Containerd 的技术方向和目标
- 简洁的基于 gRPC 的 API 和 client library
- 完整的 OCI 支持(runtime 和 image spec)
- 同时具备稳定性和高性能的定义良好的容器核心功能
- 一个解耦的系统(让 image、filesystem、runtime 解耦合),实现插件式的扩展和重用
为什么需要独立的 containerd:
- 以往隶属于docker项目中,现如今从整体 docker 引擎中分离出的项目(开源项目的思路)
- 可以被 Kubernets CRI 等项目使用(通用化)
- 为广泛的行业合作打下基础(就像 runC 一样)
containerd的架构设计图:
安装containerd
验证仓库版本:- root@containerd:~# apt-cache madison containerd
ubuntu在线仓库版本不是最新,可以使用github仓库中的新版本,使用二进制方式部署
下载二进制安装包
github链接地址:https://github.com/containerd/containerd/releases
选择64位x86架构系统安装包
上传安装包到服务器并开始解压安装
解压缩并将containerd执行文件放入系统默认命令路径下- root@containerd:/tools# tar xf containerd-1.6.6-linux-amd64.tar.gz
- root@containerd:/tools# cp -r bin/* /usr/local/bin/
创建containerd systemd service启动管理文件:
修改ExecStart=/usr/local/bin/containerd为当前containerd文件路径- root@containerd:/tools# cd /etc/systemd/system/
- root@containerd:/etc/systemd/system# cat containerd.service
- # Copyright The containerd Authors.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-
- [Unit]
- Description=containerd container runtime
- Documentation=https://containerd.io
- After=network.target local-fs.target
-
- [Service]
- ExecStartPre=-/sbin/modprobe overlay
- ExecStart=/usr/local/bin/containerd
-
- Type=notify
- Delegate=yes
- KillMode=process
- Restart=always
- RestartSec=5
- # Having non-zero Limit*s causes performance problems due to accounting overhead
- # in the kernel. We recommend using cgroups to do container-local accounting.
- LimitNPROC=infinity
- LimitCORE=infinity
- LimitNOFILE=infinity
- # Comment TasksMax if your systemd version does not supports it.
- # Only systemd 226 and above support this version.
- TasksMax=infinity
- OOMScoreAdjust=-999
-
- [Install]
- WantedBy=multi-user.target
重新加载系统管理服务文件- root@containerd:/etc/systemd/system# systemctl daemon-reload
创建配置文件- root@containerd:/etc/systemd/system# mkdir /etc/containerd
生成模板配置文件- root@containerd:/etc/systemd/system# containerd config default > /etc/containerd/config.toml
修改配置文件
- root@containerd:/etc/systemd/system# cd /etc/containerd/
- root@containerd:/etc/containerd# vim config.toml
- [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
- [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
- endpoint = ["https://dxc7f1d6.mirror.aliyuncs.com"]
如果是从docker.io下载进行,则使用endpoint配置的镜像站点加速下载
启动containerd并设置开机自启动- root@containerd:/etc/containerd# systemctl enable containerd --now
安装runc
github下载链接:https://github.com/opencontainers/runc/releases
下载最新版本
上传到服务器
- root@containerd:/tools# chmod +x runc.amd64
- root@containerd:/tools# cp runc.amd64 /usr/local/bin/runc
验证使用containerd
containerd是ctrl工具在服务器上创建、管理和使用容器- root@containerd:~# ctr --help
- NAME:
- ctr -
- __
- _____/ /______
- / ___/ __/ ___/
- / /__/ /_/ /
- \___/\__/_/
- containerd CLI
- USAGE:
- ctr [global options] command [command options] [arguments...]
- VERSION:
- v1.6.6
- DESCRIPTION:
-
- ctr is an unsupported debug and administrative client for interacting
- with the containerd daemon. Because it is unsupported, the commands,
- options, and operations are not guaranteed to be backward compatible or
- stable from release to release of the containerd project.
- COMMANDS:
- plugins, plugin provides information about containerd plugins
- version print the client and server versions
- containers, c, container manage containers
- content manage content
- events, event display containerd events
- images, image, i manage images
- leases manage leases
- namespaces, namespace, ns manage namespaces
- pprof provide golang pprof outputs for containerd
- run run a container
- snapshots, snapshot manage snapshots
- tasks, t, task manage tasks
- install install a new package
- oci OCI tools
- shim interact with a shim directly
- help, h Shows a list of commands or help for one command
- GLOBAL OPTIONS:
- --debug enable debug output in logs
- --address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
- --timeout value total timeout for ctr commands (default: 0s)
- --connect-timeout value timeout for connecting to containerd (default: 0s)
- --namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
- --help, -h show help
- --version, -v print the version
拉取镜像
与docker区别在于拉取官方镜像必须指定镜像的完整名称包括镜像仓库地址- root@containerd:~# ctr images pull docker.io/library/nginx:latest
查看本地的镜像
- root@containerd:~# ctr images ls
运行容器- root@containerd:~# ctr run -t docker.io/library/nginx:latest container1 bash
container客户端工具
客户端工具有两种,分别是crictl和nerdctl
推荐使用nerdctl,使用效果与docker命令的语法一致
github下载链接:https://github.com/containerd/nerdctl/releases
下载安装nerdctl
解压安装nerdctl
拷贝nerdctl到系统二进制命令路径下- root@containerd:/tools# cp nerdctl /usr/local/bin/
验证版本
查看nerdctl使用帮助,与docker客户端工具使用方法基本一致- root@containerd:~# nerdctl --help
- nerdctl is a command line interface for containerd
- Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml
- Usage:
- nerdctl [flags]
- nerdctl [command]
- Management commands:
- apparmor Manage AppArmor profiles
- builder Manage builds
- container Manage containers
- image Manage images
- ipfs Distributing images on IPFS
- namespace Manage containerd namespaces
- network Manage networks
- system Manage containerd
- volume Manage volumes
- Commands:
- build Build an image from a Dockerfile. Needs buildkitd to be running.
- commit Create a new image from a container's changes
- completion Generate the autocompletion script for the specified shell
- compose Compose
- cp Copy files/folders between a running container and the local filesystem.
- create Create a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
- events Get real time events from the server
- exec Run a command in a running container
- help Help about any command
- history Show the history of an image
- images List images
- info Display system-wide information
- inspect Return low-level information on objects.
- kill Kill one or more running containers
- load Load an image from a tar archive or STDIN
- login Log in to a Docker registry
- logout Log out from a Docker registry
- logs Fetch the logs of a container. Currently, only containers created with `nerdctl run -d` are supported.
- pause Pause all processes within one or more containers
- port List port mappings or a specific mapping for the container
- ps List containers
- pull Pull an image from a registry. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
- push Push an image or a repository to a registry. Optionally specify "ipfs://" or "ipns://" scheme to push image to IPFS.
- rename rename a container
- restart Restart one or more running containers
- rm Remove one or more containers
- rmi Remove one or more images
- run Run a command in a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
- save Save one or more images to a tar archive (streamed to STDOUT by default)
- start Start one or more running containers
- stats Display a live stream of container(s) resource usage statistics.
- stop Stop one or more running containers
- tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
- top Display the running processes of a container
- unpause Unpause all processes within one or more containers
- update Update one or more running containers
- version Show the nerdctl version information
- wait Block until one or more containers stop, then print their exit codes.
- Flags:
- -H, --H string Alias of --address (default "/run/containerd/containerd.sock")
- -a, --a string Alias of --address (default "/run/containerd/containerd.sock")
- --address string containerd address, optionally with "unix://" prefix [$CONTAINERD_ADDRESS] (default "/run/containerd/containerd.sock")
- --cgroup-manager string Cgroup manager to use ("cgroupfs"|"systemd") (default "cgroupfs")
- --cni-netconfpath string cni config directory [$NETCONFPATH] (default "/etc/cni/net.d")
- --cni-path string cni plugins binary directory [$CNI_PATH] (default "/opt/cni/bin")
- --data-root string Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default "/var/lib/nerdctl")
- --debug debug mode
- --debug-full debug mode (with full output)
- -h, --help help for nerdctl
- --host string Alias of --address (default "/run/containerd/containerd.sock")
- --hosts-dir strings A directory that contains <HOST:PORT>/hosts.toml (containerd style) or <HOST:PORT>/{ca.cert, cert.pem, key.pem} (docker style) (default [/etc/containerd/certs.d,/etc/docker/certs.d])
- --insecure-registry skips verifying HTTPS certs, and allows falling back to plain HTTP
- -n, --n string Alias of --namespace (default "default")
- --namespace string containerd namespace, such as "moby" for Docker, "k8s.io" for Kubernetes [$CONTAINERD_NAMESPACE] (default "default")
- --snapshotter string containerd snapshotter [$CONTAINERD_SNAPSHOTTER] (default "overlayfs")
- --storage-driver string Alias of --snapshotter (default "overlayfs")
- -v, --version version for nerdctl
- Use "nerdctl [command] --help" for more information about a command.
查看镜像、容器:
拉取镜像:
安装cni网络插件
CNI:Container network interface容器网络接口,为容器分配ip地址网卡等
github链接: - https://github.com/containernetworking/plugins/releases
下载安装cni,并解压到/usr/local/cni/bin目录下- root@containerd:/tools# mkdir /opt/cni/bin -p
- root@containerd:/tools# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
查看解压后的cni插件文件:
注意:必须将cni解压到/opt/cni/bin,否则nerdctl为容器映射端口时,会出现找不到cni插件的报错- root@containerd:~# nerdctl run -d -p 80:80 --name=web --restart=always nginx:latest
- FATA[0000] needs CNI plugin "bridge" to be installed in CNI_PATH ("/opt/cni/bin"), see https://github.com/con stat /opt/cni/bin/bridge: no such file or directory
验证:使用nerdctl运行一个容器
宿主机访问容器映射到宿主机80端口
以上就是关于container的介绍与安装。如果对你有帮助或有建议疑问可以评论区留言!
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作! |
