[TOC]
0x02 podman 命令 - 容器管理常用命令
镜像容器信息流程
ps 子命令 - 列表容器
描述:打印出关于容器的信息
语法参数
代码语言:javascript复制Usage:
podman ps [flags]
Flags:
-a, --all Show all the containers, default is only running containers
-f, --filter strings Filter output based on conditions given
--format string Pretty-print containers to JSON or using a Go template
-n, --last int Print the n last created containers (all states) (default -1)
-l, --latest Act on the latest container podman is aware of
Not supported with the "--remote" flag
--no-trunc Display the extended information
--ns Display namespace information
-p, --pod Print the ID and name of the pod the containers are associated with
-q, --quiet Print the numeric IDs of the containers only
-s, --size Display the total file sizes
--sort choice Sort output by: command, created, id, image, names, runningfor, size, status
--sync Sync container state with OCI runtime
-w, --watch uint Watch the ps output on an interval in secondsExamples:
代码语言:javascript复制# 1.显示所有容器信息并显示容器所属的pod id
podman ps -ap
# CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD ID PODNAME
# 15e7d3797552 docker.io/mirrorgcrio/pause:3.2 25 hours ago Up 25 hours ago 73c5a062cb17-infra 73c5a062cb17 HelloWorld
# 2fd059b66fb6 docker.io/library/hello-world:latest /hello 25 hours ago Exited (0) 25 hours ago friendly_neumann 73c5a062cb17 HelloWorld
# 2.显示容器信息中指定的列
podman ps -ap --format "{{.ID}} {{.Image}} {{.Labels}} {{.Mounts}} {{.PodName}}"
# 15e7d3797552 docker.io/mirrorgcrio/pause:3.2 map[] [] HelloWorld
# 2fd059b66fb6 docker.io/library/hello-world:latest map[] [] HelloWorld
# 3.显示文件的总大小并根据名称进行排序
podman ps --size --sort names
# CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES SIZE
# 15e7d3797552 docker.io/mirrorgcrio/pause:3.2 25 hours ago Up 25 hours ago 73c5a062cb17-infra 0B (virtual 683kB)top 子命令 - 显示容器正在运行的进程
描述:
基础语法:
代码语言:javascript复制podman top [options] container [format-descriptors]
podman container top [options] container [format-descriptors]
# 参数
--latest, -l # 显示通过Podman或以外的方式CRI-O运行容器 (The latest option is not supported on the remote client).
# FORMAT DESCRIPTORS
args, capbnd, capeff, capinh, capprm, comm, etime, group, hgroup, hpid, huser, label, nice, pcpu, pgid,pid, ppid, rgroup, ruser, seccomp, state, time, tty, user, vsz
capbn:#Set of bounding capabilities. See capabilities (7) for more information.
capeff:#Set of effective capabilities. See capabilities (7) for more information.
capinh:#Set of inheritable capabilities. See capabilities (7) for more information.
capprm:#Set of permitted capabilities. See capabilities (7) for more information.
hgroup:#The corresponding effective group of a container process on the host.
hpid:#The corresponding host PID of a container process.
huser:#The corresponding effective user of a container process on the host.
label:#Current security attributes of the process.
seccomp:#Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information.
state:#Process state codes (e.g, R for running, S for sleeping). See proc(5) for more information.
stime:#Process start time (e.g, "2019-12-09 10:50:36 0100 CET).基础实例:
代码语言:javascript复制# 1.默认情况下,podman-top打印的数据类似ps -ef:
$ sudo podman top 15e7d3797552
# USER PID PPID %CPU ELAPSED TTY TIME COMMAND
# 0 1 0 0.000 46h15m55.488413816s ? 0s /pause
# 2.可以通过在容器后面指定格式描述符作为参数来控制输出:
$ podman top -l pid seccomp args %C
# PID SECCOMP COMMAND %CPU
# 1 filter sh 0.000
# 8 filter vi /etc/ 0.000
$ podman top -l pid seccomp state args %C
# PID SECCOMP STATE COMMAND %CPU
# 1 filter S nginx: master process nginx -g daemon off; 0.000
# 30 filter S nginx: worker process 0.000
# 31 filter S nginx: worker process 0.000
# 3.如果指定了未知的描述符,Podman将退回到在容器中执行ps(1)。
$ podman top -l -- aux
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 1h2m12.497061672s ? 0s sleep 100000status 子命令 - 查看运行中容器资源使用情况
基础演示:
代码语言:javascript复制$podman stats nginx
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS
19f105d5dc1e nginx -- 2.036MB / 1.893GB 0.11% 978B / 10.55kB -- / -- 2log 子命令 - 查看容器运行的日志
基础演示:
代码语言:javascript复制podman logs nginxinspect 子命令 - 镜像Image Layer信息
基础案例演示:
代码语言:javascript复制$ podman inspect nginx | grep -i "ipaddress"
"SecondaryIPAddresses": null,
"IPAddress": "10.88.0.110",2.容器操作管理
pod 子命令 - 管理容器组的工具称为pods
描述:podman pod是一组管理pod或容器组的子命令。
代码语言:javascript复制# SYNOPSIS(n. 概要,大纲)
podman pod subcommand
# SUBCOMMANDS
┌────────┬───────────────────────┬─────────────────────────────┐
│Command │ Man Page │ Description │
├────────┼───────────────────────┼─────────────────────────────┤
│create │ podman-pod-create(1) │ Create a new pod. │
├────────┼───────────────────────┼─────────────────────────────┤
│exists │ podman-pod-exists(1) │ Check if a pod exists in local storage. │
├────────┼───────────────────────┼─────────────────────────────┤
│inspect │ podman-pod-inspect(1) │ Displays information describing a pod. │
├────────┼───────────────────────┼─────────────────────────────┤
│kill │ podman-pod-kill(1) │ Kill the main process of each container in one or more pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│pause │ podman-pod-pause(1) │ Pause one or more pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│prune │ podman-pod-prune(1) │ Remove all stopped pods and their containers. │
├────────┼───────────────────────┼─────────────────────────────┤
│ps │ podman-pod-ps(1) │ Prints out information about pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│restart │ podman-pod-restart(1) │ Restart one or more pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│rm │ podman-pod-rm(1) │ Remove one or more stopped pods and containers. │
├────────┼───────────────────────┼─────────────────────────────┤
│start │ podman-pod-start(1) │ Start one or more pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│stats │ podman-pod-stats(1) │ Display a live stream of resource usage stats for containers in one or more pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│stop │ podman-pod-stop(1) │ Stop one or more pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│top │ podman-pod-top(1) │ Display the running processes of containers in a pod. │
├────────┼───────────────────────┼─────────────────────────────┤
│unpause │ podman-pod-unpause(1) │ Unpause one or more pods. │
└────────┴───────────────────────┴─────────────────────────────基础实例:
代码语言:javascript复制# 创建名称为 HugoBlog 的 pod
podman pod create --name HugoBlog
# 63cb481fd2fd6a02d97355d8f950e765e06654c3b3a25111bc4431320fae897e
# 列出当前pod信息
podman pod ps
podman pod list
# POD ID NAME STATUS CREATED # OF CONTAINERS INFRA ID
# 63cb481fd2fd HugoBlog Running 40 minutes ago 2 6b317ba47f5b
# 73c5a062cb17 HelloWorld Running 47 hours ago 2 15e7d3797552
# 列出指定pod中容器信息
podman pod top 73c5a062cb17
# USER PID PPID %CPU ELAPSED TTY TIME COMMAND
# 0 1 0 0.000 47h27m58.166822731s ? 0s /pause
podman pod top HugoBlog
# USER PID PPID %CPU ELAPSED TTY TIME COMMAND
# 0 1 0 0.000 41m43.871974181s ? 0s /pause
# root 1 0 0.000 41m43.872432777s ? 0s nginx: master process nginx -g daemon off;
# nginx 30 1 0.000 41m43.872491657s ? 0s nginx: worker process
# nginx 31 1 0.000 41m43.87252457s ? 0s nginx: worker process
# 停止指定pod或者所有pod(其中的容器也随之停止)
podman pod stop HelloWorld
# 73c5a062cb17b5088072ec13c496c101b0b239f9aba1dcad93ba5d746cdfb12d
podman pod stop $(podman pod ps -q)
# 63cb481fd2fd6a02d97355d8f950e765e06654c3b3a25111bc4431320fae897e
# 73c5a062cb17b5088072ec13c496c101b0b239f9aba1dcad93ba5d746cdfb12d
# 删除指定Pod或者删除所有已经停止的pod
podman pod rm -f HugoBlog
podman pod rm $(podman pod ps -q)run 子命令 - 容器运行与构建
代码语言:javascript复制# 在指定pod中运行容器
podman run -d --pod HugoBlog nginx:alpine
Trying to pull docker.io/library/nginx:alpine...
Getting image source signatures
Copying blob f682f0660e7a done
...
Copying config 6f715d38cf done
Writing manifest to image destination
Storing signatures
e2a645aa73da2bf98c8e7598a4a1368f92959d18f60b8500c1af70132fb778ed将 pod 导出为声明式部署清单:
代码语言:javascript复制podman generate kube HugoBlog > HugoBlog.yaml通过部署清单创建 pod:
代码语言:javascript复制podman play kube hugo.yamlcat HugoBlog.yaml
代码语言:javascript复制# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-2.0.6
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-09-23T04:31:52Z"
labels:
app: HugoBlog
name: HugoBlog
spec:
containers:
- command:
- nginx
- -g
- daemon off;
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: NGINX_VERSION
value: 1.19.2
- name: NJS_VERSION
value: 0.4.3
- name: PKG_RELEASE
value: "1"
- name: container
value: podman
- name: HOSTNAME
value: HugoBlog
image: docker.io/library/nginx:alpine
name: inspiringkare
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
seLinuxOptions: {}
workingDir: /
status: {}
---
metadata:
creationTimestamp: null
spec: {}
status:
loadBalancer: {}这是一个兼容 kubernetes 的 pod 定义,你可以直接通过 kubectl apply -f hugo.yaml 将其部署在 Kubernetes 集群中,也可以直接通过 podman 部署
如果通过声明式定义来创建 pod,还是无法解决服务发现的问题,除非换个支持静态 IP 的 CNI 插件,而支持静态 IP 的这些 CNI 插件又需要 etcd 作为数据库,我就这么点资源,可不想再加个 etcd,还是手撸命令行吧。
container 子命令 - 容器相关操作以及备份导出
基础演示:
代码语言:javascript复制Podman 支持将容器从一台机器迁移到另一台机器。
# 在源机器上对容器设置检查点并将容器打包到指定位置。
$ sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz
# 在目标机器上使用源机器上传输过来的打包文件对容器进行恢复。
$ sudo podman container restore -i /tmp/checkpoint.tar.gz
