目录
1、帮助命令
2、镜像操作
1.拉取镜像
2.列出本地镜像
3.检测本地镜像
4.重新打标签
5.删除镜像
6.将镜像挂载到主机目录
7.将镜像从主机目录上卸载
8.将镜像导出为压缩包
9.从压缩包导入镜像
3、容器操作
1.创建容器
2.列出容器
3.查看容器详细配置
4.删除容器
4、任务
1.启动一个容器
2.查看正在运行的容器
3.进入到容器里面
4.暂停容器
5.恢复容器
6.杀死容器
7.删除task
8.取容器的内存、CPU 和 PID 的限额与使用量
9.查看容器中所有进程在宿主机中的 PID:
5、命名空间
1.查看命名空间
2.创建命名空间
3.删除命名空间
4.指定命名空间选项
注意
在导入镜像时遇到的报错问题处理方法
注意:ctr命令、crictl命令、nerctl命令
我们知道 Docker CLI 工具提供了需要增强用户体验的功能,containerd 同样也提供一个对应的 CLI 工具:ctr
,不过 ctr 的功能没有 docker 完善,但是关于镜像和容器的基本功能都是有的。接下来我们就先简单介绍下 ctr
的使用。
直接输入 ctr
命令即可获得所有相关的操作命令使用方式:
[root@containerd ~]#ctr
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...] #注意这个用法!
VERSION:
v1.5.5
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
[root@containerd ~]#
注意:如何查看command的命令选项呢?(直接回车或者加上-h都行)
[root@containerd ~]#ctr plugin
NAME:
ctr plugins - provides information about containerd plugins
USAGE:
ctr plugins command [command options] [arguments...]
COMMANDS:
list, ls lists containerd plugins
OPTIONS:
--help, -h show help
[root@containerd ~]#ctr plugin ls
拉取镜像可以使用 ctr image pull
来完成,比如拉取 Docker Hub 官方镜像 nginx:alpine
,需要注意的是镜像地址需要加上 docker.io
Host 地址:(这个需要注意下)
ctr i pull docker.io/library/nginx:alpine
ctr i pull --all-platforms docker.io/library/nginx:alpine #建议使用这个命令,否则后面import会报错
[root@containerd ~]#ctr i pull docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:af466e4f12e3abe41fcfb59ca0573a3a5c640573b389d5287207a49d1324abd8: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:61074acc7dd227cfbeaf719f9b5cdfb64711bc6b60b3865c7b886b7099c15d15: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:513f9a9d8748b25cdb0ec6f16b4523af7bba216a6bf0f43f70af75b4cf7cb780: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4dd4efe90939ab5711aaf5fcd9fd8feb34307bab48ba93030e8b845f8312ed8e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c1368e94e1ec563b31c3fb1fea02c9fbdc4c79a95e9ad0cac6df29c228ee2df3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3e72c40d0ff43c52c5cc37713b75053e8cb5baea8e137a784d480123814982a2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:969825a5ca61c8320c63ff9ce0e8b24b83442503d79c5940ba4e2f0bd9e34df8: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 13.9s total: 8.7 Mi (640.7 KiB/s)
unpacking linux/amd64 sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
done: 839.71453ms
#查看拉取到的镜像
[root@containerd ~]#ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 9.5 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#
也可以使用 --platform
选项指定对应平台的镜像。当然对应的也有推送镜像的命令 ctr image push
,如果是私有镜像则在推送的时候可以通过 --user
来自定义仓库的用户名和密码。
#查看拉取到的镜像
[root@containerd ~]#ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 9.5 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
#使用 `-q(--quiet)` 选项可以只打印镜像名称。
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#
[root@containerd ~]#ctr i check #主要查看其中的 `STATUS`,`complete` 表示镜像是完整可用的状态。
REF TYPE DIGEST STATUS SIZE UNPACKED
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3 complete (7/7) 9.5 MiB/9.5 MiB true
[root@containerd ~]#ctr i check -q
docker.io/library/nginx:alpine
[root@containerd ~]#
同样的我们也可以重新给指定的镜像打一个 Tag:
[root@containerd ~]#ctr i tag docker.io/library/nginx:alpine harbor.k8s.local/course/nginx:alpine
harbor.k8s.local/course/nginx:alpine
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
harbor.k8s.local/course/nginx:alpine
[root@containerd ~]#
不需要使用的镜像也可以使用 ctr image rm
进行删除:
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
harbor.k8s.local/course/nginx:alpine
[root@containerd ~]#ctr i rm harbor.k8s.local/course/nginx:alpine
harbor.k8s.local/course/nginx:alpine
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#
加上 --sync
选项可以同步删除镜像和所有相关的资源。 (疑问:这里所有相关的资源指的是什么??)
[root@containerd ~]#ctr i mount docker.io/library/nginx:alpine /mnt
sha256:5da2ba1075ada2783aada4fa30ec8cdd56a072759ea7c283de1c505b56ed0e70
/mnt
[root@containerd ~]#tree -L 1 /mnt/
/mnt/
├── bin
├── dev
├── docker-entrypoint.d
├── docker-entrypoint.sh
├── etc
├── home
├── lib
├── media
├── mnt
├── opt
├── proc
├── root
├── run
├── sbin
├── srv
├── sys
├── tmp
├── usr
└── var
18 directories, 1 file
[root@containerd ~]#
[root@containerd ~]#ctr i unmount /mnt
/mnt
[root@containerd ~]#
ctr image export --all-platforms nginx.tar.gz
或者
ctr image export --platform=linux/amd64 nginx.tar.gz #添加什么参数区别于当时在拉取的时候添加的是什么参数;
这里需要注意下:在使用export命令是需要添加--platform参数,否则会报错。
如下测试过程:
#查看export命令参数
[root@containerd ~]#ctr i export -h
NAME:
ctr images export - export images
USAGE:
ctr images export [command options] [flags] ...
DESCRIPTION:
Export images to an OCI tar archive.
Tar output is formatted as an OCI archive, a Docker manifest is provided for the platform.
Use '--skip-manifest-json' to avoid including the Docker manifest.json file.
Use '--platform' to define the output platform.
When '--all-platforms' is given all images in a manifest list must be available.
OPTIONS:
--skip-manifest-json do not add Docker compatible manifest.json to archive
--skip-non-distributable do not add non-distributable blobs such as Windows layers to archive
--platform value Pull content from a specific platform
--all-platforms exports content from all platforms
[root@containerd ~]#
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#ctr i export nginx.tar.gz docker.io/library/nginx:alpine #注意这里一定要加上--platform字段才可以,否则会报错
ctr: content digest sha256:c8ca916e00dd0c56c91a81100ca79b668196642492153498e5d77619ccb55f9a: not found
[root@containerd ~]#ctr image export --all-platforms nginx.tar.gz docker.io/library/nginx:alpine #加上--all-platforms参数也会报错的
ctr: content digest sha256:826624c15f5e49e591d80f3e0c696f92a2d5967b989017572fe241edac294a2a: not found
[root@containerd ~]#ctr image export --platform=linux/amd64 nginx.tar.gz #加上--platform=linux/amd64就没有报错了……
docker.io/library/nginx:alpine
[root@containerd ~]#ll -h
total 131M
-rw-r--r-- 1 root root 122M Jul 30 01:16 cri-containerd-cni-1.5.5-linux-amd64.tar.gz
-rw-r--r-- 1 root root 9.6M Oct 24 11:29 nginx.tar.gz
[root@containerd ~]#
[root@containerd ~]#ctr i import nginx.tar.gz
ctr: content digest sha256:c8ca916e00dd0c56c91a81100ca79b668196642492153498e5d77619ccb55f9a: not found
[root@containerd ~]#
直接导入可能会出现类似于 ctr: content digest sha256:xxxxxx not found
的错误,要解决这个办法需要 pull 所有平台镜像:
解决办法如下:
➜ ~ ctr i pull --all-platforms docker.io/library/nginx:alpine
➜ ~ ctr i export --all-platforms nginx.tar.gz docker.io/library/nginx:alpine
➜ ~ ctr i rm docker.io/library/nginx:alpine
➜ ~ ctr i import nginx.tar.gz
测试过程如下:
“=>测试成功,有效果! 这个是在拉取、导出的时候都加了这个--all-platforms参数了,后面再使用import命令导入时就没报错了; 那应该是在拉取/导出都一般建议加上--platform=linux/amd64才行了,经测试,还是不行,必须要加上--all-paltforms;。。。
常见的cpu架构: linux/amd linux/arm linux/386 linux/ppc64le linux/s390x;
”
#测试1 -all-platforms参数 =>测试成功!
[root@containerd ~]#ctr i ls -q
[root@containerd ~]#ctr i pull --all-platforms docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:9a5737495f65a20ba47a51777a8a62e6624b80718f2dc3fae474204e13a7e84d: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:1eae607e3ae6e25635d84d9d77477d175c760a04b6a14bc959a6e5681ee8d9e3: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:fa27d916cd6d3f1af3059dfb02cc5ce2a148728c7834f0ca16f5cca72851ba3e: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:af466e4f12e3abe41fcfb59ca0573a3a5c640573b389d5287207a49d1324abd8: done |++++++++++++++++++++++++++++++++++++++|
……
layer-sha256:51e249e97c0f2774e0cddc52b690c7ba43e390c6435b5a9f9720ecd322475f89: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:d054f694df8acb81d335f71957611be009908c6f82c698ab0202b847452b8d3d: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:cae4aab78dd0f7d3bf32ccf5bee5fcc68eaadc9dc6b3c638dc150a592753464e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:31b7e7ccca9e17fd08b39c9a4ffd3ded380b62816c489d6c3758c9bb5a632430: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:78dc23c8e094badc973f6de7a898c92e45402fbede9c0c6f5d0ad093431d54e5: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:92558b0d876a60f4d90ba21b551071c84d03dbb3b534ffd73f9c86842814dc7e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f7f841035be926c8de3cbd1a5c5734f5e15ff7606e9d995cfa246a95fef5b0ca: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ffc8cae1e0f917be25d70d24fe1eb2172515c29385af29d993551f2af4dbd59c: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 38.7s total: 65.2 M (1.7 MiB/s)
unpacking linux/amd64 sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
unpacking linux/arm/v6 sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
unpacking linux/arm/v7 sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
unpacking linux/arm64/v8 sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
unpacking linux/386 sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
unpacking linux/ppc64le sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
unpacking linux/s390x sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
done: 5.731487623s
[root@containerd ~]#ctr i export --all-platforms nginx.tar.gz docker.io/library/nginx:alpine
[root@containerd ~]#ll -h
total 187M
-rw-r--r-- 1 root root 122M Jul 30 01:16 cri-containerd-cni-1.5.5-linux-amd64.tar.gz
-rw-r--r-- 1 root root 66M Oct 24 11:39 nginx.tar.gz
[root@containerd ~]#ctr i import nginx.tar.gz
unpacking docker.io/library/nginx:alpine (sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3)...done
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#
#测试2:--platform=linux/amd64参数 =>测试失败
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#ctr i rm docker.io/library/nginx:alpine
docker.io/library/nginx:alpine
[root@containerd ~]#ctr i ls -q
[root@containerd ~]#
[root@containerd ~]#
[root@containerd ~]#ctr i pull --platform=linux/amd64 docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:af466e4f12e3abe41fcfb59ca0573a3a5c640573b389d5287207a49d1324abd8: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:61074acc7dd227cfbeaf719f9b5cdfb64711bc6b60b3865c7b886b7099c15d15: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:513f9a9d8748b25cdb0ec6f16b4523af7bba216a6bf0f43f70af75b4cf7cb780: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4dd4efe90939ab5711aaf5fcd9fd8feb34307bab48ba93030e8b845f8312ed8e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c1368e94e1ec563b31c3fb1fea02c9fbdc4c79a95e9ad0cac6df29c228ee2df3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3e72c40d0ff43c52c5cc37713b75053e8cb5baea8e137a784d480123814982a2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:969825a5ca61c8320c63ff9ce0e8b24b83442503d79c5940ba4e2f0bd9e34df8: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 20.3s total: 8.8 Mi (445.4 KiB/s)
unpacking linux/amd64 sha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c3...
done: 17.093491ms
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#
[root@containerd ~]#
[root@containerd ~]#rm -rf nginx.tar.gz
[root@containerd ~]#ll -h
total 122M
-rw-r--r-- 1 root root 122M Jul 30 01:16 cri-containerd-cni-1.5.5-linux-amd64.tar.gz
[root@containerd ~]#ctr i export --platform=linux/amd64 nginx.tar.gz docker.io/library/nginx:alpine
[root@containerd ~]#ll -h
total 131M
-rw-r--r-- 1 root root 122M Jul 30 01:16 cri-containerd-cni-1.5.5-linux-amd64.tar.gz
-rw-r--r-- 1 root root 9.6M Oct 24 11:47 nginx.tar.gz
[root@containerd ~]#
[root@containerd ~]#ctr i import nginx.tar.gz
ctr: content digest sha256:c8ca916e00dd0c56c91a81100ca79b668196642492153498e5d77619ccb55f9a: not found
[root@containerd ~]#ctr i import --platform=linux/amd64 nginx.tar.gz
Incorrect Usage: flag provided but not defined: -platform
NAME:
ctr images import - import images
USAGE:
ctr images import [command options] [flags]
DESCRIPTION:
Import images from a tar stream.
Implemented formats:
- oci.v1
- docker.v1.1
- docker.v1.2
For OCI v1, you may need to specify --base-name because an OCI archive may
contain only partial image references (tags without the base image name).
If no base image name is provided, a name will be generated as "import-%{yyyy-MM-dd}".
e.g.
$ ctr images import --base-name foo/bar foobar.tar
If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadbeef", the command will create
"foo/bar:latest" and "foo/bar@sha256:deadbeef" images in the containerd store.
OPTIONS:
--base-name value base image name for added images, when provided only images with this name prefix are imported
--digests whether to create digest images (default: false)
--index-name value image name to keep index as, by default index is discarded
--all-platforms imports content for all platforms, false by default
--no-unpack skip unpacking the images, false by default
--compress-blobs compress uncompressed blobs when creating manifest (Docker format only)
--snapshotter value snapshotter name. Empty value stands for the default value. [$CONTAINERD_SNAPSHOTTER]
ctr: flag provided but not defined: -platform
[root@containerd ~]#ctr i import --all-platforms nginx.tar.gz
ctr: content digest sha256:826624c15f5e49e591d80f3e0c696f92a2d5967b989017572fe241edac294a2a: not found
[root@containerd ~]#
“结论:
经测试: 01、在拉取镜像、导出镜像时,都加上--all-platforms 时,最后在用ctr i import nginx.tar.gz就不会报错了; 02、在拉取镜像、导出镜像时,都加上--platform=linux/amd64时,最后在用ctr i import nginx.tar.gz时依然报错; 03、在拉起镜像时不添加任何--platform参数,最后在用ctr i import nginx.tar.gz也会报错;
很无语,那么最后再拉取任何镜像时都要加上--all-platforms参数了吗,那就加上呗,要不以后再使用import时会报错;
”
容器相关操作可以通过 ctr container
获取。
[root@containerd ~]#ctr c create docker.io/library/nginx:alpine nginx
[root@containerd ~]#ctr c ls
CONTAINER IMAGE RUNTIME
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
[root@containerd ~]#ctr c ls -q #同样可以加上 `-q` 选项精简列表内容:
nginx
[root@containerd ~]#
类似于 docker inspect
功能。
[root@containerd ~]#ctr c info nginx
{
"ID": "nginx",
"Labels": {
"io.containerd.image.config.stop-signal": "SIGQUIT"
},
"Image": "docker.io/library/nginx:alpine",
"Runtime": {
"Name": "io.containerd.runc.v2",
"Options": {
"type_url": "containerd.runc.v1.Options"
}
},
"SnapshotKey": "nginx",
……
[root@containerd ~]#ctr c ls
CONTAINER IMAGE RUNTIME
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
[root@containerd ~]#ctr c rm nginx
[root@containerd ~]#ctr c ls
CONTAINER IMAGE RUNTIME
[root@containerd ~]#
除了使用 rm
子命令之外也可以使用 delete
或者 del
删除容器。
[root@containerd ~]#ctr c
NAME:
ctr containers - manage containers
USAGE:
ctr containers command [command options] [arguments...]
COMMANDS:
create create container
delete, del, rm delete one or more existing containers #注意
info get info about a container
list, ls list containers
label set and clear labels for a container
checkpoint checkpoint a container
restore restore a container from checkpoint
OPTIONS:
--help, -h show help
[root@containerd ~]#
上面我们通过 container create
命令创建的容器,并没有处于运行状态,只是一个静态的容器(仅仅只是一个创建容器的声明)。一个 container 对象只是包含了运行一个容器所需的资源及相关配置数据,表示 namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程还没有启动。
一个容器真正运行起来是由 Task 任务实现的,Task 可以为容器设置网卡,还可以配置工具来对容器进行监控等。
Task 相关操作可以通过 ctr task
获取,如下我们通过 Task 来启动容器:
[root@containerd ~]#ctr task start -d nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
[root@containerd ~]#
启动容器后可以通过 task ls
查看正在运行的容器:
[root@containerd ~]#ctr task ls
TASK PID STATUS
nginx 24458 RUNNING
[root@containerd ~]#ctr task ls -q
nginx
[root@containerd ~]#
同样也可以使用 exec
命令进入容器进行操作:
[root@containerd ~]#ctr task exec --exec-id 0 -t nginx sh
/ # ls
bin media srv
dev mnt sys
docker-entrypoint.d opt tmp
docker-entrypoint.sh proc usr
etc root var
home run
lib sbin
/ # ps
PID USER TIME COMMAND
1 root 0:00 nginx: master process nginx -g daemon off;
32 nginx 0:00 nginx: worker process
33 nginx 0:00 nginx: worker process
34 root 0:00 sh
41 root 0:00 ps
/ #
不过这里需要注意必须要指定 --exec-id
参数,这个 id 可以随便写,只要唯一就行。
暂停容器,和 docker pause
类似的功能:
[root@containerd ~]#ctr task pause nginx
暂停后容器状态变成了 PAUSED
:
[root@containerd ~]#ctr task ls
TASK PID STATUS
nginx 24458 PAUSED
[root@containerd ~]#
同样也可以使用 resume
命令来恢复容器:
[root@containerd ~]#ctr t resume nginx #resume 继续,重新开始
[root@containerd ~]#ctr task ls
TASK PID STATUS
nginx 24458 RUNNING
[root@containerd ~]#
不过需要注意 ctr 没有 stop 容器的功能,只能暂停或者杀死容器。**杀死容器可以使用 task kill
命令:
[root@containerd ~]#ctr t kill nginx
[root@containerd ~]#ctr task ls
TASK PID STATUS
nginx 24458 STOPPED
[root@containerd ~]#
杀掉容器后可以看到容器的状态变成了 STOPPED
。同样也可以通过 task rm
命令删除 Task:
[root@containerd ~]#ctr t rm nginx
[root@containerd ~]#ctr task ls
TASK PID STATUS
[root@containerd ~]#
问题:处于正在runnning的Task可以被删除吗?
测试过程:
[root@containerd ~]#ctr c ls
CONTAINER IMAGE RUNTIME
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
[root@containerd ~]#ctr t start -d nginx
[root@containerd ~]#ctr t ls
TASK PID STATUS
nginx 24713 RUNNING
[root@containerd ~]#ctr t rm nginx
ERRO[0000] unable to delete nginx error="task must be stopped before deletion: running: failed precondition"
ctr: task must be stopped before deletion: running: failed precondition
[root@containerd ~]#
[root@containerd ~]## 由以上测试可以知道,要想删除一个正在运行的Task,必须先kill掉这个task,然后才能删除task,否则会报错;
[root@containerd ~]#ctr t kill nginx
[root@containerd ~]#ctr t rm nginx
[root@containerd ~]#ctr t ls
TASK PID STATUS
[root@containerd ~]#
“结论:由以上测试可以知道,要想删除一个正在运行的Task,必须先kill掉这个task,然后才能删除。
”
除此之外我们还可以获取容器的 cgroup 相关信息,可以使用 task metrics
命令用来获取容器的内存、CPU 和 PID 的限额与使用量。
[root@containerd ~]#ctr t metrics nginx
ID TIMESTAMP
nginx 2021-10-24 05:54:38.74392351 +0000 UTC
METRIC VALUE
memory.usage_in_bytes 1986560
memory.limit_in_bytes 9223372036854771712
memory.stat.cache 16384
cpuacct.usage 63033641
cpuacct.usage_percpu [17342796 45690845]
pids.current 3
pids.limit 0
[root@containerd ~]#
还可以使用 task ps
命令查看容器中所有进程在宿主机中的 PID:
[root@containerd ~]#ctr t ls
TASK PID STATUS
nginx 24841 RUNNING
[root@containerd ~]#ctr t ps nginx
PID INFO
24841 -
24873 -
24874 -
[root@containerd ~]#ps -ef|grep nginx
root 24822 1 0 13:54 ? 00:00:00 /usr/local/bin/containerd-shim-runc-v2 -namespace default -id nginx -address /run/containerd/containerd.sock
root 24841 24822 0 13:54 ? 00:00:00 nginx: master process nginx -g daemon off;
101 24873 24841 0 13:54 ? 00:00:00 nginx: worker process
101 24874 24841 0 13:54 ? 00:00:00 nginx: worker process
root 24917 24303 0 13:56 pts/0 00:00:00 grep --color=auto nginx
[root@containerd ~]#
其中第一个 PID 24841
就是我们容器中的1号进程。
另外 Containerd 中也支持命名空间的概念,比如查看命名空间:
[root@containerd ~]#ctr ns ls
NAME LABELS
default
[root@containerd ~]#
如果不指定,ctr 默认使用的是 default
空间。同样也可以使用 ns create
命令创建一个命名空间:
[root@containerd ~]#ctr ns create test
[root@containerd ~]#ctr ns ls
NAME LABELS
default
test
[root@containerd ~]#
使用 remove
或者 rm
可以删除 namespace:
[root@containerd ~]#ctr ns ls
NAME LABELS
default
test
[root@containerd ~]#ctr ns rm test #删除命名空间
test
[root@containerd ~]#ctr ns ls
NAME LABELS
default
[root@containerd ~]#
有了命名空间后就可以在操作资源的时候指定 namespace,比如查看 test 命名空间的镜像,可以在操作命令后面加上 -n test
选项:
[root@containerd ~]#ctr i ls -q
docker.io/library/nginx:alpine
[root@containerd ~]#ctr -n test i ls -q
[root@containerd ~]#
注意:
我们知道 Docker 其实也是默认调用的 containerd,事实上 Docker 使用的 containerd 下面的命名空间默认是 moby
,而不是 default
,所以假如我们有用 docker 启动容器,那么我们也可以通过 ctr -n moby
来定位下面的容器:
[root@containerd ~]#ctr -n moby c ls
CONTAINER IMAGE RUNTIME
[root@containerd ~]#
同样 Kubernetes 下使用的 containerd 默认命名空间是 k8s.io
,所以我们可以使用 ctr -n k8s.io
来查看 Kubernetes 下面创建的容器。
[root@containerd ~]#ctr -n k8s.io c ls
CONTAINER IMAGE RUNTIME
[root@containerd ~]#
注意:这3者之间的ns是不同的,要区分开。
直接导入可能会出现类似于 ctr: content digest sha256:xxxxxx not found
的错误,要解决这个办法需要 pull 所有平台镜像:
解决办法如下:
➜ ~ ctr i pull --all-platforms docker.io/library/nginx:alpine
➜ ~ ctr i export --all-platforms nginx.tar.gz docker.io/library/nginx:alpine
➜ ~ ctr i rm docker.io/library/nginx:alpine
➜ ~ ctr i import nginx.tar.gz
“结论:
经测试: 01、在拉取镜像、导出镜像时,都加上--all-platforms 时,最后在用ctr i import nginx.tar.gz就不会报错了; 02、在拉取镜像、导出镜像时,都加上--platform=linux/amd64时,最后在用ctr i import nginx.tar.gz时依然报错; 03、在拉起镜像时不添加任何--platform参数,最后在用ctr i import nginx.tar.gz也会报错;
很无语,那么最后再拉取任何镜像时都要加上--all-platforms参数了吗,那就加上呗,要不以后再使用import时会报错;
”
[root@containerd ~]#crictl version #这个crictl命令可以在k8s里查看一些pod信息
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: v1.5.7
RuntimeApiVersion: v1alpha2
[root@containerd ~]#
containerd客户端CLI:
ctr:这个很难用; #目前就是用ctr命令就可以可,相当于docker,但比docker难用的很多。
nerctl:这个很高级的;