Podman容器管理命令一览

时间:2022-07-28
本文章向大家介绍Podman容器管理命令一览,主要内容包括其使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。

[TOC]

podman 命令

镜像容器信息流程

ps 子命令 - 列表容器

描述:打印出关于容器的信息

语法参数 

Usage:
  podman ps [flags]

Flags:
  -a, --all              Show all the containers, default is only running containers
  -f, --filter strings   Filter output based on conditions given
      --format string    Pretty-print containers to JSON or using a Go template
  -n, --last int         Print the n last created containers (all states) (default -1)
  -l, --latest           Act on the latest container podman is aware of
                         Not supported with the "--remote" flag
      --no-trunc         Display the extended information
      --ns               Display namespace information
  -p, --pod              Print the ID and name of the pod the containers are associated with
  -q, --quiet            Print the numeric IDs of the containers only
  -s, --size             Display the total file sizes
      --sort choice      Sort output by: command, created, id, image, names, runningfor, size, status
      --sync             Sync container state with OCI runtime
  -w, --watch uint       Watch the ps output on an interval in seconds

Examples: 

# 1.显示所有容器信息并显示容器所属的pod id
podman ps -ap
# CONTAINER ID  IMAGE                                 COMMAND  CREATED       STATUS                   PORTS   NAMES               POD ID        PODNAME
# 15e7d3797552  docker.io/mirrorgcrio/pause:3.2                25 hours ago  Up 25 hours ago                  73c5a062cb17-infra  73c5a062cb17  HelloWorld
# 2fd059b66fb6  docker.io/library/hello-world:latest  /hello   25 hours ago  Exited (0) 25 hours ago          friendly_neumann    73c5a062cb17  HelloWorld

# 2.显示容器信息中指定的列
podman ps -ap --format "{{.ID}}  {{.Image}}  {{.Labels}}  {{.Mounts}} {{.PodName}}"
# 15e7d3797552  docker.io/mirrorgcrio/pause:3.2  map[]  [] HelloWorld
# 2fd059b66fb6  docker.io/library/hello-world:latest  map[]  [] HelloWorld

# 3.显示文件的总大小并根据名称进行排序
podman ps --size --sort names
# CONTAINER ID  IMAGE                            COMMAND  CREATED       STATUS           PORTS   NAMES               SIZE
# 15e7d3797552  docker.io/mirrorgcrio/pause:3.2           25 hours ago  Up 25 hours ago          73c5a062cb17-infra  0B (virtual 683kB)

top 子命令 - 显示容器正在运行的进程

描述:

基础语法: 

podman top [options] container [format-descriptors]
podman container top [options] container [format-descriptors]

# 参数
--latest, -l   # 显示通过Podman或以外的方式CRI-O运行容器 (The latest option is not supported on the remote client).

# FORMAT DESCRIPTORS
args, capbnd, capeff, capinh, capprm, comm, etime, group, hgroup, hpid, huser, label, nice, pcpu, pgid,pid, ppid, rgroup, ruser, seccomp, state, time, tty, user, vsz

capbn:#Set of bounding capabilities. See capabilities (7) for more information.
capeff:#Set of effective capabilities. See capabilities (7) for more information.
capinh:#Set of inheritable capabilities. See capabilities (7) for more information.
capprm:#Set of permitted capabilities. See capabilities (7) for more information.
hgroup:#The corresponding effective group of a container process on the host.
hpid:#The corresponding host PID of a container process.
huser:#The corresponding effective user of a container process on the host.
label:#Current security attributes of the process.
seccomp:#Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information.
state:#Process state codes (e.g, R for running, S for sleeping). See proc(5) for more information.
stime:#Process start time (e.g, "2019-12-09 10:50:36 +0100 CET).

基础实例: 

# 1.默认情况下,podman-top打印的数据类似ps -ef:
$ sudo podman top 15e7d3797552
  # USER   PID   PPID   %CPU    ELAPSED               TTY   TIME   COMMAND
  # 0      1     0      0.000   46h15m55.488413816s   ?     0s     /pause

# 2.可以通过在容器后面指定格式描述符作为参数来控制输出:
$ podman top -l pid seccomp args %C
  # PID   SECCOMP   COMMAND     %CPU
  # 1     filter    sh          0.000
  # 8     filter    vi /etc/    0.000
$ podman top -l pid seccomp state args %C
  # PID   SECCOMP   STATE   COMMAND                                       %CPU
  # 1     filter    S       nginx: master process nginx -g daemon off;    0.000
  # 30    filter    S       nginx: worker process                         0.000
  # 31    filter    S       nginx: worker process                         0.000


# 3.如果指定了未知的描述符,Podman将退回到在容器中执行ps(1)。
$ podman top -l -- aux
  USER   PID   PPID   %CPU    ELAPSED             TTY   TIME   COMMAND
  root   1     0      0.000   1h2m12.497061672s   ?     0s     sleep 100000

status 子命令 - 查看运行中容器资源使用情况

基础演示: 

$podman  stats nginx
ID             NAME    CPU %   MEM USAGE / LIMIT   MEM %   NET IO           BLOCK IO   PIDS
19f105d5dc1e   nginx   --      2.036MB / 1.893GB   0.11%   978B / 10.55kB   -- / --    2

log 子命令 - 查看容器运行的日志

基础演示: 

podman logs nginx

inspect 子命令 - 镜像Image Layer信息

基础案例演示: 

$ podman inspect nginx  | grep -i "ipaddress"
  "SecondaryIPAddresses": null,
  "IPAddress": "10.88.0.110",

2.容器操作管理

pod 子命令 - 管理容器组的工具称为pods

描述:podman pod是一组管理pod或容器组的子命令。

# SYNOPSIS(n. 概要,大纲)
podman pod subcommand

# SUBCOMMANDS
┌────────┬───────────────────────┬─────────────────────────────┐
│Command │ Man Page              │ Description                 │
├────────┼───────────────────────┼─────────────────────────────┤
│create  │ podman-pod-create(1)  │ Create a new pod.           │
├────────┼───────────────────────┼─────────────────────────────┤
│exists  │ podman-pod-exists(1)  │ Check if a pod exists in local storage.  │
├────────┼───────────────────────┼─────────────────────────────┤
│inspect │ podman-pod-inspect(1) │ Displays information   describing a pod. │
├────────┼───────────────────────┼─────────────────────────────┤
│kill    │ podman-pod-kill(1)    │ Kill the main process of each container in one or more pods.  │
├────────┼───────────────────────┼─────────────────────────────┤
│pause   │ podman-pod-pause(1)   │ Pause one or more pods.     │
├────────┼───────────────────────┼─────────────────────────────┤
│prune   │ podman-pod-prune(1)   │ Remove all stopped pods and their containers.  │
├────────┼───────────────────────┼─────────────────────────────┤
│ps      │ podman-pod-ps(1)      │ Prints out information about pods.  │
├────────┼───────────────────────┼─────────────────────────────┤
│restart │ podman-pod-restart(1) │ Restart one or more pods.   │
├────────┼───────────────────────┼─────────────────────────────┤
│rm      │ podman-pod-rm(1)      │ Remove one or more stopped  pods and containers.        │
├────────┼───────────────────────┼─────────────────────────────┤
│start   │ podman-pod-start(1)   │ Start one or more pods.     │
├────────┼───────────────────────┼─────────────────────────────┤
│stats   │ podman-pod-stats(1)   │ Display a live stream of resource usage stats for containers in one or more pods. │
├────────┼───────────────────────┼─────────────────────────────┤
│stop    │ podman-pod-stop(1)    │ Stop one or more pods.      │
├────────┼───────────────────────┼─────────────────────────────┤
│top     │ podman-pod-top(1)     │ Display the running processes of containers in a pod.  │
├────────┼───────────────────────┼─────────────────────────────┤
│unpause │ podman-pod-unpause(1) │ Unpause one or more pods.   │
└────────┴───────────────────────┴─────────────────────────────

基础实例: 

# 创建名称为 HugoBlog 的 pod
podman pod create --name HugoBlog
  # 63cb481fd2fd6a02d97355d8f950e765e06654c3b3a25111bc4431320fae897e

# 列出当前pod信息
podman pod ps 
podman pod list
  # POD ID        NAME        STATUS   CREATED         # OF CONTAINERS  INFRA ID
  # 63cb481fd2fd  HugoBlog    Running  40 minutes ago  2                6b317ba47f5b
  # 73c5a062cb17  HelloWorld  Running  47 hours ago    2                15e7d3797552

# 列出指定pod中容器信息
podman pod top 73c5a062cb17
  # USER   PID   PPID   %CPU    ELAPSED               TTY   TIME   COMMAND
  # 0      1     0      0.000   47h27m58.166822731s   ?     0s     /pause
podman pod top HugoBlog
  # USER    PID   PPID   %CPU    ELAPSED            TTY   TIME   COMMAND
  # 0       1     0      0.000   41m43.871974181s   ?     0s     /pause
  # root    1     0      0.000   41m43.872432777s   ?     0s     nginx: master process nginx -g daemon off;
  # nginx   30    1      0.000   41m43.872491657s   ?     0s     nginx: worker process
  # nginx   31    1      0.000   41m43.87252457s    ?     0s     nginx: worker process


# 停止指定pod或者所有pod(其中的容器也随之停止)
podman pod stop HelloWorld
  # 73c5a062cb17b5088072ec13c496c101b0b239f9aba1dcad93ba5d746cdfb12d
podman pod stop $(podman pod ps -q)
  # 63cb481fd2fd6a02d97355d8f950e765e06654c3b3a25111bc4431320fae897e
  # 73c5a062cb17b5088072ec13c496c101b0b239f9aba1dcad93ba5d746cdfb12d


# 删除指定Pod或者删除所有已经停止的pod
podman pod rm -f HugoBlog
podman pod rm $(podman pod ps -q)

run 子命令 - 容器运行与构建

# 在指定pod中运行容器
podman run -d --pod HugoBlog nginx:alpine
Trying to pull docker.io/library/nginx:alpine...
Getting image source signatures
Copying blob f682f0660e7a done
...
Copying config 6f715d38cf done
Writing manifest to image destination
Storing signatures
e2a645aa73da2bf98c8e7598a4a1368f92959d18f60b8500c1af70132fb778ed

将 pod 导出为声明式部署清单: 

podman generate kube HugoBlog > HugoBlog.yaml

通过部署清单创建 pod: 

podman play kube hugo.yaml

cat HugoBlog.yaml 

# Generation of Kubernetes YAML is still under development!
#
# Save the output of this file and use kubectl create -f to import
# it into Kubernetes.
#
# Created with podman-2.0.6
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2020-09-23T04:31:52Z"
  labels:
    app: HugoBlog
  name: HugoBlog
spec:
  containers:
  - command:
    - nginx
    - -g
    - daemon off;
    env:
    - name: PATH
      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - name: TERM
      value: xterm
    - name: NGINX_VERSION
      value: 1.19.2
    - name: NJS_VERSION
      value: 0.4.3
    - name: PKG_RELEASE
      value: "1"
    - name: container
      value: podman
    - name: HOSTNAME
      value: HugoBlog
    image: docker.io/library/nginx:alpine
    name: inspiringkare
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities: {}
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    workingDir: /
status: {}
---
metadata:
  creationTimestamp: null
spec: {}
status:
  loadBalancer: {}

这是一个兼容 kubernetes 的 pod 定义,你可以直接通过 kubectl apply -f hugo.yaml 将其部署在 Kubernetes 集群中,也可以直接通过 podman 部署

如果通过声明式定义来创建 pod,还是无法解决服务发现的问题,除非换个支持静态 IP 的 CNI 插件,而支持静态 IP 的这些 CNI 插件又需要 etcd 作为数据库,我就这么点资源,可不想再加个 etcd,还是手撸命令行吧。

container 子命令 - 容器相关操作以及备份导出

基础演示: 

Podman 支持将容器从一台机器迁移到另一台机器。
# 在源机器上对容器设置检查点并将容器打包到指定位置。
$ sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz

# 在目标机器上使用源机器上传输过来的打包文件对容器进行恢复。
$ sudo podman container restore -i /tmp/checkpoint.tar.gz

随机文章
本站知识点必读
最近更新