1、容器技術簡介
容器技術除了的docker之外,還有coreOS的rkt、google的gvisor、以及docker開源的containerd、redhat的podman、阿?的pouch等,為了保證容器?態的標準性和健康可持續發展,包括Linux 基?會、Docker、微軟、紅帽、?歌和IBM等公司在2015年6?共同成?了?個叫open container(OCI)的組織,其?的就是制定開放的標準的容器規范,?前OCI?共發布了兩個規范,分別是runtime spec和image format spec,有了這兩個規范,不同的容器公司開發的容器只要兼容這兩個規范,就可以保證容器的可移植性和相互可操作性,
containerd官網:https://containerd.io/
gvisor官網:https://gvisor.dev/
podman官網:https://podman.io
pouch專案地址:https://github.com/alibaba/pouch
buildkit: 從Docker公司的開源出來的?個鏡像構建?具包,?持OCI標準的鏡像構建,專案地址https://github.com/moby/buildkit
2、buildkitd組成部分
buildkitd(服務端),?前?持runc和containerd作為鏡像構建環境,默認是runc,可以更換為containerd,
buildctl(客戶端),負責決議Dockerfile?件,并向服務端buildkitd發出構建請求,
3、部署buildkitd
3.1、下載二進制包
wget https://github.com/moby/buildkit/releases/download/v0.11.6/buildkit-v0.11.6.linux-amd64.tar.gz
解壓壓縮包,將二進制檔案軟連接至path環境變數
root@k8s-master01:/usr/local/src# ls
buildkit-v0.11.6.linux-amd64.tar.gz
root@k8s-master01:/usr/local/src# tar xf buildkit-v0.11.6.linux-amd64.tar.gz
root@k8s-master01:/usr/local/src# ls
bin buildkit-v0.11.6.linux-amd64.tar.gz
root@k8s-master01:/usr/local/src# cd bin
root@k8s-master01:/usr/local/src/bin# ls
buildctl buildkit-qemu-arm buildkit-qemu-mips64 buildkit-qemu-ppc64le buildkit-qemu-s390x buildkitd
buildkit-qemu-aarch64 buildkit-qemu-i386 buildkit-qemu-mips64el buildkit-qemu-riscv64 buildkit-runc
root@k8s-master01:/usr/local/src/bin# ln -s /usr/local/src/bin/* /usr/local/bin/
root@k8s-master01:/usr/local/src/bin# buildctl --help
NAME:
buildctl - build utility
USAGE:
buildctl [global options] command [command options] [arguments...]
VERSION:
v0.11.6
COMMANDS:
du disk usage
prune clean up build cache
build, b build
debug debug utilities
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--addr value buildkitd address (default: "unix:///run/buildkit/buildkitd.sock")
--tlsservername value buildkitd server name for certificate validation
--tlscacert value CA certificate for validation
--tlscert value client certificate
--tlskey value client key
--tlsdir value directory containing CA certificate, client certificate, and client key
--timeout value timeout backend connection after value seconds (default: 5)
--help, -h show help
--version, -v print the version
root@k8s-master01:/usr/local/src/bin#
能夠正常在bash中執行buildkit --help ,表示對應命令已經正常軟連接至path環境中,
3.2、提供buildkit.socket檔案
root@k8s-master01:/usr/local/src/bin# cat /lib/systemd/system/buildkit.socket
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Socket]
ListenStream=%t/buildkit/buildkitd.sock
[Install]
WantedBy=sockets.target
root@k8s-master01:/usr/local/src/bin#
3.3、提供buildkit.service檔案
root@k8s-master01:/usr/local/src/bin# cat /lib/systemd/system/buildkitd.service
[Unit]
Description=BuildKit
Requires=buildkit.socket
After=buildkit.socketDocumentation=https://github.com/moby/buildkit
[Service]
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
root@k8s-master01:/usr/local/src/bin#
3.4、啟動buildiktd服務
root@k8s-master01:/usr/local/src/bin# systemctl daemon-reload
root@k8s-master01:/usr/local/src/bin# systemctl enable buildkitd
Created symlink /etc/systemd/system/multi-user.target.wants/buildkitd.service → /lib/systemd/system/buildkitd.service.
root@k8s-master01:/usr/local/src/bin# systemctl restart buildkitd
root@k8s-master01:/usr/local/src/bin# systemctl status buildkitd
● buildkitd.service - BuildKit
Loaded: loaded (/lib/systemd/system/buildkitd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-05-31 13:32:38 UTC; 4s ago
Main PID: 12191 (buildkitd)
Tasks: 9 (limit: 4571)
Memory: 7.8M
CPU: 125ms
CGroup: /system.slice/buildkitd.service
└─12191 /usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
May 31 13:32:38 k8s-master01.ik8s.cc systemd[1]: Started BuildKit.
May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=warning msg="using host network as the default"
May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=warning msg="git source cannot be enabled: failed to find git
binary: exec: \"git\": executable file not found in $PATH"
May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=info msg="found worker \"kffvitvra0b27yi956wa4xcal\", labels=m
ap[org.mobyproject.buildkit.worker.containerd.namespace:buildkit org.mobyproject.buildkit.worker.containerd.uuid:f27e8d21-8b1d-44ac-9233-f55b9b028fc0 o
rg.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:k8s-master01.ik8s.cc org.mobyproject.buildkit.worker.networ
k:host org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/amd64
/v2 linux/386]"
May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=info msg="found 1 workers, default=\"kffvitvra0b27yi956wa4xcal
\""
May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=warning msg="currently, only the default worker can be used."
May 31 13:32:38 k8s-master01.ik8s.cc buildkitd[12191]: time="2023-05-31T13:32:38Z" level=info msg="running server on /run/buildkit/buildkitd.sock"
root@k8s-master01:/usr/local/src/bin#
4、基于nginx代理?簽名證書harbor并實作https
4.1、將harbor修改為http協議
停止harbor服務
root@harbor:/app/harbor# docker-compose down
[+] Running 13/13
? Container notary-server Removed 0.8s
? Container nginx Removed 1.7s
? Container harbor-jobservice Removed 0.7s
? Container trivy-adapter Removed 0.6s
? Container notary-signer Removed 0.5s
? Container harbor-portal Removed 0.3s
? Container harbor-core Removed 3.5s
? Container harbor-db Removed 0.7s
? Container registry Removed 0.5s
? Container redis Removed 0.5s
? Network harbor_notary-sig Removed 0.8s
? Network harbor_harbor Removed 0.2s
? Network harbor_harbor-notary Removed 0.5s
root@harbor:/app/harbor#
修改harbor組態檔,注釋https和證書的配置
重新prepare
root@harbor:/app/harbor# ls
LICENSE common common.sh docker-compose.yml harbor.v2.8.0.tar.gz harbor.yml harbor.yml.tmpl install.sh prepare
root@harbor:/app/harbor# ./prepare
prepare base dir is set to /app/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/notary/notary-signer-ca.crt
Clearing the configuration file: /config/notary/notary-signer.key
Clearing the configuration file: /config/notary/server-config.postgres.json
Clearing the configuration file: /config/notary/server_env
Clearing the configuration file: /config/notary/notary-signer.crt
Clearing the configuration file: /config/notary/signer_env
Clearing the configuration file: /config/notary/signer-config.postgres.json
Clearing the configuration file: /config/notary/root.crt
Clearing the configuration file: /config/trivy-adapter/env
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/nginx/conf.d/notary.upstream.conf
Clearing the configuration file: /config/nginx/conf.d/notary.server.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/portal/nginx.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
root@harbor:/app/harbor#
啟動harbor
root@harbor:/app/harbor# docker-compose up -d
[+] Running 10/10
? Network harbor_harbor Created 0.2s
? Container harbor-log Started 1.2s
? Container registry Started 2.5s
? Container harbor-portal Started 2.7s
? Container registryctl Started 2.7s
? Container harbor-db Started 2.7s
? Container redis Started 2.6s
? Container harbor-core Started 3.2s
? Container harbor-jobservice Started 4.2s
? Container nginx Started 4.3s
root@harbor:/app/harbor#
如果你給harbor添加的有service檔案,也可以使用systemctl stop/start harbor來停止/啟動harbor
驗證harbor是否可以正常登錄?
4.2、nginx實作harbor的反向代理
4.2.1、nginx安裝及配置
root@k8s-deploy:~# cd /usr/local/src/
root@k8s-deploy:/usr/local/src# wget https://nginx.org/download/nginx-1.22.0.tar.gz
--2023-05-31 13:59:55-- https://nginx.org/download/nginx-1.22.0.tar.gz
Resolving nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2a05:d014:edb:5704::6, ...
Connecting to nginx.org (nginx.org)|52.58.199.22|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1073322 (1.0M) [application/octet-stream]
Saving to: ‘nginx-1.22.0.tar.gz’
nginx-1.22.0.tar.gz 100%[=======================================================================================>] 1.02M 37.8KB/s in 27s
2023-05-31 14:00:23 (38.9 KB/s) - ‘nginx-1.22.0.tar.gz’ saved [1073322/1073322]
root@k8s-deploy:/usr/local/src# tar xf nginx-1.22.0.tar.gz
root@k8s-deploy:/usr/local/src# cd nginx-1.22.0
root@k8s-deploy:/usr/local/src/nginx-1.22.0# ./configure --prefix=/apps/nginx \
> --with-http_ssl_module \
> --with-http_v2_module \
> --with-http_realip_module \
> --with-http_stub_status_module \
> --with-http_gzip_static_module \
> --with-pcre \
> --with-stream \
> --with-stream_ssl_module \
> --with-stream_realip_module
上述報錯沒有找到http模塊依賴的PCRE庫
解決辦法:安裝libpcre3 libpcre3-dev
root@k8s-deploy:/usr/local/src/nginx-1.22.0# apt install libpcre3 libpcre3-dev -y
安裝上述依賴后,重新configure
上述報錯沒有找到ssl模塊依賴的openssl庫
解決辦法:安裝openssl libssl-dev
root@k8s-deploy:/usr/local/src/nginx-1.22.0# apt install openssl libssl-dev -y
執行上述./configure 沒有報錯,并且能夠看到上述截圖,表示編譯環境通過檢查,可以進行下一步編譯和安裝
編譯安裝nginx
root@k8s-deploy:/usr/local/src/nginx-1.22.0# make && make install
創建證書?錄,并生成私鑰,證書
4.2.1.1、創建證書?錄,并生成ca私鑰
root@k8s-deploy:/apps/nginx/sbin# mkdir /apps/nginx/certs
root@k8s-deploy:/apps/nginx/sbin# cd /apps/nginx/certs
root@k8s-deploy:/apps/nginx/certs# openssl genrsa -out ca.key 4096
4.2.1.2、用ca私鑰生成ca自簽名證書
root@k8s-deploy:/apps/nginx/certs# openssl req -x509 -new -nodes -sha512 -days 3650 \
> -subj "/C=CN/ST=Beijing/L=Beijing/O=Personal-CA/OU=Personal/CN=CA.com" \
> -key ca.key \
> -out ca.crt
root@k8s-deploy:/apps/nginx/certs# ls
ca.crt ca.key
root@k8s-deploy:/apps/nginx/certs#
4.2.1.3、生成harbor服務器私鑰
root@k8s-deploy:/apps/nginx/certs# openssl genrsa -out magedu.net.key 4096
root@k8s-deploy:/apps/nginx/certs# ls
ca.crt ca.key magedu.net.key
root@k8s-deploy:/apps/nginx/certs#
4.2.1.4、用harbor服務器私鑰生成生成證書簽名請求csr檔案
root@k8s-deploy:/apps/nginx/certs# openssl req -sha512 -new \
> -subj "/C=CN/ST=Beijing/L=Beijing/O=test/OU=Personal/CN=magedu.net" \
> -key magedu.net.key \
> -out magedu.net.csr
root@k8s-deploy:/apps/nginx/certs# ls
ca.crt ca.key magedu.net.csr magedu.net.key
root@k8s-deploy:/apps/nginx/certs#
4.2.1.5、使用ca證書和私鑰為harbor服務器簽發證書
root@k8s-deploy:/apps/nginx/certs# openssl x509 -req -sha512 -days 3650 \
> -CA ca.crt -CAkey ca.key -CAcreateserial \
> -in magedu.net.csr \
> -out magedu.net.crt
Certificate request self-signature ok
subject=C = CN, ST = Beijing, L = Beijing, O = test, OU = Personal, CN = magedu.net
root@k8s-deploy:/apps/nginx/certs# ls
ca.crt ca.key magedu.net.crt magedu.net.csr magedu.net.key
root@k8s-deploy:/apps/nginx/certs#
編輯nginx組態檔,配置證書和反向代理harbor
root@k8s-deploy:/apps/nginx/certs# cat /apps/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
client_max_body_size 1000m;
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/certs/magedu.net.crt;
ssl_certificate_key /apps/nginx/certs/magedu.net.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
if ($scheme = http ){
rewrite / https://harbor.magedu.net permanent;
}
proxy_pass http://192.168.0.42;
}
}
}
root@k8s-deploy:/apps/nginx/certs#
檢查nginx組態檔語法
root@k8s-deploy:/apps/nginx/certs# cd ..
root@k8s-deploy:/apps/nginx# /apps/nginx/sbin/nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
root@k8s-deploy:/apps/nginx#
啟動nginx
root@k8s-deploy:/apps/nginx# /apps/nginx/sbin/nginx
root@k8s-deploy:/apps/nginx# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 511 0.0.0.0:80 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 511 0.0.0.0:443 0.0.0.0:*
root@k8s-deploy:/apps/nginx#
4.2.2、瀏覽器訪問測驗nginx 看看是否反向代理給harbor?是否為https?
查看證書資訊
4.2.3、buildkitd配置?件
root@k8s-master01:/usr/local/src/bin# cat /etc/buildkit/buildkitd.toml
[registry."harbor.magedu.net"]
http = true
insecure = true
root@k8s-master01:
4.2.4、nerdctl配置?件
root@k8s-master01:/usr/local/src/bin# cat /etc/nerdctl/nerdctl.toml
namespace = "k8s.io"
debug = false
debug_full = false
insecure_registry = true
root@k8s-master01:/usr/local/src/bin#
5、測驗鏡像構建
5.1、nerdctl常?命令
5.1.1 給nerdctl添加命令補全
root@k8s-master01:~# echo "source <(nerdctl completion bash)" >> /etc/profile
root@k8s-master01:~# cat /etc/profile
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "${PS1-}" ]; then
if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then
# The file bash.bashrc already sets the default PS1.
# PS1='\h:\w\$ '
if [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
else
if [ "$(id -u)" -eq 0 ]; then
PS1='# '
else
PS1='$ '
fi
fi
fi
if [ -d /etc/profile.d ]; then
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi
source <(nerdctl completion bash)
root@k8s-master01:~# source /etc/profile
5.1.2、登錄harbor倉庫
root@k8s-master01:~# nerdctl login harbor.magedu.net
Enter Username: admin
Enter Password:
WARN[0005] skipping verifying HTTPS certs for "harbor.magedu.net"
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@k8s-master01:~# nerdctl login --insecure-registry https://harbor.magedu.net
WARN[0000] skipping verifying HTTPS certs for "harbor.magedu.net"
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@k8s-master01:~#
自簽名證書一般通過--insecure-registry 選項來指定該倉庫是一個不安全的倉庫
5.2、自簽名harbor證書分發
5.2.1、創建證書?錄
root@k8s-master01:~# mkdir -pv /etc/containerd/certs.d/harbor.magedu.net
mkdir: created directory '/etc/containerd/certs.d'
mkdir: created directory '/etc/containerd/certs.d/harbor.magedu.net'
root@k8s-master01:~#
5.2.2、證書格式轉換
root@k8s-deploy:~# cd /apps/nginx/certs/
root@k8s-deploy:/apps/nginx/certs# openssl x509 -inform PEM -in magedu.net.crt -out magedu.net.cert
root@k8s-deploy:/apps/nginx/certs#
5.2.3、開始分發證書至鏡像構建服務器
root@k8s-deploy:/apps/nginx/certs# scp ca.crt magedu.net.cert magedu.net.key 192.168.0.31:/etc/containerd/certs.d/harbor.magedu.net/
ca.crt 100% 2041 1.5MB/s 00:00
magedu.net.cert 100% 1915 1.6MB/s 00:00
magedu.net.key 100% 3272 2.9MB/s 00:00
root@k8s-deploy:/apps/nginx/certs#
5.2.4、鏡像構建服務器上驗證證書
root@k8s-master01:~# cd /etc/containerd/certs.d/harbor.magedu.net
root@k8s-master01:/etc/containerd/certs.d/harbor.magedu.net# ll
total 20
drwxr-xr-x 2 root root 4096 May 31 17:49 ./
drwxr-xr-x 3 root root 4096 May 31 17:44 ../
-rw-r--r-- 1 root root 2041 May 31 17:49 ca.crt
-rw-r--r-- 1 root root 1915 May 31 17:49 magedu.net.cert
-rw------- 1 root root 3272 May 31 17:49 magedu.net.key
root@k8s-master01:/etc/containerd/certs.d/harbor.magedu.net#
5.2.5、洗掉原有登錄資訊,重新登錄harbor
root@k8s-master01:~# rm -rf .docker/config.json
root@k8s-master01:~# nerdctl login harbor.magedu.net
Enter Username: admin
Enter Password:
WARN[0005] skipping verifying HTTPS certs for "harbor.magedu.net"
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@k8s-master01:~#
5.3、鏡像構建
root@k8s-master01:~/ubuntu# ll
total 1120
drwxr-xr-x 3 root root 4096 May 31 18:40 ./
drwx------ 11 root root 4096 May 31 18:40 ../
-rw-r--r-- 1 root root 846 May 31 18:39 Dockerfile
-rw-r--r-- 1 root root 266 May 31 18:40 build-command.sh
-rw-r--r-- 1 root root 38751 Aug 5 2022 frontend.tar.gz
drwxr-xr-x 3 root root 4096 May 31 18:37 html/
-rw-r--r-- 1 root root 1073322 May 24 2022 nginx-1.22.0.tar.gz
-rw-r--r-- 1 root root 2812 Oct 3 2020 nginx.conf
-rw-r--r-- 1 root root 1139 Aug 5 2022 sources.list
root@k8s-master01:~/ubuntu# cat Dockerfile
FROM ubuntu:22.04
ADD sources.list /etc/apt/sources.list
RUN apt update && apt install -y iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute gcc openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip make
ADD nginx-1.22.0.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.22.0 && ./configure --prefix=/apps/nginx && make && make install && ln -sv /apps/nginx/sbin/nginx /usr/bin
RUN groupadd -g 2088 nginx && useradd -g nginx -s /usr/sbin/nologin -u 2088 nginx && chown -R nginx.nginx /apps/nginx
ADD nginx.conf /apps/nginx/conf/
ADD frontend.tar.gz /apps/nginx/html/
EXPOSE 80 443
#ENTRYPOINT ["nginx"]
CMD ["nginx","-g","daemon off;"]
root@k8s-master01:~/ubuntu# cat build-command.sh
#!/bin/bash
#docker build -t harbor.magedu.net/myserver/nginx:v1 .
#docker push harbor.magedu.net/myserver/nginx:v1
/usr/local/bin/nerdctl build -t harbor.magedu.net/magedu/nginx-base:1.22.0 .
/usr/local/bin/nerdctl push harbor.magedu.net/magedu/nginx-base:1.22.0
root@k8s-master01:~/ubuntu#
5.4、通過腳本?動構建并把鏡像上傳到鏡像倉庫
root@k8s-master01:~/ubuntu# bash build-command.sh
5.5、驗證鏡像是否上傳到harbor倉庫?
6、基于?定義鏡像創建測驗容器
6.1、nerdctl命令
root@k8s-node01:~# nerdctl run -d -p 80:80 harbor.magedu.net/magedu/nginx-base:1.22.0
WARN[0000] skipping verifying HTTPS certs for "harbor.magedu.net"
harbor.magedu.net/magedu/nginx-base:1.22.0: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:61c8355a7eabb8d24f31c8a48edb230d7709b455128a580e180a1a2f4188571c: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:6c030d3d7f76a61e2bc706d98cdfa55b80f7a6d8491b85ede84d0dbb2c706a74: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4da3a93ac27213414b4de065a2603d7acbec5bd63d6198a62ad732fa7ac6afa0: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:26039d49560ee304c7a41e00617e216bedb7e9c6b74263db5afe68a23425f286: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:61967fbfff474bb397fbc7752b2097a1211fd9e22c85ce679d2b80c29477ca8d: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4179b69841babb645626f43f9f4eb8bf4fc9be92ef9819ea8d9335408178a497: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9e0da806173e5c7f5188ed9222e6caf214b43f6e0ed1f961ed8261cb4fbf9429: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:1739bcae88003d009cb72941ca5085074a0d1257c971a3838e0d6402f010b38e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f8a2ffd8882321b57192cce8fcaebab3657bb30e073e4f21eee91b3f44488809: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 18.6s total: 149.3 (8.0 MiB/s)
af08bef4d635f3f888c87120cc830b37e3f53121012ad59500a30c20ac065319
root@k8s-node01:~#
訪問容器
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/554091.html
標籤:其他
上一篇:魔力屏障 (magic) 題解
下一篇:返回列表