安装containerd
apt/yum安装
#验证仓库版本
[root@k8s-node3 ~]#apt-cache madison containerd
containerd | 1.7.12-0ubuntu2~22.04.1 | https://mirrors.aliyun.com/ubuntu jammy-updates/main amd64 Packages
containerd | 1.6.12-0ubuntu1~22.04.3 | https://mirrors.aliyun.com/ubuntu jammy-security/main amd64 Packages
containerd | 1.5.9-0ubuntu3 | https://mirrors.aliyun.com/ubuntu jammy/main amd64 Packages
containerd | 1.5.9-0ubuntu3 | https://mirrors.aliyun.com/ubuntu jammy/main Sources
containerd | 1.6.12-0ubuntu1~22.04.6 | https://mirrors.aliyun.com/ubuntu jammy-security/main Sources
containerd | 1.6.12-0ubuntu1~22.04.6 | https://mirrors.aliyun.com/ubuntu jammy-updates/main Sources
containerd-app | 1.7.12-0ubuntu2~22.04.1 | https://mirrors.aliyun.com/ubuntu jammy-updates/universe Sources
#安装containerd:
[root@k8s-node3 apt]#apt -y install containerd=1.6.12-0ubuntu1~22.04.3
#查看service⽂件:
[root@k8s-node3 ~]#cat /lib/systemd/system/containerd.service
#验证runc环境:
root@containerd-server1:~# whereis runc
runc: /usr/sbin/runc /usr/share/man/man8/runc.8.gz
root@containerd-server1:~#
root@containerd-server1:~# whereis containerd
containerd: /usr/bin/containerd /usr/share/man/man8/containerd.8.gz
root@containerd-server1:~#
root@containerd-server1:~# runc -v
runc version 1.1.12-0ubuntu2~22.04.1
spec: 1.0.2-dev
go: go1.21.1
libseccomp: 2.5.3
[root@k8s-node3 ~]#containerd -v
containerd github.com/containerd/containerd 1.6.12-0ubuntu1~22.04.3
#containerd配置⽂件:
root@containerd-server1:~# containerd --help
root@containerd-server1:~# containerd config --help
root@containerd-server1:~# containerd config default #查看默认配置
root@containerd-server1:~# mkdir /etc/containerd/
root@containerd-server1:~# containerd config default > /etc/containerd/config.toml
root@containerd-server1:~# systemctl restart containerd.servicecontainerd配置⽂件:
#containerd 下载镜像的路径(可替换成能下载的镜像)
[root@k8s-node3 ~]#vim /etc/containerd/config.toml
sandbox_image = "registry.k8s.io/pause:3.6"
(国内阿里云)
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9
#重启镜像
[root@k8s-node3 ~]#systemctl restart containerd.service
#通过命令⾏测试下载镜像:
containerd的命令⾏客户端有ctr、crictl、nerdctl等,containerd相⽐docker多了⼀个命名空间的逻辑概念,⾃身
的命令⾏客户端ctr命令默认是在default命名空间⾥、nerdctl也是在default,当使⽤crictl命令的时候,是在k8s.io
这个命名空间,⽽k8s的创建的pod也是在k8s.io命名空间,因此在使⽤nerdctl管理kubernetes环境的pod的时候
要指定命名空间为k8s.io,否则看不到kubernetes环境中的pod。
root@containerd-server1:~# ctr images pull docker.io/library/alpine:latest
#验证镜像:
root@containerd-server1:~# ctr images ls
#ctr客户端创建测试容器:
运⾏容器并使⽤宿主机⽹络:
root@containerd-server1:~# ctr run -t --net-host docker.io/library/alpine:latest testcontainer sh
⼆进制安装containerd
通过官⽅⼆进制安装containerd、runc及CNI,kubernetes从 v1.24.0开始默认使⽤containerd作为容器运⾏时,因 此需要提前安装好containerd之后在安装v1.24或更⾼版本的kubernetes(如果要继续使⽤docker,则需要单独安装 docker及cri-dockerd、GitHub - Mirantis/cri-dockerd: dockerd as a compliant Container Runtime Interface for Kubernetesdockerd as a compliant Container Runtime Interface for Kubernetes - Mirantis/cri-dockerdhttps://github.com/Mirantis/cri-dockerd
#下载containerd⼆进制并创建service⽂件:
root@containerd-server1:/usr/local/src# wget https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz
root@containerd-server1:/usr/local/src# tar xvf containerd-1.6.20-linux-amd64.tar.gz
bin/
bin/containerd-shim
bin/containerd-shim-runc-v1
bin/containerd-stress
bin/containerd
bin/ctr
bin/containerd-shim-runc-v2
#copy⼆进制
root@containerd-server1:/usr/local/src# cp bin/* /usr/local/bin/
#验证containerd执⾏结果
root@containerd-server1:/usr/local/src# containerd -v
containerd github.com/containerd/containerd v1.6.20
2806fc1057397dbaeefbea0e4e17bddfbd388f38
#创建service⽂件
root@containerd-server1:/usr/local/src# vim /lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/usr/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
#编辑配置⽂件:
root@containerd-server1:~# mkdir /etc/containerd
root@containerd-server1:~# containerd config default > /etc/containerd/config.toml
root@containerd-server1:~# vim /etc/containerd/config.toml
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9" #61
[plugins."io.containerd.grpc.v1.cri".registry.mirrors] #153
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] #154
endpoint = ["https://9916w1ow.mirror.aliyuncs.com"] #155
root@containerd-server1:~# systemctl restart containerd && systemctl enable containerd
#部署runc:
root@containerd-server1:~# wget
https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64
root@containerd-server1:~# chmod a+x runc.amd64
root@containerd-server1:~# mv runc.amd64 /usr/bin/runc
#下载测试镜像并验证
root@containerd-server1:~# ctr images pull docker.io/library/alpine:latest
root@containerd-server1:~# ctr images ls
root@containerd-server1:~# ctr -n k8s.io images ls #指定namespaces
#ctr客户端创建测试容器:
root@containerd-server1:~# ctr run -t --net-host docker.io/library/alpine:latest test-container sh
containerd客户端⼯具扩展
安装nerdctl
root@containerd-server1:~# wget
https://github.com/containerd/nerdctl/releases/download/v1.3.0/nerdctl-1.3.0-linux-amd64.tar.gz
root@containerd-server1:~# tar xvf nerdctl-1.3.0-linux-amd64.tar.gz -C /usr/local/bin/
root@containerd-server1:~# nerdctl version
Client:
Version: v1.3.0
OS/Arch: linux/amd64
Git commit: c6ddd63dea9aa438fdb0587c0d3d9ae61a60523e
buildctl:
Version:
Server:
containerd:
Version: v1.6.20
GitCommit: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
runc:
Version: 1.1.5
GitCommit: v1.1.5-0-gf19387a6
nerdctl配置⽂件
root@containerd-server1:~# mkdir /etc/nerdctl/
root@containerd-server1:~# vim /etc/nerdctl/nerdctl.toml
namespace = "k8s.io"
debug = false
debug_full = false
insecure_registry = true
安装CNI:
root@containerd-server1:~# wget
https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
root@containerd-server1:~# mkdir /opt/cni/bin -p #保存cni插件的路径
root@containerd-server1:~# tar xvf cni-plugins-linux-amd64-v1.2.0.tgz -C
/opt/cni/bin/
./
./loopback
./bandwidth
./ptp
./vlan
./host-device
./tuning
./vrf
./sbr
./dhcp
./static
./firewall
./macvlan
./dummy
./bridge
./ipvlan
./portmap
./host-local
创建Nginx测试容器并指定端⼝:
创建容器并制定端⼝
root@containerd-server1:~# nerdctl run -d -p 80:80 --name=nginx-web1 --restart=always
nginx:1.20.2
root@containerd-server1:~# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
936a48ea2c54 docker.io/library/nginx:latest "/docker-entrypoint.…" 36 seconds
ago Up 0.0.0.0:80->80/tcp nginx-web1
root@containerd-server1:~# nerdctl exec -it 936a48ea2c54 bash
root@936a48ea2c54:/#
创建Tomcat测试容器并指定端⼝:
root@containerd-server1:~# nerdctl run -d -p 8080:8080 --name=tomcat-web1 --restart=always tomcat:7.0.88-alpine
[root@k8s-node3 ~]#nerdctl exec -it tomcat-web1 bash
bash-4.2# pwd
/usr/local/tomcat
bash-4.2# ls
BUILDING.txt NOTICE RUNNING.txt lib temp work
CONTRIBUTING.md README.md bin logs webapps
LICENSE RELEASE-NOTES conf native-jni-lib webapps.dist
bash-4.2# cd webapps
bash-4.2# mkdir app1
bash-4.2# echo "app1 `date +%T`" > app1/index.jsp
bash-4.2# ls app1/index.jsp
app1/index.jsp
bash-4.2# exit
创建MySQL测试容器并指定端⼝:
root@containerd-server1:~#nerdctl run -t -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=MySQL127336 -d mysql:5.6.39
[root@k8s-node3 ~]#nerdctl exec -it m1 bash
root@ee97a3d11251:/# mysql -uroot -p123456
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.44 MySQL Community Server (GPL)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
标签:进阶,kubernetes,containerd,server1,nerdctl,runc,com,root From: https://blog.csdn.net/weixin_74814027/article/details/143636329