containerd安装

—containerd的诞生

1、2016年12月Docker公司宣布将containerd捐赠给CNCF，containerd于2017年3月份加入CNCF

2、2019年2月28日containerd成为CNCF毕业项目

3、containerd基于插件化设计，方便后续配置变更和功能扩展

containerd在 v1.0及之前将dockershim和docker daemon替换为cri-containerd + containerd

containerd在1.1版本直接将cri-containerd内置在containerd中简化为cri插件，用于实现和kubelet的对接

—containerd的结构

CRI container run time interface

CNI container network interface

containerd内置的CRI插件实现了kubelet CRI接口中的Image Service 和Runtime Service，通过内部接口管理容器和镜像，并通过CNI插件给Pod配置网络

—containerd以及其他插件的部署安装

配置containerd

#下载containerd源码 修改配置文件

[email protected]:~/containerd_install# wget https://github.com/containerd/containerd/releases/download/v1.6.9/containerd-1.6.9-linux-amd64.tar.gz
[email protected]:~/containerd_install# tar -xvf containerd-1.6.9-linux-amd64.tar.gz 
bin/
bin/ctr
bin/containerd
bin/containerd-shim
bin/containerd-stress
bin/containerd-shim-runc-v2
bin/containerd-shim-runc-v1
           

#查看help，并创建配置文件，查看containerd版本

[email protected]:~/containerd_install# cd bin/
[email protected]:~/containerd_install/bin# ./containerd --help | awk '/config value/{print}'
   --config value, -c value     path to the configuration file (default: "/etc/containerd/config.toml")
[email protected]:~/containerd_install/bin# touch /etc/containerd/config.toml
[email protected]:~/containerd_install/bin# ./containerd config default > /etc/containerd/config.toml
[email protected]:~/containerd_install/bin# ./containerd --version
containerd github.com/containerd/containerd v1.6.9 1c90a442489720eec95342e1789ee8a5e1b9536f
           

#修改镜像仓库源

[email protected]:~/containerd_install/bin# cat /etc/containerd/config.toml | grep -n sandbox_image 
61:    sandbox_image = "registry.k8s.io/pause:3.6"
           

#使用镜像加速器

[email protected]:~/containerd_install/bin# cat /etc/containerd/config.toml | grep -n mirror
154:      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
155:        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
156:          endpoint = ["https://9916w1ow.mirror.aliyuncs.com"]
           

配置runc

#下载runc并解压,查看runc版本

[email protected]:~/containerd_install# wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
[email protected]:~/containerd_install# cp runc.amd64 /usr/bin/runc
[email protected]:~/containerd_install# chmod a+x /usr/bin/runc
[email protected]:~/containerd_install# runc -v
runc version 1.1.4
commit: v1.1.4-0-g5fd4c4d1
spec: 1.0.2-dev
go: go1.17.10
libseccomp: 2.5.4
           

配置cni

#下载cni 并解压到/opt/cni/bin目录，该目录可在containerd配置文件自定义

[email protected]:~/containerd_install# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
[email protected]:~/containerd_install# mkdir -pv /opt/cni/bin/
mkdir: created directory '/opt/cni'
mkdir: created directory '/opt/cni/bin/'
[email protected]:~/containerd_install# tar xvf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
           

#查看containerd配置文件配置cni默认目录的配置

[email protected]:/opt/cni/bin# cat /etc/containerd/config.toml | grep -A 5 "cni]"
    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      conf_template = ""
      ip_pref = ""
      max_conf_num = 1
           

—使用containerd的ctr命令下载镜像，运行容器

[email protected]:/opt/cni/bin# export PATH=$PATH:/root/containerd_install/bin
c
[email protected]:/opt/cni/bin# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS 
[email protected]:/opt/cni/bin# ctr images pull docker.io/library/nginx:alpine
[email protected]:/opt/cni/bin# ctr run -t --net-host docker.io/library/nginx:alpine wuyang-test

           

—nerdctl安装，可以向使用docker一样使用nerdctl

#下载配置nerdctl

[email protected]:~/containerd_install# wget https://github.com/containerd/nerdctl/releases/download/v1.0.0/nerdctl-1.0.0-linux-amd64.tar.g
[email protected]:~/containerd_install# tar xvf nerdctl-1.0.0-linux-amd64.tar.gz -C /usr/bin/
nerdctl
containerd-rootless-setuptool.sh
containerd-rootless.sh
[email protected]:~/containerd_install# nerdctl images 
REPOSITORY    TAG       IMAGE ID        CREATED          PLATFORM       SIZE        BLOB SIZE
nginx         alpine    b433a017703c    9 minutes ago    linux/amd64    26.4 MiB    9.8 MiB
[email protected]:~/containerd_install# nerdctl ps -a
CONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS     PORTS    NAMES
wuyang-test     docker.io/library/nginx:alpine    "/docker-entrypoint.…"    5 minutes ago    Created 
           

nerdctl 运行容器并进入容器查看容器IP

[email protected]:/opt/cni/bin# nerdctl run -it -d -p 82:80 nginx:alpine
[email protected]:/opt/cni/bin# nerdctl ps
CONTAINER ID    IMAGE                             COMMAND                   CREATED          STATUS    PORTS                 NAMES
a86393b99747    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    3 minutes ago    Up        0.0.0.0:82->80/tcp    nginx-a8639
[email protected]:/opt/cni/bin# nerdctl exec -it a863 sh
/ # ifconfig | grep "Bcast"
          inet addr:10.4.0.2  Bcast:10.4.0.255  Mask:255.255.255.0
           

访问容器中的nginx主页

—containerd和docker

containerd相比docker多了一个命名空间的概念 ctr命令默认实在default命名空间，在使用nerdctl命令时，却是在k8s.io命名空间里