命令行工具Nerdctl

命令行工具Nerdctl

目录

[toc]

nerdctl安装

🚩 实战-nerdctl安装-2023.12.20(测试成功)

实验环境

实验环境：1、win10笔记本2、1台centos7.6虚机(vmwrokstation虚机)cri-containerd-cni-1.5.5-linux-amd64.tar.gznerdctl-0.12.1-linux-amd64.tar.gz

实验软件 链接：https:➜~wgethttps:#https:# 如果有限制，也可以替换成下面的 URL 加速下载[root@containerd ~]#wget https:--2021-10-2513:13:43--https:Resolvingdownload.fastgit.org(download.fastgit.org)... 88.198.10.254Connectingtodownload.fastgit.org(download.fastgit.org)|88.198.10.254|:443...connected.HTTPrequestsent,awaitingresponse...200OKLength:7528755(7.2M) [application/octet-stream]Savingto:‘nerdctl-0.12.1-linux-amd64.tar.gz’100%[===============================================================================================================================>]7,528,7553.31MB/sin2.2s2021-10-2513:13:46(3.31 MB/s) - ‘nerdctl-0.12.1-linux-amd64.tar.gz’ saved [7528755/7528755][root@containerd ~]#ll -h nerdctl-0.12.1-linux-amd64.tar.gz-rw-r--r--1rootroot7.2MOct515:10nerdctl-0.12.1-linux-amd64.tar.gz[root@containerd ~]#

• 解压软件包到相应目录：

[root@containerd ~]#tar tf nerdctl-0.12.1-linux-amd64.tar.gz #先查看下压缩包文件内容nerdctlcontainerd-rootless-setuptool.shcontainerd-rootless.sh[root@containerd ~]#mkdir -p /usr/local/containerd/bin &&tar-zxvfnerdctl-0.12.1-linux-amd64.tar.gznerdctl&&mvnerdctl/usr/local/containerd/binnerdctl[root@containerd ~]#ln -s /usr/local/containerd/bin/nerdctl /usr/bin/nerdctl

• 验证：

[root@containerd ~]#nerdctl versionClient:Version:v0.12.1Git commit:6f0c8b7bc63270404c9f5810a899e6bae7546608Server:containerd:Version:v1.5.5GitCommit:72cec4be58a9eb6b2910f5d10f1c01ca47d231c0[root@containerd ~]#

• 代码汇总

wgethttps:tartfnerdctl-1.7.2-linux-amd64.tar.gzmkdir-p/usr/local/containerd/bin&&tar-zxvfnerdctl-1.7.2-linux-amd64.tar.gznerdctl&&mvnerdctl/usr/local/containerd/binln-s/usr/local/containerd/bin/nerdctl/usr/bin/nerdctlnerdctlversion

至此，nerdctl安装完成。 安装完成后接下来学习下 nerdctl命令行工具的使用。

0、nerd帮助命令

[root@containerd ~]#nerdctlNAME:nerdctl-Docker-compatibleCLIforcontainerdUSAGE:nerdctl[global options]command[command options][arguments...]VERSION:0.12.1COMMANDS:runRunacommandinanewcontainerexecRunacommandinarunningcontainerpsListcontainerslogsFetchthelogsofacontainer.Currently,onlycontainerscreatedwith`nerdctl run -d`aresupported.portListportmappingsoraspecificmappingforthecontainerstopStoponeormorerunningcontainersstartStartoneormorerunningcontainerskillKilloneormorerunningcontainersrmRemoveoneormorecontainerspausePauseallprocesseswithinoneormorecontainersunpauseUnpauseallprocesseswithinoneormorecontainerscommit[flags] CONTAINER REPOSITORY[:TAG]waitBlockuntiloneormorecontainersstop,thenprinttheirexitcodes.buildBuildanimagefromaDockerfile.Needsbuildkitdtoberunning.imagesListimagespullPullanimagefromaregistrypushPushanimageorarepositorytoaregistryloadLoadanimagefromatararchiveorSTDINsaveSaveoneormoreimagestoatararchive(streamed toSTDOUTbydefault)tagCreateatagTARGET_IMAGEthatreferstoSOURCE_IMAGErmiRemoveoneormoreimageseventsGetrealtimeeventsfromtheserverinfoDisplaysystem-wideinformationversionShowthenerdctlversioninformationinspectReturnlow-levelinformationonobjects.topDisplaytherunningprocessesofacontainerloginLogintoaDockerregistrylogout Log out from a Docker registrycomposeComposecompletionShowshellcompletionhelp,hShowsalistofcommandsorhelpforonecommandManagement:containerManagecontainersimageManageimagesnetworkManagenetworksvolumeManagevolumessystemManagecontainerdnamespaceManagecontainerdnamespacesGLOBALOPTIONS:--debugdebugmode(default:false)--debug-fulldebugmode(with fulloutput) (default:false)--addressvalue,-avalue,--hostvalue,-Hvaluecontainerdaddress,optionallywith"unix:--namespacevalue,-nvaluecontainerdnamespace,suchas"moby"forDocker,"k8s.io"forKubernetes(default:"default") [$CONTAINERD_NAMESPACE]--snapshottervalue,--storage-drivervaluecontainerdsnapshotter(default:"overlayfs") [$CONTAINERD_SNAPSHOTTER]--cni-pathvalueSetthecni-pluginsbinarydirectory(default:"/opt/cni/bin") [$CNI_PATH]--cni-netconfpathvalueSettheCNIconfigdirectory(default:"/etc/cni/net.d") [$NETCONFPATH]--data-rootvalueRootdirectoryofpersistentnerdctlstate(managed bynerdctl,notbycontainerd) (default:"/var/lib/nerdctl")--cgroup-managervalueCgroupmanagertouse("cgroupfs"|"systemd") (default:"cgroupfs")--insecure-registryskipsverifyingHTTPScerts,andallowsfallingbacktoplainHTTP(default:false)--help,-hshowhelp(default:false)--version,-vprinttheversion(default:false)[root@containerd ~]#

1、Run&Exec

nerdctl run

和 docker run类似可以使用 nerdctl run命令运行容器，例如：

➜~nerdctlrun-d-p80:80--name=nginx--restart=alwaysnginx:alpinedocker.io/library/nginx:alpine:resolved|++++++++++++++++++++++++++++++++++++++|index-sha256:bead42240255ae1485653a956ef41c9e458eb077fcb6dc664cbc3aa9701a05ce:done|++++++++++++++++++++++++++++++++++++++|manifest-sha256:ce6ca11a3fa7e0e6b44813901e3289212fc2f327ee8b1366176666e8fb470f24:done|++++++++++++++++++++++++++++++++++++++|config-sha256:7ce0143dee376bfd2937b499a46fb110bda3c629c195b84b1cf6e19be1a9e23b:done|++++++++++++++++++++++++++++++++++++++|elapsed:5.3stotal:3.1Ki(606.0 B/s) 6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8

可选的参数使用和 docker run基本一直，比如 -i、-t、--cpus、--memory等选项，可以使用 nerdctl run --help获取可使用的命令选项：

[root@containerd ~]#nerdctl run --helpNAME:nerdctl run - Run a command in a new containerUSAGE:nerdctl run [command options] [arguments...]OPTIONS:--help show help (default:false)--tty,-t (Currently -t needs to correspond to -i) (default:false)--interactive,-i Keep STDIN open even if not attached (default:false)--detach,-d Run container in background and print container ID (default:false)--restart value Restart policy to apply when a container exits (implemented values:"no"|"always") (default:"no")--rm Automatically remove the container when it exits (default:false)--pull value Pull image before running ("always"|"missing"|"never") (default:"missing")--network value,--net value Connect a container to a network ("bridge"|"host"|"none") (default:"bridge")--dns value Set custom DNS servers--publish value,-p value Publish a container's port(s) to the host--hostname value,-h value Container host name--cpus value Number of CPUs (default:0)--memory value,-m value Memory limit--pid value PID namespace to use--pids-limit value Tune container pids limit (set -1 for unlimited) (default:-1)--cgroupns value Cgroup namespace to use,the default depends on the cgroup version ("host"|"private") (default:"host")--cpuset-cpus value CPUs in which to allow execution (0-3,0,1)--cpu-shares value CPU shares (relative weight) (default:0)--device value Add a host device to the container--user value,-u value Username or UID (format:<name|uid>[:<group|gid>])--security-opt value Security options--cap-add value Add Linux capabilities--cap-drop value Drop Linux capabilities--privileged Give extended privileges to this container (default:false)--runtime value Runtime to use for this container,e.g. "crun",or "io.containerd.runsc.v1"(default:"io.containerd.runc.v2")--sysctl value Sysctl options--gpus value GPU devices to add to the container ('all'to pass all GPUs)--volume value,-v value Bind mount a volume--read-only Mount the container's root filesystem as read only (default:false)--rootfs The first argument is not an image but the rootfs to the exploded container (default:false)--entrypoint value Overwrite the default ENTRYPOINT of the image--workdir value,-w value Working directory inside the container--env value,-e value Set environment variables--add-host value Add a custom host-to-IP mapping (host:ip)--env-file value Set environment variables from file--name value Assign a name to the container--label value,-l value Set meta data on a container--label-file value Read in a line delimited file of labels--cidfile value Write the container ID to the file--shm-size value Size of /dev/shm--pidfile value file path to write the task's pid--ulimit value Ulimit options[root@containerd ~]#

nerdctl exec

同样也可以使用 exec命令执行容器相关命令，例如：

➜ ~nerdctl exec -it nginx /bin/sh/ # dateThu Aug 19 06:43:19 UTC 2021/ #

2、容器管理

nerdctl ps：列出容器

使用 nerdctl ps命令可以列出所有容器。

➜ ~nerdctl psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES6e489777d2f7 docker.io/library/nginx:alpine "/docker-entrypoint.…"    10 minutes ago    Up        0.0.0.0:80->80/tcp nginx

同样可以使用 -a选项显示所有的容器列表，默认只显示正在运行的容器，不过需要注意的是 nerdctl ps命令并没有实现 docker ps下面的 --filter、--format、--last、--size等选项。

nerdctl inspect：获取容器的详细信息。

➜ ~nerdctl inspect nginx[{"Id":"6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8","Created":"2021-08-19T06:35:46.403464674Z","Path":"/docker-entrypoint.sh","Args":["nginx","-g","daemon off;"],"State":{"Status":"running","Running":true,"Paused":false,"Pid":2002,"ExitCode":0,"FinishedAt":"0001-01-01T00:00:00Z"},"Image":"docker.io/library/nginx:alpine","ResolvConfPath":"/var/lib/nerdctl/1935db59/containers/default/6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8/resolv.conf","LogPath":"/var/lib/nerdctl/1935db59/containers/default/6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8/6e489777d2f73dda8a310cdf8da9df38353c1aa2021d3c2270b30eff1806bcf8-json.log","Name":"nginx","Driver":"overlayfs","Platform":"linux","AppArmorProfile":"nerdctl-default","NetworkSettings":{"Ports":{"80/tcp":[{"HostIp":"0.0.0.0","HostPort":"80"}]},"GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"IPAddress":"10.4.0.3","IPPrefixLen":24,"MacAddress":"f2:b1:8e:a2:fe:18","Networks":{"unknown-eth0":{"IPAddress":"10.4.0.3","IPPrefixLen":24,"GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"f2:b1:8e:a2:fe:18"}}}}]

可以看到显示结果和 docker inspect也基本一致的。

nerdctl logs：获取容器日志

查看容器日志是我们平时经常会使用到的一个功能，同样我们可以使用 nerdctl logs来获取日志数据：

➜ ~nerdctl logs -f nginx......2021/08/19 06:35:46 [notice] 1#1:start worker processes2021/08/19 06:35:46 [notice] 1#1:start worker process 322021/08/19 06:35:46 [notice] 1#1:start worker process 33

同样支持 -f、-t、-n、--since、--until这些选项。

#-n选项：[root@containerd ~]#nerdctl logs -n 3 nginx_bak2021/10/2423:17:40[notice] 1#1:start worker process 322021/10/2423:17:40[notice] 1#1:start worker process 3310.4.0.1--[24/Oct/2021:23:42:57 +0000]"GET / HTTP/1.1"200615"-""curl/7.29.0""-"[root@containerd ~]#

🍀 nerdctl不能使logs命令查看kubelet创建出来的容器日志（不应该吧……）

nerdctl stop：停止容器

➜ ~nerdctl stop nginxnginx➜ ~nerdctl psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES➜ ~nerdctl ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES6e489777d2f7 docker.io/library/nginx:alpine "/docker-entrypoint.…"    20 minutes ago    Up        0.0.0.0:80->80/tcp nginx

nerdctl rm：删除容器

➜ ~nerdctl rm nginxYou cannot remove a running container f4ac170235595f28bf962bad68aa81b20fc83b741751e7f3355bd77d8016462d. Stop the container before attempting removal or force remove➜ ~nerdctl rm -f ginxnginx➜ ~nerdctl psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

要强制删除同样可以使用 -f或 --force选项来操作。

3、镜像管理

nerdctl images：镜像列表

➜ ~nerdctl imagesREPOSITORY TAG IMAGE ID CREATED SIZEalpine latest eb3e4e175ba6 6 days ago 5.9 MiBnginx alpine bead42240255 29 minutes ago 16.0 KiB

也需要注意的是没有实现 docker images的一些选项，比如 --all、--digests、--filter、--format。

nerdctl images 和 ctr i ls的对比，nerctl更友好：

[root@containerd ~]#nerdctl imagesREPOSITORYTAGIMAGEIDCREATEDSIZEnginxalpine686aac2769fd38hoursago24.9MiB[root@containerd ~]#ctr i lsREFTYPEDIGESTSIZEPLATFORMSLABELSdocker.io/library/nginx:alpineapplication/vnd.docker.distribution.manifest.list.v2+jsonsha256:686aac2769fd6e7bab67663fd38750c135b72d993d0bb0a942ab02ef647fc9c39.5MiBlinux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x-[root@containerd ~]#

nerdctl pull：拉取镜像

[root@containerd ~]#nerdctl imagesREPOSITORYTAGIMAGEIDCREATEDSIZEnginxalpine686aac2769fd38hoursago24.9MiB[root@containerd ~]#nerdctl pull busybox #nerdctl很优秀，可以直接接镜像名的，而不像ctr命令那样繁琐。docker.io/library/busybox:latest:resolved|++++++++++++++++++++++++++++++++++++++|index-sha256:f7ca5a32c10d51aeda3b4d01c61c6061f497893d7f6628b92f822f7117182a57:done|++++++++++++++++++++++++++++++++++++++|manifest-sha256:febcf61cd6e1ac9628f6ac14fa40836d16f3c6ddef3b303ff0321606e55ddd0b:done|++++++++++++++++++++++++++++++++++++++|config-sha256:16ea53ea7c652456803632d67517b78a4f9075a10bfdc4fc6b7b4cbf2bc98497:done|++++++++++++++++++++++++++++++++++++++|layer-sha256:24fb2886d6f6c5d16481dd7608b47e78a8e92a13d6e64d87d57cb16d5f766d63:done|++++++++++++++++++++++++++++++++++++++|elapsed:5.9stotal:753.5(127.7 KiB/s) [root@containerd ~]#nerdctl imagesREPOSITORYTAGIMAGEIDCREATEDSIZEbusyboxlatestf7ca5a32c10d2secondsago1.2MiBnginxalpine686aac2769fd38hoursago24.9MiB[root@containerd ~]#

nerdctl push：推送镜像

当然在推送镜像之前也可以使用 nerdctl login命令登录到镜像仓库，然后再执行 push 操作。

可以使用 nerdctl login --username xxx --password xxx进行登录，使用 nerdctl logout可以注销退出登录。

[root@containerd ~]#nerdctl push harbor.k8s.local/course/nginx:alpine[root@containerd ~]#nerdctl login --username xxx --password xxx harbor.k8s.local[root@containerd ~]#nerdctl logoutRemovinglogincredentialsforhttps:[root@containerd ~]#

nerdctl tag：镜像标签

使用 tag命令可以为一个镜像创建一个别名镜像：

➜ ~nerdctl imagesREPOSITORY TAG IMAGE ID CREATED SIZEbusybox latest 0f354ec1728d 6 minutes ago 1.3 MiBnginx alpine bead42240255 41 minutes ago 16.0 KiB➜ ~nerdctl tag nginx:alpine harbor.k8s.local/course/nginx:alpine➜ ~nerdctl imagesREPOSITORY TAG IMAGE ID CREATED SIZEbusybox latest 0f354ec1728d 7 minutes ago 1.3 MiBnginx alpine bead42240255 41 minutes ago 16.0 KiBharbor.k8s.local/course/nginx alpine bead42240255 2 seconds ago 16.0 KiB

注意：用tag打的镜像，其Image ID都是相同的：

nerdctl save：导出镜像

使用 save命令可以导出镜像为一个 tar压缩包。

➜ ~nerdctl save -o busybox.tar.gz busybox:latest➜ ~ls -lh busybox.tar.gz-rw-r--r-- 1 root root 761K Aug 19 15:19 busybox.tar.gz

nerdctl rmi：删除镜像

➜ ~nerdctl rmi busyboxUntagged:docker.io/library/busybox:latest@sha256:0f354ec1728d9ff32edcd7d1b8bbdfc798277ad36120dc3dc683be44524c8b60Deleted:sha256:5b8c72934dfc08c7d2bd707e93197550f06c0751023dabb3a045b723c5e7b373

nerdctl load：导入镜像

使用 load命令可以将上面导出的镜像再次导入：

➜ ~nerdctl load -i busybox.tar.gzunpacking docker.io/library/busybox:latest (sha256:0f354ec1728d9ff32edcd7d1b8bbdfc798277ad36120dc3dc683be44524c8b60)...done

使用 -i或 --input选项指定需要导入的压缩包。

****nerdctl命令转存镜像

老师这里已经做好了镜像转存，我这里再推送到自己仓库下。

查看之前从老师做好的镜像转存那里下载好的镜像：

[root@master1 ~]#ctr -n k8s.io i ls -q|grepk8s-dns-node-cachedocker.io/cnych/k8s-dns-node-cache:1.21.1docker.io/cnych/k8s-dns-node-cache@sha256:04c4f6b1f2f2f72441dadcea1c8eec611af4d963315187ceb04b939d1956782fnerdctl-nk8s.ioimages|grepk8s-dns-node-cache#注意：ctr命令和nerdctl命令在k8s里使用都是需要加上，-n k8s.io命名空间的。

开始转存：

#登录自己的阿里云仓库[root@master1 ~]#nerdctl login --username=执次一生为寻爱zxlregistry.cn-hangzhou.aliyuncs.comEnterPassword:LoginSucceeded#重新打tag[root@master1 ~]#nerdctl -n k8s.io tag cnych/k8s-dns-node-cache:1.21.1 registry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache:1.21.1#注意：打好的tag也是在-n k8s.io下的。[root@master1 ~]#nerdctl -n k8s.io images|grepk8s-dns-node-cache……cnych/k8s-dns-node-cache1.21.104c4f6b1f2f210hoursago104.3MiBregistry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache1.21.104c4f6b1f2f2Aboutaminuteago104.3MiB[root@master1 ~]##开始push[root@master1 ~]#nerdctl -n k8s.io push registry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache:1.21.1INFO[0000]pushingasasingle-platformimage(application/vnd.docker.distribution.manifest.v2+json,sha256:04c4f6b1f2f2f72441dadcea1c8eec611af4d963315187ceb04b939d1956782f)manifest-sha256:04c4f6b1f2f2f72441dadcea1c8eec611af4d963315187ceb04b939d1956782f:waiting|--------------------------------------|layer-sha256:af833073aa9559031531fca731390d329e083cccc0b824c236e7efc5742ae666:waiting|--------------------------------------|config-sha256:5bae806f8f123c54ca6a754c567e8408393740792ba8b89ee3bb6c5f95e6fbe1:waiting|--------------------------------------|layer-sha256:20b09fbd30377e1315a8bc9e15b5f8393a1090a7ec3f714ba5fce0c9b82a42f2:waiting|--------------------------------------|elapsed:0.8stotal:0.0B(0.0 B/s) [root@master1 ~]#

发现已经成功推送了：

dockerpullregistry.cn-hangzhou.aliyuncs.com/onlyonexyypublic/k8s-dns-node-cache:1.21.1

自己下去拉取测试下吧：

我这里在云虚机上拉取测试下：

4、镜像构建

镜像构建是平时我们非常重要的一个需求，我们知道 ctr并没有构建镜像的命令，而现在我们又不使用 Docker 了，那么如何进行镜像构建了，幸运的是 nerdctl就提供了 nerdctl build这样的镜像构建命令。

nerdctl build：从 Dockerfile 构建镜像

比如现在我们定制一个 nginx 镜像，新建一个如下所示的 Dockerfile 文件：

[root@containerd ~]#mkdir -p /root/nerctl_demo[root@containerd ~]#cd /root/nerctl_demo/[root@containerd nerctl_demo]#cat >Dockerfile <<EOF>FROM nginx:alpine>RUN echo 'Hello Nerdctl From Containerd'>/usr/share/nginx/html/index.html>EOF[root@containerd nerctl_demo]#cat DockerfileFROM nginx:alpineRUN echo 'Hello Nerdctl From Containerd'>/usr/share/nginx/html/index.html

然后在文件所在目录执行镜像构建命令：

[root@containerd nerctl_demo]#nerdctl build -t nginx:nerctl -f Dockefile .FATA[0000]`buildctl`needstobeinstalledand`buildkitd`needstoberunning,seehttps:[root@containerd nerctl_demo]#

注意：也可以加上这个--no-cache选项

#--no-cache选项--no-cacheDonotusecachewhenbuildingtheimage(default:false)

可以看到有一个错误提示，需要我们安装 buildctl并运行 buildkitd，这是因为 nerdctl build需要依赖 buildkit工具。

buildkit项目也是 Docker 公司开源的一个构建工具包，支持 OCI 标准的镜像构建。它主要包含以下部分:

• 服务端 buildkitd：当前支持 runc 和 containerd 作为 worker，默认是 runc，我们这里使用 containerd
• 客户端 buildctl：负责解析 Dockerfile，并向服务端 buildkitd 发出构建请求

buildkit 是典型的 C/S 架构，客户端和服务端是可以不在一台服务器上，而 nerdctl在构建镜像的时候也作为 buildkitd的客户端，所以需要我们安装并运行 buildkitd。

https:# 如果有限制，也可以替换成下面的 URL 加速下载# wget https:[root@containerd ~]#ll -h buildkit-v0.9.1.linux-amd64.tar.gz-rw-r--r--1rootroot46MOct503:51buildkit-v0.9.1.linux-amd64.tar.gz[root@containerd ~]#tar tf buildkit-v0.9.1.linux-amd64.tar.gzbin/bin/buildctlbin/buildkit-qemu-aarch64bin/buildkit-qemu-armbin/buildkit-qemu-i386bin/buildkit-qemu-mips64bin/buildkit-qemu-mips64elbin/buildkit-qemu-ppc64lebin/buildkit-qemu-riscv64bin/buildkit-qemu-s390xbin/buildkit-runcbin/buildkitd[root@containerd ~]#➜~tar-zxvfbuildkit-v0.9.1.linux-amd64.tar.gz-C/usr/local/containerd/bin/bin/buildctlbin/buildkit-qemu-aarch64bin/buildkit-qemu-armbin/buildkit-qemu-i386bin/buildkit-qemu-mips64bin/buildkit-qemu-mips64elbin/buildkit-qemu-ppc64lebin/buildkit-qemu-riscv64bin/buildkit-qemu-s390xbin/buildkit-runcbin/buildkitd➜~ln-s/usr/local/containerd/bin/buildkitd/usr/local/bin/buildkitd➜~ln-s/usr/local/containerd/bin/buildctl/usr/local/bin/buildctl