再见Docker！Containerd安装与使用

Containerd 的技术方向和目标

• 简洁的基于 gRPC 的 API 和 client library
  
• 完整的 OCI 支持(runtime 和 image spec)
  
• 同时具备稳定性和高性能的定义良好的容器核心功能
  
• 一个解耦的系统(让 image、filesystem、runtime 解耦合)，实现插件式的扩展和重用
  

 
  为什么需要独立的 containerd：

• 以往隶属于docker项目中，现如今从整体 docker 引擎中分离出的项目(开源项目的思路)
  
• 可以被 Kubernets CRI 等项目使用(通用化)
  
• 为广泛的行业合作打下基础(就像 runC 一样)
  

 
  containerd的架构设计图：

 
 
安装containerd

       验证仓库版本：

1. root@containerd:~# apt-cache madison containerd

复制代码

  ubuntu在线仓库版本不是最新，可以使用github仓库中的新版本，使用二进制方式部署
下载二进制安装包
       github链接地址：https://github.com/containerd/containerd/releases
      
       选择64位x86架构系统安装包


   上传安装包到服务器并开始解压安装


 
  解压缩并将containerd执行文件放入系统默认命令路径下

1. root@containerd:/tools# tar xf containerd-1.6.6-linux-amd64.tar.gz
2. root@containerd:/tools# cp -r bin/* /usr/local/bin/

复制代码

 创建containerd systemd service启动管理文件：
      修改ExecStart=/usr/local/bin/containerd为当前containerd文件路径

1. root@containerd:/tools# cd /etc/systemd/system/
2. root@containerd:/etc/systemd/system# cat containerd.service
3. # Copyright The containerd Authors.
4. #
5. # Licensed under the Apache License, Version 2.0 (the "License");
6. # you may not use this file except in compliance with the License.
7. # You may obtain a copy of the License at
8. #
9. #     http://www.apache.org/licenses/LICENSE-2.0
10. #
11. # Unless required by applicable law or agreed to in writing, software
12. # distributed under the License is distributed on an "AS IS" BASIS,
13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14. # See the License for the specific language governing permissions and
15. # limitations under the License.
17. [Unit]
18. Description=containerd container runtime
19. Documentation=https://containerd.io
20. After=network.target local-fs.target
22. [Service]
23. ExecStartPre=-/sbin/modprobe overlay
24. ExecStart=/usr/local/bin/containerd
26. Type=notify
27. Delegate=yes
28. KillMode=process
29. Restart=always
30. RestartSec=5
31. # Having non-zero Limit*s causes performance problems due to accounting overhead
32. # in the kernel. We recommend using cgroups to do container-local accounting.
33. LimitNPROC=infinity
34. LimitCORE=infinity
35. LimitNOFILE=infinity
36. # Comment TasksMax if your systemd version does not supports it.
37. # Only systemd 226 and above support this version.
38. TasksMax=infinity
39. OOMScoreAdjust=-999
41. [Install]
42. WantedBy=multi-user.target

复制代码

 
  重新加载系统管理服务文件

1. root@containerd:/etc/systemd/system# systemctl daemon-reload

复制代码

 
  创建配置文件

1. root@containerd:/etc/systemd/system# mkdir /etc/containerd

复制代码

  
  生成模板配置文件

1. root@containerd:/etc/systemd/system# containerd config default > /etc/containerd/config.toml

复制代码

 
  修改配置文件

1. root@containerd:/etc/systemd/system# cd /etc/containerd/
2. root@containerd:/etc/containerd# vim config.toml

复制代码

  vim下搜索/mirrors，添加镜像加速，使用docker镜像源即可，上下级配置，缩进两个空格。

1.    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
2.         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
3.           endpoint = ["https://dxc7f1d6.mirror.aliyuncs.com"]

复制代码

  
  如果是从docker.io下载进行，则使用endpoint配置的镜像站点加速下载


 
  启动containerd并设置开机自启动

1. root@containerd:/etc/containerd# systemctl enable containerd --now

复制代码

 
 

安装runc

  github下载链接：https://github.com/opencontainers/runc/releases

 
  下载最新版本


 
       上传到服务器

 

1. root@containerd:/tools# chmod +x runc.amd64
2. root@containerd:/tools# cp runc.amd64 /usr/local/bin/runc

复制代码

 
 
 验证使用containerd
  containerd是ctrl工具在服务器上创建、管理和使用容器

1. root@containerd:~# ctr --help
2. NAME:
3.    ctr -
4.         __
5.   _____/ /______
6. / ___/ __/ ___/
7. / /__/ /_/ /
8. \___/\__/_/
10. containerd CLI
13. USAGE:
14.    ctr [global options] command [command options] [arguments...]
16. VERSION:
17.    v1.6.6
19. DESCRIPTION:
20.    
21. ctr is an unsupported debug and administrative client for interacting
22. with the containerd daemon. Because it is unsupported, the commands,
23. options, and operations are not guaranteed to be backward compatible or
24. stable from release to release of the containerd project.
26. COMMANDS:
27.    plugins, plugin            provides information about containerd plugins
28.    version                    print the client and server versions
29.    containers, c, container   manage containers
30.    content                    manage content
31.    events, event              display containerd events
32.    images, image, i           manage images
33.    leases                     manage leases
34.    namespaces, namespace, ns  manage namespaces
35.    pprof                      provide golang pprof outputs for containerd
36.    run                        run a container
37.    snapshots, snapshot        manage snapshots
38.    tasks, t, task             manage tasks
39.    install                    install a new package
40.    oci                        OCI tools
41.    shim                       interact with a shim directly
42.    help, h                    Shows a list of commands or help for one command
44. GLOBAL OPTIONS:
45.    --debug                      enable debug output in logs
46.    --address value, -a value    address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
47.    --timeout value              total timeout for ctr commands (default: 0s)
48.    --connect-timeout value      timeout for connecting to containerd (default: 0s)
49.    --namespace value, -n value  namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
50.    --help, -h                   show help
51.    --version, -v                print the version

复制代码

  
  拉取镜像
         与docker区别在于拉取官方镜像必须指定镜像的完整名称包括镜像仓库地址

1. root@containerd:~# ctr images pull docker.io/library/nginx:latest

复制代码

  
查看本地的镜像

1. root@containerd:~# ctr images ls

复制代码

 
  运行容器

1. root@containerd:~# ctr run -t  docker.io/library/nginx:latest container1 bash

复制代码

 

container客户端工具

  客户端工具有两种，分别是crictl和nerdctl
       推荐使用nerdctl，使用效果与docker命令的语法一致
       github下载链接：https://github.com/containerd/nerdctl/releases
  下载安装nerdctl


  
  解压安装nerdctl
  
 
  
  拷贝nerdctl到系统二进制命令路径下

1. root@containerd:/tools# cp nerdctl /usr/local/bin/

复制代码

 
  
  验证版本


  
  
  查看nerdctl使用帮助，与docker客户端工具使用方法基本一致

1. root@containerd:~# nerdctl --help
2. nerdctl is a command line interface for containerd
4. Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml
6. Usage:
7.   nerdctl [flags]
8.   nerdctl [command]
9. Management commands:
10.   apparmor    Manage AppArmor profiles
11.   builder     Manage builds
12.   container   Manage containers
13.   image       Manage images
14.   ipfs        Distributing images on IPFS
15.   namespace   Manage containerd namespaces
16.   network     Manage networks
17.   system      Manage containerd
18.   volume      Manage volumes
19. Commands:
20.   build       Build an image from a Dockerfile. Needs buildkitd to be running.
21.   commit      Create a new image from a container's changes
22.   completion  Generate the autocompletion script for the specified shell
23.   compose     Compose
24.   cp          Copy files/folders between a running container and the local filesystem.
25.   create      Create a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
26.   events      Get real time events from the server
27.   exec        Run a command in a running container
28.   help        Help about any command
29.   history     Show the history of an image
30.   images      List images
31.   info        Display system-wide information
32.   inspect     Return low-level information on objects.
33.   kill        Kill one or more running containers
34.   load        Load an image from a tar archive or STDIN
35.   login       Log in to a Docker registry
36.   logout      Log out from a Docker registry
37.   logs        Fetch the logs of a container. Currently, only containers created with `nerdctl run -d` are supported.
38.   pause       Pause all processes within one or more containers
39.   port        List port mappings or a specific mapping for the container
40.   ps          List containers
41.   pull        Pull an image from a registry. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
42.   push        Push an image or a repository to a registry. Optionally specify "ipfs://" or "ipns://" scheme to push image to IPFS.
43.   rename      rename a container
44.   restart     Restart one or more running containers
45.   rm          Remove one or more containers
46.   rmi         Remove one or more images
47.   run         Run a command in a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
48.   save        Save one or more images to a tar archive (streamed to STDOUT by default)
49.   start       Start one or more running containers
50.   stats       Display a live stream of container(s) resource usage statistics.
51.   stop        Stop one or more running containers
52.   tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
53.   top         Display the running processes of a container
54.   unpause     Unpause all processes within one or more containers
55.   update      Update one or more running containers
56.   version     Show the nerdctl version information
57.   wait        Block until one or more containers stop, then print their exit codes.
58. Flags:
59.   -H, --H string                 Alias of --address (default "/run/containerd/containerd.sock")
60.   -a, --a string                 Alias of --address (default "/run/containerd/containerd.sock")
61.       --address string           containerd address, optionally with "unix://" prefix [$CONTAINERD_ADDRESS] (default "/run/containerd/containerd.sock")
62.       --cgroup-manager string    Cgroup manager to use ("cgroupfs"|"systemd") (default "cgroupfs")
63.       --cni-netconfpath string   cni config directory [$NETCONFPATH] (default "/etc/cni/net.d")
64.       --cni-path string          cni plugins binary directory [$CNI_PATH] (default "/opt/cni/bin")
65.       --data-root string         Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default "/var/lib/nerdctl")
66.       --debug                    debug mode
67.       --debug-full               debug mode (with full output)
68.   -h, --help                     help for nerdctl
69.       --host string              Alias of --address (default "/run/containerd/containerd.sock")
70.       --hosts-dir strings        A directory that contains <HOST:PORT>/hosts.toml (containerd style) or <HOST:PORT>/{ca.cert, cert.pem, key.pem} (docker style) (default [/etc/containerd/certs.d,/etc/docker/certs.d])
71.       --insecure-registry        skips verifying HTTPS certs, and allows falling back to plain HTTP
72.   -n, --n string                 Alias of --namespace (default "default")
73.       --namespace string         containerd namespace, such as "moby" for Docker, "k8s.io" for Kubernetes [$CONTAINERD_NAMESPACE] (default "default")
74.       --snapshotter string       containerd snapshotter [$CONTAINERD_SNAPSHOTTER] (default "overlayfs")
75.       --storage-driver string    Alias of --snapshotter (default "overlayfs")
76.   -v, --version                  version for nerdctl
77. Use "nerdctl [command] --help" for more information about a command.

复制代码

 
  
  查看镜像、容器：
  
 
  拉取镜像：

 

安装cni网络插件


  CNI：Container network interface容器网络接口，为容器分配ip地址网卡等
       github链接： 

1. https://github.com/containernetworking/plugins/releases

复制代码

  
 
  
  下载安装cni，并解压到/usr/local/cni/bin目录下

1. root@containerd:/tools# mkdir /opt/cni/bin -p       
2. root@containerd:/tools# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/

复制代码

 
  
  查看解压后的cni插件文件：
  

  
  注意：必须将cni解压到/opt/cni/bin，否则nerdctl为容器映射端口时，会出现找不到cni插件的报错

1. root@containerd:~# nerdctl run -d -p 80:80 --name=web --restart=always nginx:latest
2. FATA[0000] needs CNI plugin "bridge" to be installed in CNI_PATH ("/opt/cni/bin"), see https://github.com/con stat /opt/cni/bin/bridge: no such file or directory

复制代码

  
  
  验证：使用nerdctl运行一个容器

 
  
  宿主机访问容器映射到宿主机80端口

  

  
  以上就是关于container的介绍与安装。如果对你有帮助或有建议疑问可以评论区留言！


免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！