containerd
containerd是一个容器[[运行时(runtime)]]。它强调简单性、健壮性和可移植性。containerd可以在宿主机中管理完整的生命周期,包括容器镜像的传输和存储、容器的执行和管理、存储和网络等。
containerd跟[[Docker/Docker]]的区别
containerd是从Docker中分享出来的一个项目,可以作为一个底层容器运行时
K8S CRI
k8s发布了CRI(Container Runtime Interface),统一了容器运行时接口,凡是支持CRI的容器运行时,都可以做为K8S的底层容器运行时。
如果使用Docker作为K8S的容器运行时,kubelet需要先通过dockershim去调用 Docker,再由Docker去调用containerd。
如果使用containerd作为K8S的容器运行时,由于containerd内置CRI插件,kubelet可以直接调用containerd。使用containerd不仅性能提高了(调用链变短),而且资源占用也会变小(Docker不单单是一个容器运行时,它还具有大量其他功能)。
CRI安装
[[containerd#安装crictl]]
containerd的使用
containerd有三款控制命令,分别是
安装
安装ctr
如果使用包管理器安装完containerd就会自带安装,如果是二进制安装,参考containerd二进制安装,ctr包含在containerd的二进制安装包中[[containerd#安装containerd]]
安装crictl
使用wget :
VERSION="v1.24.1"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz使用curl:
VERSION="v1.24.1"
curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-${VERSION}-linux-amd64.tar.gz --output crictl-${VERSION}-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz安装nerdctl
二进制包下载地址
# mini版,只包含部分组件
tar Cxzvvf /usr/local/bin nerdctl-0.20.0-linux-amd64.tar.gz
-rwxr-xr-x root/root 26677248 2022-05-17 08:13 nerdctl
-rwxr-xr-x root/root 21562 2022-05-17 08:12 containerd-rootless-setuptool.sh
-rwxr-xr-x root/root 7032 2022-05-17 08:12 containerd-rootless.sh
# 完整版
tar Cxzvvf /usr/local nerdctl-full-0.20.0-linux-amd64.tar.gz
# 如果没有root权限,执行如下命令安装
containerd-rootless-setuptool.sh install
containerd的安装
二进制安装
安装containerd
以Linux平台为例:
wget https://github.com/containerd/containerd/releases/download/v1.6.4/cri-containerd-cni-1.6.4-linux-amd64.tar.gz
tar Cxzvf /usr/local cri-containerd-cni-1.6.4-linux-amd64.tar.gz
bin/
bin/containerd-shim-runc-v2
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress
# 系统化,使用systemd控制
wget https://github.com/containerd/containerd/blob/main/containerd.service
containerd.service /usr/local/lib/systemd/system/containerd.service
systemctl daemon-reload
systemctl enable --now containerd
containerd.service内容示例
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target安装runc
wget https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc安装CNI插件
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
包管理工具安装
CentOS
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
yum install -y yum-utils
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io docker-compose-pluginUbuntu
apt-get remove docker docker-engine docker.io containerd runc
atp-get update
apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io docker-compose-pluginDebian
apt apt remove docker docker-engine docker.io containerd runc
apt update
apt install ca-certificates curl gnupg lsb-release
# 添加官方GPG Key
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 配置stable稳定版本库,还有nightly和test两个版本,如有需要在下面进行替换即可
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
atp update
apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin从Docker环境切换到containerd
错误处理
Error: Package: containerd.io-1.6.4-3.1.el7.x86_64 (docker-ce-stable)
Requires: container-selinux >= 2:2.74
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest最后更新于