生效
source /etc/profile

# 创建buildkitd自启动服务
cat > /etc/systemd/system/buildkitd.service << 'EOF'
[Unit]
Documentation=https://github.com/moby/buildkit
Description=buildkitd
After=network.target

[Service]
ExecStart=/usr/local/buildkit/bin/buildkitd --oci-worker=false --containerd-worker=true

[Install]
WantedBy=multi-user.target
EOF
# 重新加载Unit file
systemctl daemon-reload
# 启动服务
systemctl start buildkitd
# 开机自启动
systemctl enable buildkitd

[root@k146 rke2]# nerdctl -h
nerdctl is a command line interface for containerd

Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml

Usage: nerdctl [flags]

Management commands:
  apparmor   Manage AppArmor profiles
  builder    Manage builds
  container  Manage containers
  image      Manage images
  ipfs       Distributing images on IPFS
  namespace  Manage containerd namespaces
  network    Manage networks
  system     Manage containerd
  volume     Manage volumes

Commands:
  attach      Attach stdin, stdout, and stderr to a running container.
  build       Build an image from a Dockerfile. Needs buildkitd to be running.
  commit      Create a new image from a container's changes
  completion  Generate the autocompletion script for the specified shell
  compose     Compose
  cp          Copy files/folders between a running container and the local filesystem.
  create      Create a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  help        Help about any command
  history     Show the history of an image
  images      List images
  info        Display system-wide information
  inspect     Return low-level information on objects.
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a container registry
  logout      Log out from a container registry
  logs        Fetch the logs of a container. Expected to be used with 'nerdctl run -d'.
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image from a registry. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
  push        Push an image or a repository to a registry. Optionally specify "ipfs://" or "ipns://" scheme to push image to IPFS.
  rename      rename a container
  restart     Restart one or more running containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  start       Start one or more running containers
  stats       Display a live stream of container(s) resource usage statistics.
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update one or more running containers
  version     Show the nerdctl version information
  wait        Block until one or more containers stop, then print their exit codes.

Flags:
  -H, --H string                 Alias of --address (default "/run/containerd/containerd.sock")
  -a, --a string                 Alias of --address (default "/run/containerd/containerd.sock")
      --address string           containerd address, optionally with "unix://" prefix [$CONTAINERD_ADDRESS] (default "/run/containerd/containerd.sock")
      --cgroup-manager string    Cgroup manager to use ("cgroupfs"|"systemd") (default "cgroupfs")
      --cni-netconfpath string   cni config directory [$NETCONFPATH] (default "/etc/cni/net.d")
      --cni-path string          cni plugins binary directory [$CNI_PATH] (default "/opt/cni/bin")
      --data-root string         Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default "/var/lib/nerdctl")
      --debug                    debug mode
      --debug-full               debug mode (with full output)
      --experimental             Control experimental: https://github.com/containerd/nerdctl/blob/main/docs/experimental.md [$NERDCTL_EXPERIMENTAL] (default true)
  -h, --help                     help for nerdctl
      --host string              Alias of --address (default "/run/containerd/containerd.sock")
      --host-gateway-ip string   IP address that the special 'host-gateway' string in --add-host resolves to. Defaults to the IP address of the host. It has no effect without setting --add-host [$NERDCTL_HOST_GATEWAY_IP] (default "192.168.111.146")
      --hosts-dir strings        A directory that contains <HOST:PORT>/hosts.toml (containerd style) or <HOST:PORT>/{ca.cert, cert.pem, key.pem} (docker style) (default [/etc/containerd/certs.d,/etc/docker/certs.d])
      --insecure-registry        skips verifying HTTPS certs, and allows falling back to plain HTTP
  -n, --n string                 Alias of --namespace (default "default")
      --namespace string         containerd namespace, such as "moby" for Docker, "k8s.io" for Kubernetes [$CONTAINERD_NAMESPACE] (default "default")
      --snapshotter string       containerd snapshotter [$CONTAINERD_SNAPSHOTTER] (default "overlayfs")
      --storage-driver string    Alias of --snapshotter (default "overlayfs")
  -v, --version                  version for nerdctl

Run 'nerdctl COMMAND --help' for more information on a command.

#nerdctl run :创建容器
nerdctl run -d -p 80:80 --name=nginx --restart=always nginx

#nerdctl exec :进入容器
nerdctl exec -it nginx /bin/sh

#nerdctl ps :列出容器
nerdctl ps -a
nerdctl -n k8s.io ps -a
#nerdctl inspect :获取容器的详细信息 
nerdctl inspect nginx

#nerdctl logs :获取容器日志
nerdctl logs -f nginx

#nerdctl stop :停止容器
nerdctl stop nginx

#nerdctl rm :删除容器
nerdctl rm -f nginx
nerdctl rmi -f <IMAGE ID>

#nerdctl images：镜像列表
nerdctl images
nerdctl -n=k8s.io images
nerdctl -n=k8s.io images | grep -v '<none>'

#nerdctl pull :拉取镜像
nerdctl pull nginx
nerdctl -n k8s.io pull nginx
#使用 nerdctl login --username xxx --password xxx 进行登录，使用 nerdctl logout 可以注销退出登录
nerdctl login
nerdctl logout

#nerdctl tag :镜像标签
nerdctl tag nginx:latest harbor.k8s/image/nginx:latest

#nerdctl push :推送镜像
nerdctl push harbor.k8s/image/nginx:latest
nerdctl -n k8s.io push harbor.k8s/image/nginx:latest
#nerdctl save :导出镜像
nerdctl save -o busybox.tar.gz busybox:latest

#nerdctl load :导入镜像
nerdctl load -i busybox.tar.gz

#nerdctl rmi :删除镜像
nerdctl rmi busybox

#nerdctl build :从Dockerfile构建镜像
nerdctl build -t centos:v1.0 -f centos.dockerfile .