指令描述
containerd 提供了一个对应的 CLI (Command Line Interface) 工具:ctr,不过 ctr 的功能没有 docker 完善,但是关于镜像和容器的基本功能都是有的。接下来我们就先简单介绍下 ctr 的使用。
指令使用简介
镜像操作
拉取镜像
ctr 拉取镜像指令为 ctr image pull,以下使用 docker 镜像举例,需要添加 docker.io 前缀。
myserver@peag-k8s-master:~$ sudo ctr image pull docker.io/library/nginx:alpine
[sudo] password for myserver:
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:a59278fd22a9d411121e190b8cec8aa57b306aa3332459197777583beb728f59: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:2d2a2257c6e9d2e5b50d4fbeb436d8d2b55631c2a89935a425b417eb95212686: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:d4735778d47c0be8db66c446904aa2ba47f3e7509c0c9c3985ecb3b96bb7179f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:fe117667dcd024947ead1f25ad99a5e522efcf3b7dbd0752b6fb5e73feffb407: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:8695c106552e600555fefc1bc2b299b420c52583bbf537e6c0468bc7821a3f7b: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:fed54a1dc458a7f591fa1c986669998655ad54d260d53691c8ef4841185883d4: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:dffa16519b51a7abc6df8837b2ceffb699eedd09394ecfeff363ae5321cb7ad2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9e50a0e580b1e5240c8bf21f791b11fb7a8f3c04249f5db56f1bc72f2fa73929: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:529b5644c430c06553d2e8082c6713fe19a4169c9dc2369cbb960081f52924ff: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c926b61bad3b94ae7351bafd0c184c159ebf0643b085f7ef1d47ecdc7316833c: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:5ddd532e9cec09472cd07e594cb6dce78c43ba5248310263f8f766c74b9fb6ae: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 10.6s total: 1.8 Mi (175.2 KiB/s)
unpacking linux/amd64 sha256:a59278fd22a9d411121e190b8cec8aa57b306aa3332459197777583beb728f59...
done: 4.486552061s
罗列本地镜像
指令:ctr image ls
myserver@peag-k8s-master:~$ sudo ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.oci.image.index.v1+json sha256:a59278fd22a9d411121e190b8cec8aa57b306aa3332459197777583beb728f59 17.1 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -
检测本地镜像
指令:ctr image check, 主要查看其中的 STATUS,complete 表示镜像是完整可用的状态。
myserver@peag-k8s-master:~$ sudo ctr image check
REF TYPE DIGEST STATUS SIZE UNPACKED
docker.io/library/nginx:alpine application/vnd.oci.image.index.v1+json sha256:a59278fd22a9d411121e190b8cec8aa57b306aa3332459197777583beb728f59 complete (9/9) 17.1 MiB/17.1 MiB true
重新打标签
指令:ctr image tag
myserver@peag-k8s-master:~$ sudo ctr image tag docker.io/library/nginx:alpine repo.private.com/nginx:alpine
repo.private.com/nginx:alpine
myserver@peag-k8s-master:~$ sudo ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.oci.image.index.v1+json sha256:a59278fd22a9d411121e190b8cec8aa57b306aa3332459197777583beb728f59 17.1 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -
repo.private.com/nginx:alpine application/vnd.oci.image.index.v1+json sha256:a59278fd22a9d411121e190b8cec8aa57b306aa3332459197777583beb728f59 17.1 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -
删除镜像
指令:ctr image rm
myserver@peag-k8s-master:~$ sudo ctr image rm docker.io/library/nginx:alpine
docker.io/library/nginx:alpine
myserver@peag-k8s-master:~$ sudo ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
repo.private.com/nginx:alpine application/vnd.oci.image.index.v1+json sha256:a59278fd22a9d411121e190b8cec8aa57b306aa3332459197777583beb728f59 17.1 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -
Note: 加上
--sync选项可以同步删除镜像和所有相关的资源。
挂载镜像
指令:ctr image mount
myserver@peag-k8s-master:~$ sudo ctr image mount repo.private.com/nginx:alpine /mnt
sha256:a1f0d11a2ca8044b4b8939726f846b2d27953ffa11a13d995e45dd3cb4608d1d
/mnt
myserver@peag-k8s-master:~$ ls /mnt/
bin dev docker-entrypoint.d docker-entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var
卸载镜像
指令:ctr image unmount
myserver@peag-k8s-master:~$ sudo ctr image unmount /mnt
/mnt
myserver@peag-k8s-master:~$ ls /mnt/
容器操作
创建容器
指令:ctr container create
myserver@peag-k8s-master:~$ sudo ctr container create docker.io/library/nginx:alpine nginx
罗列容器
指令:ctr container ls
myserver@peag-k8s-master:~$ sudo ctr container ls
CONTAINER IMAGE RUNTIME
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
查看容器内容
指令:ctr container info
myserver@peag-k8s-master:~$ sudo ctr container info nginx
{
"ID": "nginx",
"Labels": {
"io.containerd.image.config.stop-signal": "SIGQUIT",
"maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e"
},
"Image": "docker.io/library/nginx:alpine",
"Runtime": {
"Name": "io.containerd.runc.v2",
"Options": {
"type_url": "containerd.runc.v1.Options"
}
},
"SnapshotKey": "nginx",
"Snapshotter": "overlayfs",
......
"readonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
}
}
}
删除容器
指令:ctr container rm
myserver@peag-k8s-master:~$ sudo ctr container rm nginx
myserver@peag-k8s-master:~$ sudo ctr container ls
CONTAINER IMAGE RUNTIME
任务
上面我们通过 container create 命令创建的容器,并没有处于运行状态,只是一个静态的容器。一个 container 对象只是包含了运行一个容器所需的资源及相关配置数据,表示 namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程还没有启动。
一个容器真正运行起来是由 Task 任务实现的,Task 可以为容器设置网卡,还可以配置工具来对容器进行监控等。
Task 相关操作可以通过 ctr task 获取,如下我们通过 Task 来启动容器
启动容器
指令:ctr task start
myserver@peag-k8s-master:~$ sudo ctr task start -d nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
罗列容器
指令:ctr task ls
myserver@peag-k8s-master:~$ sudo ctr task ls
TASK PID STATUS
nginx 143313 RUNNING
进入容器操作
指令:ctr task exec
myserver@peag-k8s-master:~$ sudo ctr task exec --exec-id 0 -t nginx sh
/ # ls
bin docker-entrypoint.d etc lib mnt proc run srv tmp var
dev docker-entrypoint.sh home media opt root sbin sys usr
/ # exit
Note:
- 这里需要注意必须要指定
--exec-id参数,这个id可以随便写,只要唯一就行。- 使用
exit指令退出
暂停容器
指令:ctr task pause
myserver@peag-k8s-master:~$ sudo ctr task pause nginx
myserver@peag-k8s-master:~$ sudo ctr task ls
TASK PID STATUS
nginx 143313 PAUSED
恢复容器
指令:ctr task resume
myserver@peag-k8s-master:~$ sudo ctr task resume nginx
myserver@peag-k8s-master:~$ sudo ctr task ls
TASK PID STATUS
nginx 143313 RUNNING
杀死容器
指令:ctr task kill
myserver@peag-k8s-master:~$ sudo ctr task kill nginx
myserver@peag-k8s-master:~$ sudo ctr task ls
TASK PID STATUS
nginx 143313 STOPPED
删除任务
指令:ctr task rm
myserver@peag-k8s-master:~$ sudo ctr task rm nginx
myserver@peag-k8s-master:~$ sudo ctr task ls
TASK PID STATUS
查看容器 cgroup 信息
指令:ctr task metrics
myserver@peag-k8s-master:~$ sudo ctr task metrics nginx
ID TIMESTAMP
nginx 2024-01-17 07:29:43.917425824 +0000 UTC
METRIC VALUE
pids.current 3
pids.limit 18446744073709551615
cpu.usage_usec 42557
cpu.user_usec 25534
cpu.system_usec 17022
cpu.nr_periods 0
cpu.nr_throttled 0
cpu.throttled_usec 0
memory.usage 2998272
memory.usage_limit 18446744073709551615
memory.swap_usage 0
memory.swap_limit 18446744073709551615
查看容器进程ID
指令:ctr task ps ,使用命令查看容器中所有进程在宿主机中的 PID
myserver@peag-k8s-master:~$ sudo ctr task ps nginx
PID INFO
143697 -
143724 -
143725 -
myserver@peag-k8s-master:~$ sudo ctr task ls
TASK PID STATUS
nginx 143697 RUNNING
其中第一个
PID 143697就是我们容器中的1号进程
命名空间
查看命名空间
指令:ctr ns ls
myserver@peag-k8s-master:~$ sudo ctr ns ls
NAME LABELS
default
Note: 如果不指定,
ctr默认使用的是default空间
创建命名空间
指令: ctr ns create
myserver@peag-k8s-master:~$ sudo ctr ns ls
NAME LABELS
default
nginx
删除命名空间
指令:ctr ns rm
myserver@peag-k8s-master:~$ sudo ctr ns rm nginx
nginx
myserver@peag-k8s-master:~$ sudo ctr ns ls
NAME LABELS
default
在指令中指定命名空间
指令:ctr -n
myserver@peag-k8s-master:~$ sudo ctr -n default task ls
TASK PID STATUS
nginx 143697 RUNNING
Note:
docker默认的命名空间是moby,k8s默认的明明空间是k8s.io
帮助文档
myserver@peag-k8s-master:~$ ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.6.27
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
deprecations
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version