Containerd¶
安装¶
REPO="containerd/nerdctl"
TAG=$(curl -fsSL "https://api.github.com/repos/${REPO}/releases/latest" | jq -r ".tag_name")
ASSET="nerdctl-full-${TAG//v/}-linux-$(dpkg --print-architecture).tar.gz"
wget "https://github.com/${REPO}/releases/download/${TAG}/${ASSET}" -O "${ASSET}"
tar Cxzvvf /usr/local "${ASSET}"
systemctl enable --now containerd
systemctl enable --now buildkit
nerdctl completion bash > /etc/bash_completion.d/nerdctl
source /etc/profile
nerdctl network create compose
nerdctl run --privileged --rm tonistiigi/binfmt --install all
查看默认配置¶
命令补全¶
设置镜像源¶
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml <<- "EOF"
server = "https://registry-1.docker.io"
[host."https://uwk49ut2.mirror.aliyuncs.com"]
capabilities = ["pull"]
EOF
mkdir -p /etc/containerd
cat > /etc/containerd/config.toml <<- "EOF"
version = 2
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
EOF
设置守护进程代理¶
mkdir -p /etc/systemd/system/containerd.service.d
cat > /etc/systemd/system/containerd.service.d/proxy.conf <<- "EOF"
[Service]
Environment="HTTP_PROXY=http://192.192.192.10:7890"
Environment="HTTPS_PROXY=http://192.192.192.10:7890"
EOF
systemctl daemon-reload
systemctl restart containerd
构建多平台镜像¶
配置 QEMU 多平台支持¶
# docker run --privileged --rm tonistiigi/binfmt --install all
nerdctl run --privileged --rm tonistiigi/binfmt --install all
ls -1 /proc/sys/fs/binfmt_misc/qemu*
通过 docker 构建¶
# 创建 Builder
docker buildx create --use
docker buildx ls
# 构建多个平台镜像并推送到 DockerHub
docker login
docker buildx build --tag icefery/my-app:0.0.1 --platform linux/amd64,linux/arm64 --push .
# 构建单个平台并导出到本地
docker buildx build --tag icefery/my-app:0.0.1 --platform linux/arm64 --load .
导出到本地只能构建一个镜像,本地不支持同时导出 manifest lists。
通过 nerdctl 构建¶
nerdctl build -t icefery/my-app:0.0.1 --platform linux/arm64,linux/amd64 .
nerdctl image ls
nerdctl login
nerdctl push --all-platforms icefery/my-app:0.0.1