containerd安裝

—containerd的誕生

1、2016年12月Docker公司宣布将containerd捐贈給CNCF，containerd于2017年3月份加入CNCF

2、2019年2月28日containerd成為CNCF畢業項目

3、containerd基于插件化設計，友善後續配置變更和功能擴充

containerd在 v1.0及之前将dockershim和docker daemon替換為cri-containerd + containerd

containerd在1.1版本直接将cri-containerd内置在containerd中簡化為cri插件，用于實作和kubelet的對接

—containerd的結構

CRI container run time interface

CNI container network interface

containerd内置的CRI插件實作了kubelet CRI接口中的Image Service 和Runtime Service，通過内部接口管理容器和鏡像，并通過CNI插件給Pod配置網絡

—containerd以及其他插件的部署安裝

配置containerd

#下載下傳containerd源碼 修改配置檔案

[email protected]:~/containerd_install# wget https://github.com/containerd/containerd/releases/download/v1.6.9/containerd-1.6.9-linux-amd64.tar.gz
[email protected]:~/containerd_install# tar -xvf containerd-1.6.9-linux-amd64.tar.gz 
bin/
bin/ctr
bin/containerd
bin/containerd-shim
bin/containerd-stress
bin/containerd-shim-runc-v2
bin/containerd-shim-runc-v1
           

#檢視help，并建立配置檔案，檢視containerd版本

[email protected]:~/containerd_install# cd bin/
[email protected]:~/containerd_install/bin# ./containerd --help | awk '/config value/{print}'
   --config value, -c value     path to the configuration file (default: "/etc/containerd/config.toml")
[email protected]:~/containerd_install/bin# touch /etc/containerd/config.toml
[email protected]:~/containerd_install/bin# ./containerd config default > /etc/containerd/config.toml
[email protected]:~/containerd_install/bin# ./containerd --version
containerd github.com/containerd/containerd v1.6.9 1c90a442489720eec95342e1789ee8a5e1b9536f
           

#修改鏡像倉庫源

[email protected]:~/containerd_install/bin# cat /etc/containerd/config.toml | grep -n sandbox_image 
61:    sandbox_image = "registry.k8s.io/pause:3.6"
           

#使用鏡像加速器

[email protected]:~/containerd_install/bin# cat /etc/containerd/config.toml | grep -n mirror
154:      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
155:        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
156:          endpoint = ["https://9916w1ow.mirror.aliyuncs.com"]
           

配置runc

#下載下傳runc并解壓,檢視runc版本

[email protected]:~/containerd_install# wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
[email protected]:~/containerd_install# cp runc.amd64 /usr/bin/runc
[email protected]:~/containerd_install# chmod a+x /usr/bin/runc
[email protected]:~/containerd_install# runc -v
runc version 1.1.4
commit: v1.1.4-0-g5fd4c4d1
spec: 1.0.2-dev
go: go1.17.10
libseccomp: 2.5.4
           

配置cni

#下載下傳cni 并解壓到/opt/cni/bin目錄，該目錄可在containerd配置檔案自定義

[email protected]:~/containerd_install# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
[email protected]:~/containerd_install# mkdir -pv /opt/cni/bin/
mkdir: created directory '/opt/cni'
mkdir: created directory '/opt/cni/bin/'
[email protected]:~/containerd_install# tar xvf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
           

#檢視containerd配置檔案配置cni預設目錄的配置

[email protected]:/opt/cni/bin# cat /etc/containerd/config.toml | grep -A 5 "cni]"
    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      conf_template = ""
      ip_pref = ""
      max_conf_num = 1
           

—使用containerd的ctr指令下載下傳鏡像，運作容器

[email protected]:/opt/cni/bin# export PATH=$PATH:/root/containerd_install/bin
c
[email protected]:/opt/cni/bin# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS 
[email protected]:/opt/cni/bin# ctr images pull docker.io/library/nginx:alpine
[email protected]:/opt/cni/bin# ctr run -t --net-host docker.io/library/nginx:alpine wuyang-test

           

—nerdctl安裝，可以向使用docker一樣使用nerdctl

#下載下傳配置nerdctl

[email protected]:~/containerd_install# wget https://github.com/containerd/nerdctl/releases/download/v1.0.0/nerdctl-1.0.0-linux-amd64.tar.g
[email protected]:~/containerd_install# tar xvf nerdctl-1.0.0-linux-amd64.tar.gz -C /usr/bin/
nerdctl
containerd-rootless-setuptool.sh
containerd-rootless.sh
[email protected]:~/containerd_install# nerdctl images 
REPOSITORY    TAG       IMAGE ID        CREATED          PLATFORM       SIZE        BLOB SIZE
nginx         alpine    b433a017703c    9 minutes ago    linux/amd64    26.4 MiB    9.8 MiB
[email protected]:~/containerd_install# nerdctl ps -a
CONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS     PORTS    NAMES
wuyang-test     docker.io/library/nginx:alpine    "/docker-entrypoint.…"    5 minutes ago    Created 
           

nerdctl 運作容器并進入容器檢視容器IP

[email protected]:/opt/cni/bin# nerdctl run -it -d -p 82:80 nginx:alpine
[email protected]:/opt/cni/bin# nerdctl ps
CONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS    PORTS                 NAMES
a86393b99747    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    3 minutes ago    Up        0.0.0.0:82->80/tcp    nginx-a8639
[email protected]:/opt/cni/bin# nerdctl exec -it a863 sh
/ # ifconfig | grep "Bcast"
          inet addr:10.4.0.2  Bcast:10.4.0.255  Mask:255.255.255.0
           

通路容器中的nginx首頁

—containerd和docker

containerd相比docker多了一個命名空間的概念 ctr指令預設實在default命名空間，在使用nerdctl指令時，卻是在k8s.io命名空間裡