JC
2023/05/14阅读:26主题:默认主题
疯狂k8s之containerd安装与部署
疯狂k8s之containerd部署
一、前言
相信使用过docker的你们,或多或少都听说过containerd。为了让读者更加深刻,接下来简要介绍一下containerd,下面是第一段英文介绍:
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness, and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
containerd是行业标准的容器运行时(容器运行环境);强调简单、健壮性和可移植;同时适用于linux和window,可管理容器完整的生命周期等。
containerd is a member of CNCF with 'graduated' status.containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
containerd是来自CNCF组织,它主要是作为大型系统的底座,非直接给开发者或用户使用,也就是如果你的系统需要容器运行时,那么containerd可以作为底层组件去辅助你的系统。
下面是一张containerd的架构图

下面将开始其安装部署教程。
二、containerd的二进制文件安装
2.1 环境
目前教程使用的是 Linux Centos 8 环境。
2.2 下载
这是containered的github的地址:https://github.com/containerd/containerd/releases。可根据需求和系统,选择下载的版本与文件类型。
我这里选择下载最新的V1.7.1,对应路径是:https://github.com/containerd/containerd/releases/download/v1.7.1/containerd-1.7.1-linux-amd64.tar.gz。
下载的方式可下载到本地后通过远程工具上传,也可以通过命令行下载
wget https://github.com/containerd/containerd/releases/download/v1.7.1/containerd-1.7.1-linux-amd64.tar.gz
2.3 安装
通过命令对压缩包进行解压
tar xf containerd-1.7.1-linux-amd64.tar.gz
通过cp命令复制解压的bin目录到/user/local/bin
cp -r bin/* /usr/local/bin/
接下来进入bin目录实行对应操作
cd bin
通过containerd命令、创建其服务
./containerd systemd service
进行containerd的配置文件修改
cd /etc/systemd/system/
cat containerd.service
更改文件内容中ExecStart、更改为containerd的路径
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
[root@VM-12-2-centos system]# :q
bash: :q: command not found
[root@VM-12-2-centos system]# cat containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
通过:wq
保存并退出、执行命令重新加载系统服务文件
systemctl daemon-reload
接下来,需要创建containerd的配置文件。
mkdir /etc/containerd
通过命令生成配置文件、同时置于上一步创建的文件夹内
containerd config default > /etc/containerd/config.toml
修改配置文件、主要为了设置镜像源(这里可设置私有镜像源哦)
cd /etc/containerd
vi config.toml
在config.toml内,找到registry.mirrors并在该行下增加内容(需要注意替换成自己的url以及注意内容格式的缩进)
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://*******.mirror.aliyuncs.com"]
通过:wq
保存并退出、启动containerd并设为开机启动
systemctl enable containerd --now
三、runc的安装
3.1 下载安装
runc是一个CLI工具,用于根据OCI规范在Linux上生成和运行容器,github下载链接为:https://github.com/containerd/containerd/releases。
根据containerd的情况,我选择下载的是runc1.1.7、并通过命令下载
wget https://github.com/opencontainers/runc/releases/download/v1.1.7/runc.amd64
下载完毕后需要修改文件权限并移动位置
chmod +x runc.amd64
cp runc.amd64 /usr/local/bin/runc
3.2 验证
通过命令查看其用法
ctr -help
可以获得输出
COMMANDS:
plugins, plugin Provides information about containerd plugins
version Print the client and server versions
containers, c, container Manage containers
content Manage content
events, event Display containerd events
images, image, i Manage images
leases Manage leases
namespaces, namespace, ns Manage namespaces
pprof Provide golang pprof outputs for containerd
run Run a container
snapshots, snapshot Manage snapshots
tasks, t, task Manage tasks
install Install a new package
oci OCI tools
sandboxes, sandbox, sb, s Manage sandboxes
info Print the server info
shim Interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug Enable debug output in logs
--address value, -a value Address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value Total timeout for ctr commands (default: 0s)
--connect-timeout value Timeout for connecting to containerd (default: 0s)
--namespace value, -n value Namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
3.3 拉取镜像
通过命令执行拉取动作
ctr images pull docker.io/library/nginx:latest
3.4 查看镜像
通过命令执行拉取动作
ctr images ls
3.5 运行镜像
通过命令执行拉取动作
ctr run -t docker.io/library/nginx:latest
四、客户端工具的安装
4.1 下载安装
客户端工具有两种:crictl 和 nerdctl。这里推荐使用nerdctl。
nerdctl的官方github:https://github.com/containerd/nerdctl/releases
我选择下载的是v1.3.1、并通过命令下载
wget https://github.com/containerd/nerdctl/releases/download/v1.3.1/nerdctl-1.3.1-linux-amd64.tar.gz
下载完毕后,通过命令解压并复制到/usr/local/bin目录内
tar xvf nerdctl-1.3.1-linux-amd64.tar.gz
cp nerdctl /usr/local/bin
4.2 版本验证
通过命令获取版本
nerdctl version
通过命令查看用法帮助
nerdctl --help
4.3 查看镜像、容器
通过命令查看镜像
nerdctl images
4.4 拉取镜像
nerdctl pull alpine
4.5 拉取容器
五、安装网络插件
网络插件,英文Container netword interface、缩写CNI,主要作用是为容器分配IP地址网卡(由于docker已集成CNI和containerd,所以可能开发者并未察觉)。
5.1 安装部署
我选择下载的是v1.3.0、并通过命令下载
wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz
创建目录并解压到/opt/cni/bin
mkdir /opt/cni/bin -p
tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
通过命令查看CNI插件文件
ll /opt/cni/bin
通过nerdctl运行容器后,通过nerdctl container ls
可通过容器信息看到映射端口,从而通过IP+端口进行外部访问。
六、疑问
6.1 为何我的执行文件已在/usr/local/bin却提示 containerd not found?
因为环境变量未囊括/usr/local/bin,所以无法找到此命令。若想执行命令,可以建立软链接、或更改环境变量、或在bin目录下通过./命令
6.2 nerdctl与ctr的区别?
nerdctl和ctr皆是命令行工具,都可用于容器创建、停止、删除。它们的区别在于:
-
nerdctl是由containerd的开发者开发的,而ctr是由runc的开发者开发的。 -
nerdctl支持使用Dockerfile构建镜像,而ctr不支持。 -
nerdctl支持使用compose文件来定义和管理多个容器,而ctr不支持。 -
nerdctl支持在容器内运行systemd,而ctr不支持。 -
nerdctl支持使用CNI插件来配置容器网络,而ctr不支持。
基本来说,nerdctl比ctr更加强大与复杂,建议开发者多学习与了解。
七、关注我
微信搜索公众号:野区杰西
作者介绍