再见Docker!Containerd安装与使用
Containerd 的技术方向和目标[*]简洁的基于 gRPC 的 API 和 client library
[*]完整的 OCI 支持(runtime 和 image spec)
[*]同时具备稳定性和高性能的定义良好的容器核心功能
[*]一个解耦的系统(让 image、filesystem、runtime 解耦合),实现插件式的扩展和重用
为什么需要独立的 containerd:
[*]以往隶属于docker项目中,现如今从整体 docker 引擎中分离出的项目(开源项目的思路)
[*]可以被 Kubernets CRI 等项目使用(通用化)
[*]为广泛的行业合作打下基础(就像 runC 一样)
containerd的架构设计图:
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719222656836-1620774247.png
安装containerd
验证仓库版本:
root@containerd:~# apt-cache madison containerdhttps://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719223104119-659416107.png
ubuntu在线仓库版本不是最新,可以使用github仓库中的新版本,使用二进制方式部署
下载二进制安装包
github链接地址:https://github.com/containerd/containerd/releases
选择64位x86架构系统安装包
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719230446427-15156729.png
上传安装包到服务器并开始解压安装
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719232233795-1999893964.png
解压缩并将containerd执行文件放入系统默认命令路径下
root@containerd:/tools# tar xf containerd-1.6.6-linux-amd64.tar.gz
root@containerd:/tools# cp -r bin/* /usr/local/bin/https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719232442190-1429299722.png
创建containerd systemd service启动管理文件:
修改ExecStart=/usr/local/bin/containerd为当前containerd文件路径
root@containerd:/tools# cd /etc/systemd/system/
root@containerd:/etc/systemd/system# cat containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
WantedBy=multi-user.target
重新加载系统管理服务文件
root@containerd:/etc/systemd/system# systemctl daemon-reload
创建配置文件
root@containerd:/etc/systemd/system# mkdir /etc/containerd
生成模板配置文件
root@containerd:/etc/systemd/system# containerd config default > /etc/containerd/config.tomlhttps://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719233256470-1953214349.png
修改配置文件
root@containerd:/etc/systemd/system# cd /etc/containerd/
root@containerd:/etc/containerd# vim config.toml vim下搜索/mirrors,添加镜像加速,使用docker镜像源即可,上下级配置,缩进两个空格。
endpoint = ["https://dxc7f1d6.mirror.aliyuncs.com"]
如果是从docker.io下载进行,则使用endpoint配置的镜像站点加速下载
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719233528086-1580609699.png
启动containerd并设置开机自启动
root@containerd:/etc/containerd# systemctl enable containerd --nowhttps://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719233616189-1544406530.png
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719233649753-703493926.png
安装runc
github下载链接:https://github.com/opencontainers/runc/releases
下载最新版本
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719234948998-426476745.png
上传到服务器
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235132317-525055146.png
root@containerd:/tools# chmod +x runc.amd64
root@containerd:/tools# cp runc.amd64 /usr/local/bin/runc
验证使用containerd
containerd是ctrl工具在服务器上创建、管理和使用容器
root@containerd:~# ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr command
VERSION:
v1.6.6
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, nsmanage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n valuenamespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
拉取镜像
与docker区别在于拉取官方镜像必须指定镜像的完整名称包括镜像仓库地址
root@containerd:~# ctr images pull docker.io/library/nginx:latesthttps://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235310934-663342256.png
查看本地的镜像
root@containerd:~# ctr images lshttps://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235355950-1390170248.png
运行容器
root@containerd:~# ctr run -tdocker.io/library/nginx:latest container1 bashhttps://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235454683-260203176.png
container客户端工具
客户端工具有两种,分别是crictl和nerdctl
推荐使用nerdctl,使用效果与docker命令的语法一致
github下载链接:https://github.com/containerd/nerdctl/releases
下载安装nerdctl
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235558705-1140219196.png
解压安装nerdctl
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235644410-1736437370.png
拷贝nerdctl到系统二进制命令路径下
root@containerd:/tools# cp nerdctl /usr/local/bin/
验证版本
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235731611-783883245.png
查看nerdctl使用帮助,与docker客户端工具使用方法基本一致
root@containerd:~# nerdctl --help
nerdctl is a command line interface for containerd
Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml
Usage:
nerdctl
nerdctl
Management commands:
apparmor Manage AppArmor profiles
builder Manage builds
container Manage containers
image Manage images
ipfs Distributing images on IPFS
namespace Manage containerd namespaces
network Manage networks
system Manage containerd
volume Manage volumes
Commands:
build Build an image from a Dockerfile. Needs buildkitd to be running.
commit Create a new image from a container's changes
completionGenerate the autocompletion script for the specified shell
compose Compose
cp Copy files/folders between a running container and the local filesystem.
create Create a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
events Get real time events from the server
exec Run a command in a running container
help Help about any command
history Show the history of an image
images List images
info Display system-wide information
inspect Return low-level information on objects.
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container. Currently, only containers created with `nerdctl run -d` are supported.
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image from a registry. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
push Push an image or a repository to a registry. Optionally specify "ipfs://" or "ipns://" scheme to push image to IPFS.
rename rename a container
restart Restart one or more running containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
save Save one or more images to a tar archive (streamed to STDOUT by default)
start Start one or more running containers
stats Display a live stream of container(s) resource usage statistics.
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update one or more running containers
version Show the nerdctl version information
wait Block until one or more containers stop, then print their exit codes.
Flags:
-H, --H string Alias of --address (default "/run/containerd/containerd.sock")
-a, --a string Alias of --address (default "/run/containerd/containerd.sock")
--address string containerd address, optionally with "unix://" prefix [$CONTAINERD_ADDRESS] (default "/run/containerd/containerd.sock")
--cgroup-manager string Cgroup manager to use ("cgroupfs"|"systemd") (default "cgroupfs")
--cni-netconfpath string cni config directory [$NETCONFPATH] (default "/etc/cni/net.d")
--cni-path string cni plugins binary directory [$CNI_PATH] (default "/opt/cni/bin")
--data-root string Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default "/var/lib/nerdctl")
--debug debug mode
--debug-full debug mode (with full output)
-h, --help help for nerdctl
--host string Alias of --address (default "/run/containerd/containerd.sock")
--hosts-dir strings A directory that contains <HOST:PORT>/hosts.toml (containerd style) or <HOST:PORT>/{ca.cert, cert.pem, key.pem} (docker style) (default )
--insecure-registry skips verifying HTTPS certs, and allows falling back to plain HTTP
-n, --n string Alias of --namespace (default "default")
--namespace string containerd namespace, such as "moby" for Docker, "k8s.io" for Kubernetes [$CONTAINERD_NAMESPACE] (default "default")
--snapshotter string containerd snapshotter [$CONTAINERD_SNAPSHOTTER] (default "overlayfs")
--storage-driver string Alias of --snapshotter (default "overlayfs")
-v, --version version for nerdctl
Use "nerdctl --help" for more information about a command.
查看镜像、容器:
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235825658-147249845.png
拉取镜像:
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220719235906457-1153690306.png
安装cni网络插件
CNI:Container network interface容器网络接口,为容器分配ip地址网卡等
github链接:
https://github.com/containernetworking/plugins/releases https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220720000153060-928510101.png
下载安装cni,并解压到/usr/local/cni/bin目录下
root@containerd:/tools# mkdir /opt/cni/bin -p
root@containerd:/tools# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
查看解压后的cni插件文件:
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220720000246070-235835705.png
注意:必须将cni解压到/opt/cni/bin,否则nerdctl为容器映射端口时,会出现找不到cni插件的报错
root@containerd:~# nerdctl run -d -p 80:80 --name=web --restart=always nginx:latest
FATA needs CNI plugin "bridge" to be installed in CNI_PATH ("/opt/cni/bin"), see https://github.com/con stat /opt/cni/bin/bridge: no such file or directoryhttps://img2022.cnblogs.com/blog/2052820/202207/2052820-20220720000346599-1628918416.png
验证:使用nerdctl运行一个容器
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220720000419775-1704818348.png
宿主机访问容器映射到宿主机80端口
https://img2022.cnblogs.com/blog/2052820/202207/2052820-20220720000500955-1685525745.png
以上就是关于container的介绍与安装。如果对你有帮助或有建议疑问可以评论区留言!
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!
页:
[1]