WARNING: IPv4 forwarding is disabled WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled [root@iZbp1ebizftw2vpbpm737wZ ~]#
mac也支持containerd,但是需要借助lima
Lima是专门在mac上的contained和nerdctl的项目
1 2 3
brew install lima limactl start lim nerdctl run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine
[root@iZbp1ebizftw2vpbpm737wZ ~]# nerdctl help nerdctl is a command line interface for containerd Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml Usage: nerdctl [flags] helpers.Management commands: apparmor Manage AppArmor profiles builder Manage builds container Manage containers image Manage images ipfs Distributing images on IPFS namespace Manage containerd namespaces network Manage networks system Manage containerd volume Manage volumes Commands: attach Attach stdin, stdout, and stderr to a running container. build Build an image from a Dockerfile. Needs buildkitd to be running. commit Create a new image from a container's changes completion Generate the autocompletion script for the specified shell compose Compose cp Copy files/folders between a running container and the local filesystem. create Create a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS. diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container help Help about any command history Show the history of an image images List images info Display system-wide information inspect Return low-level information on objects. kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a container registry logout Log out from a container registry logs Fetch the logs of a container. Expected to be used with 'nerdctl run -d'. pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image from a registry. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS. push Push an image or a repository to a registry. Optionally specify "ipfs://" or "ipns://" scheme to push image to IPFS. rename rename a container restart Restart one or more running containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS. save Save one or more images to a tar archive (streamed to STDOUT by default) start Start one or more running containers stats Display a live stream of container(s) resource usage statistics. stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update one or more running containers version Show the nerdctl version information wait Block until one or more containers stop, then print their exit codes. Flags: -H, --H string Alias of --address (default "/run/containerd/containerd.sock") -a, --a string Alias of --address (default "/run/containerd/containerd.sock") --address string containerd address, optionally with "unix://" prefix [$CONTAINERD_ADDRESS] (default "/run/containerd/containerd.sock") --bridge-ip string IP address for the default nerdctl bridge network [$NERDCTL_BRIDGE_IP] --cgroup-manager string Cgroup manager to use ("cgroupfs"|"systemd") (default "cgroupfs") --cni-netconfpath string cni config directory [$NETCONFPATH] (default "/etc/cni/net.d") --cni-path string cni plugins binary directory [$CNI_PATH] (default "/opt/cni/bin") --data-root string Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default "/var/lib/nerdctl") --debug debug mode --debug-full debug mode (with full output) --experimental Control experimental: https://github.com/containerd/nerdctl/blob/main/docs/experimental.md [$NERDCTL_EXPERIMENTAL] (default true) -h, --help help for nerdctl --host string Alias of --address (default "/run/containerd/containerd.sock") --host-gateway-ip string IP address that the special 'host-gateway' string in --add-host resolves to. Defaults to the IP address of the host. It has no effect without setting --add-host [$NERDCTL _HOST_GATEWAY_IP] (default "172.29.67.77") --hosts-dir strings A directory that contains /hosts.toml (containerd style) or /{ca.cert, cert.pem, key.pem} (docker style) (default [/etc/containerd/certs.d,/etc/dock er/certs.d]) --insecure-registry skips verifying HTTPS certs, and allows falling back to plain HTTP -n, --n string Alias of --namespace (default "default") --namespace string containerd namespace, such as "moby" for Docker, "k8s.io" for Kubernetes [$CONTAINERD_NAMESPACE] (default "default") --snapshotter string containerd snapshotter [$CONTAINERD_SNAPSHOTTER] (default "overlayfs") --storage-driver string Alias of --snapshotter (default "overlayfs") -v, --version version for nerdctl Run 'nerdctl COMMAND --help' for more information on a command. [root@iZbp1ebizftw2vpbpm737wZ ~]#
[root@iZbp1ebizftw2vpbpm737wZ ~]# nerdctl build -h Build an image from a Dockerfile. Needs buildkitd to be running. If Dockerfile is not present and -f is not specified, it will look for Containerfile and build with it.
Usage: nerdctl build [flags] PATH
Flags: --allow stringArray Allow extra privileged entitlement, e.g. network.host, security.insecure --attest stringArray Attestation parameters (format: "type=sbom,generator=image") --build-arg stringArray Set build-time variables --build-context stringArray Additional build contexts (e.g., name=path) --buildkit-host string BuildKit address [$BUILDKIT_HOST] --cache-from stringArray External cache sources (eg. user/app:cache, type=local,src=path/to/dir) --cache-to stringArray Cache export destinations (eg. user/app:cache, type=local,dest=path/to/dir) -f, --file string Name of the Dockerfile -h, --help help for build --iidfile string Write the image ID to the file --label stringArray Set metadata for an image --network string Set type of network for build (format:network=default|none|host) (default "default") --no-cache Do not use cache when building the image -o, --output string Output destination (format: type=local,dest=path) --platform strings Set target platform for build (e.g., "amd64", "arm64") --progress string Set type of progress output (auto, plain, tty). Use plain to show container output (default "auto") --provenance string Shorthand for "--attest=type=provenance" --pull On true, always attempt to pull latest image version from remote. Default uses buildkit's default. -q, --quiet Suppress the build output and print image ID on success --rm Remove intermediate containers after a successful build (default true) --sbom string Shorthand for "--attest=type=sbom" --secret stringArray Secret file to expose to the build: id=mysecret,src=/local/secret --ssh stringArray SSH agent socket or keys to expose to the build (format: default|<id>[=<socket>|<key>[,<key>]]) -t, --tag stringArray Name and optionally a tag in the 'name:tag' format --target string Set the target build stage to build
See also 'nerdctl --help' for the global flags such as '--namespace', '--snapshotter', and '--cgroup-manager'. [root@iZbp1ebizftw2vpbpm737wZ ~]#
alipay
