nertctl使用了解
测试了几个容器,似乎未对k8s的containerd产生影响,都能访问
#### sealos 创建containerd集群
sealos run registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.29.9 registry.cn-shanghai.aliyuncs.com/labring/helm:v3.9.4 registry.cn-shanghai.aliyuncs.com/labring/cilium:v1.13.4 --single#### sealos 创建docker集群
sealos run registry.cn-shanghai.aliyuncs.com/labring/kubernetes-docker:v1.28.0 registry.cn-shanghai.aliyuncs.com/labring/helm:v3.9.4 registry.cn-shanghai.aliyuncs.com/labring/cilium:v1.13.4 --singleroot@admin:~/nerdctl# kubectl get node
NAME STATUS ROLES AGE VERSION
byd Ready control-plane 1h v1.29.9
#拉倒指定命名空间里,container加速代理未调试成功
root@admin:~# ctr -n k8s.io images pull --user cn-south-1@...8 swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9
root@admin:~# ctr -n k8s.io images ls
~# cat redis.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: redis-deployment
spec:replicas: 1selector:matchLabels:app: redistemplate:metadata:labels:app: redisspec:containers:- name: redis-containerimagePullPolicy: IfNotPresentimage: swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9ports:- containerPort: 6379resources:limits:memory: "128Mi"cpu: "200m"---
apiVersion: v1
kind: Service
metadata:name: redis-service
spec:selector:app: redistype: NodePortports:- name: httpport: 6379targetPort: 6379nodePort: 30079root@admin:~# kubectl apply -f redis.yaml #测试服务是否可用
root@admin:~/nerdctl# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-deployment-65d75b7b66-rtcsb 1/1 Running 0 11m
安装nertctl
################ nertctl
root@admin:~# NERDCTL_VERSION=$(curl -s https://api.github.com/repos/containerd/nerdctl/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
root@admin:~# echo $NERDCTL_VERSION
2.1.3
root@admin:~# wget https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-amd64.tar.gzhttps://github.com/containerd/nerdctl/releases/download/v2.1.3/nerdctl-2.1.3-linux-amd64.tar.gzroot@admin:~/nerdctl# ./nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
swr.cn-south-1.myhuaweicloud.com/dddup/redis 6.0.9 94fb31b76518 16 minutes ago linux/amd64 114.4MB 38.23MBroot@admin:~/nerdctl# ./nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESroot@admin:~/nerdctl# ./nerdctl run -d --name redis6349 -p 6379:6379 swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9
FATA[0000] failed to verify networking settings: failed to create default network: needs CNI plugin "bridge" to be installed in CNI_PATH ("/opt/cni/bin"), see https://github.com/containernetworking/plugins/releases: exec: "/opt/cni/bin/bridge": stat /opt/cni/bin/bridge: no such file or directory安装网络插件
# 创建目录(如果不存在)
mkdir -p /opt/cni/bin# 下载并解压 CNI 插件
wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz
tar -C /opt/cni/bin -xzf cni-plugins-linux-amd64-v1.3.0.tgzroot@admin:~# ls /etc/cni/net.d/
05-cilium.conf default # k8s默认创建的,先不管
root@admin:~/nerdctl# cat /etc/cni/net.d/05-cilium.conf
{"cniVersion": "0.3.1","name": "cilium","type": "cilium-cni","enable-debug": false,"log-file": "/var/run/cilium/cilium-cni.log"
}# 创建 nerdctl 的 CNI 配置目录
mkdir -p /etc/cni/net.d# 复制 Kubernetes 的 CNI 配置文件(通常由 Flannel/Calico 等创建)
cp /etc/cni/net.d/05-cilium.conf /etc/cni/net.d/nerdctl.conflist # 这似乎没用用到root@admin:~/nerdctl# vim /etc/cni/net.d/nerdctl.conflist # 改名字
{"cniVersion": "0.3.1","name": "cilium-nertctl",# k8s使用的名字是cilium"type": "cilium-cni","enable-debug": false,"log-file": "/var/run/cilium/cilium-cni-nertctl.log"# k8s使用的名字是cilium
}
root@admin:~/nerdctl# ./nerdctl run -d --name redis6379 -p 6379:6379 swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9
c3af9125384cb01120fc00e5fd737010863587b11668f4f291d401d874963102
root@admin:~/nerdctl# ./nerdctl inspect redis6379|grep -i address"address": "/run/containerd/containerd.sock""nerdctl/log-config": "{\"driver\":\"json-file\",\"address\":\"/run/containerd/containerd.sock\"}","GlobalIPv6Address": "","IPAddress": "10.4.0.3","MacAddress": "3e:54:89:65:4c:cf","IPAddress": "10.4.0.3","GlobalIPv6Address": "","MacAddress": "3e:54:89:65:4c:cf"root@admin:~/nerdctl# cat /etc/cni/net.d/nerdctl-bridge.conflist # 这似乎是自动创建的
{"cniVersion": "1.0.0","name": "bridge","nerdctlID": "17f29b073143d8cd97b5bbe492bdeffec1c5fee55cc1fe2112c8b9335f8b6121","nerdctlLabels": {"nerdctl/default-network": "true"},"plugins": [{"type": "bridge","bridge": "nerdctl0","isGateway": true,"ipMasq": true,"hairpinMode": true,"ipam": {"ranges": [[{"gateway": "10.4.0.1","subnet": "10.4.0.0/24"}]],"routes": [{"dst": "0.0.0.0/0"}],"type": "host-local"}},{"type": "portmap","capabilities": {"portMappings": true}},{"type": "firewall","ingressPolicy": "same-bridge"},{"type": "tuning"}]
}root@admin:~# kubectl get pod -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment-65d75b7b66-rtcsb 1/1 Running 0 32m 10.0.0.48 byd <none> <none>
创建自定义网络
root@admin:~/nerdctl# ./nerdctl network create --subnet "192.168.200.0/24" --gateway "192.168.200.1" my-custom-net
6aba327441687a0a506461680532503e64e093ce89d28ce8cff978768843acf2# 使用自定义网络
root@admin:~/nerdctl# ./nerdctl run --net my-custom-net -d --name redis16379 -p 16379:6379 swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9
6a98b4a4460f23386d6a1fdf5109996b2b91aeea20aeed5a9ccde332a0c39847
root@admin:~/nerdctl# ./nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6a98b4a4460f swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9 "docker-entrypoint.s…" 8 seconds ago Up 0.0.0.0:16379->6379/tcp redis16379
cbfa26fedcea swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9 "docker-entrypoint.s…" 7 minutes ago Up 0.0.0.0:6379->6379/tcp redis6379root@admin:~/nerdctl# cat /etc/cni/net.d/default/nerdctl-my-custom-net.conflist
{"cniVersion": "1.0.0","name": "my-custom-net","nerdctlID": "6aba327441687a0a506461680532503e64e093ce89d28ce8cff978768843acf2","nerdctlLabels": {},"plugins": [{"type": "bridge","bridge": "br-6aba32744168","isGateway": true,"ipMasq": true,"hairpinMode": true,"ipam": {"ranges": [[{"gateway": "192.168.200.1","subnet": "192.168.200.0/24"}]],"routes": [{"dst": "0.0.0.0/0"}],"type": "host-local"}},{"type": "portmap","capabilities": {"portMappings": true}},{"type": "firewall","ingressPolicy": "same-bridge"},{"type": "tuning"}]
}compose使用
root@admin:~/nerdctl# ./nerdctl network ls
NETWORK ID NAME FILEcilium /etc/cni/net.d/05-cilium.conf # 这些网络通常由容器运行时或系统直接提供,不需要通过 nerdctl 管理生命周期。
6aba32744168 my-custom-net /etc/cni/net.d/default/nerdctl-my-custom-net.conflist # 手动创建的
17f29b073143 bridge /etc/cni/net.d/nerdctl-bridge.conflist # 自动创建的cilium-nertctl /etc/cni/net.d/nerdctl.conflist # 手动复制改名的hostnoneroot@admin:~/nerdctl# cat my-redis.yaml
services:redis:image: swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9container_name: my-rediscommand: redis-server --requirepass "yourpassword" # 设置密码ports:- "26379:6379"networks:- my-custom-netnetworks:my-custom-net:external: trueroot@admin:~/nerdctl# ./nerdctl compose -f my-redis.yaml up -d
root@admin:~/nerdctl# ./nerdctl compose -f my-redis.yaml up -d --force-recreate
root@admin:~/nerdctl# ./nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cd51c9a8881d swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9 "docker-entrypoint.s…" 11 seconds ago Up 0.0.0.0:26379->6379/tcp my-redis
6a98b4a4460f swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9 "docker-entrypoint.s…" 42 minutes ago Up 0.0.0.0:16379->6379/tcp redis16379
cbfa26fedcea swr.cn-south-1.myhuaweicloud.com/dddup/redis:6.0.9 "docker-entrypoint.s…" 50 minutes ago Up 0.0.0.0:6379->6379/tcp redis6379