首页 > 其他分享 >【模块一】kubernetes容器编排进阶实战之containerd安装及nerdctl客户端⼯具

【模块一】kubernetes容器编排进阶实战之containerd安装及nerdctl客户端⼯具

时间:2024-11-09 10:18:09浏览次数:3  
标签:进阶 kubernetes containerd server1 nerdctl runc com root

安装containerd

apt/yum安装

#验证仓库版本
[root@k8s-node3 ~]#apt-cache madison containerd
containerd | 1.7.12-0ubuntu2~22.04.1 | https://mirrors.aliyun.com/ubuntu jammy-updates/main amd64 Packages
containerd | 1.6.12-0ubuntu1~22.04.3 | https://mirrors.aliyun.com/ubuntu jammy-security/main amd64 Packages
containerd | 1.5.9-0ubuntu3 | https://mirrors.aliyun.com/ubuntu jammy/main amd64 Packages
containerd | 1.5.9-0ubuntu3 | https://mirrors.aliyun.com/ubuntu jammy/main Sources
containerd | 1.6.12-0ubuntu1~22.04.6 | https://mirrors.aliyun.com/ubuntu jammy-security/main Sources
containerd | 1.6.12-0ubuntu1~22.04.6 | https://mirrors.aliyun.com/ubuntu jammy-updates/main Sources
containerd-app | 1.7.12-0ubuntu2~22.04.1 | https://mirrors.aliyun.com/ubuntu jammy-updates/universe Sources

#安装containerd:
[root@k8s-node3 apt]#apt -y install containerd=1.6.12-0ubuntu1~22.04.3

#查看service⽂件:
[root@k8s-node3 ~]#cat /lib/systemd/system/containerd.service 

#验证runc环境:
root@containerd-server1:~# whereis runc
runc: /usr/sbin/runc /usr/share/man/man8/runc.8.gz
root@containerd-server1:~#
root@containerd-server1:~# whereis containerd
containerd: /usr/bin/containerd /usr/share/man/man8/containerd.8.gz
root@containerd-server1:~#
root@containerd-server1:~# runc -v
runc version 1.1.12-0ubuntu2~22.04.1
spec: 1.0.2-dev
go: go1.21.1
libseccomp: 2.5.3

[root@k8s-node3 ~]#containerd -v
containerd github.com/containerd/containerd 1.6.12-0ubuntu1~22.04.3 


#containerd配置⽂件:
root@containerd-server1:~# containerd --help
root@containerd-server1:~# containerd config --help
root@containerd-server1:~# containerd config default #查看默认配置
root@containerd-server1:~# mkdir /etc/containerd/
root@containerd-server1:~# containerd config default > /etc/containerd/config.toml
root@containerd-server1:~# systemctl restart containerd.servicecontainerd配置⽂件:

#containerd 下载镜像的路径(可替换成能下载的镜像)
[root@k8s-node3 ~]#vim /etc/containerd/config.toml 
    sandbox_image = "registry.k8s.io/pause:3.6"

(国内阿里云)  
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9

#重启镜像
[root@k8s-node3 ~]#systemctl restart containerd.service 

#通过命令⾏测试下载镜像:
containerd的命令⾏客户端有ctr、crictl、nerdctl等,containerd相⽐docker多了⼀个命名空间的逻辑概念,⾃身
的命令⾏客户端ctr命令默认是在default命名空间⾥、nerdctl也是在default,当使⽤crictl命令的时候,是在k8s.io
这个命名空间,⽽k8s的创建的pod也是在k8s.io命名空间,因此在使⽤nerdctl管理kubernetes环境的pod的时候
要指定命名空间为k8s.io,否则看不到kubernetes环境中的pod。

root@containerd-server1:~# ctr images pull docker.io/library/alpine:latest

#验证镜像:
root@containerd-server1:~# ctr images ls

#ctr客户端创建测试容器:
运⾏容器并使⽤宿主机⽹络:
root@containerd-server1:~# ctr run -t --net-host docker.io/library/alpine:latest testcontainer sh

⼆进制安装containerd

通过官⽅⼆进制安装containerd、runc及CNI,kubernetes从 v1.24.0开始默认使⽤containerd作为容器运⾏时,因 此需要提前安装好containerd之后在安装v1.24或更⾼版本的kubernetes(如果要继续使⽤docker,则需要单独安装 docker及cri-dockerd、GitHub - Mirantis/cri-dockerd: dockerd as a compliant Container Runtime Interface for Kubernetesdockerd as a compliant Container Runtime Interface for Kubernetes - Mirantis/cri-dockerdicon-default.png?t=O83Ahttps://github.com/Mirantis/cri-dockerd

#下载containerd⼆进制并创建service⽂件:

root@containerd-server1:/usr/local/src# wget https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz
root@containerd-server1:/usr/local/src# tar xvf containerd-1.6.20-linux-amd64.tar.gz
bin/
bin/containerd-shim
bin/containerd-shim-runc-v1
bin/containerd-stress
bin/containerd
bin/ctr
bin/containerd-shim-runc-v2
#copy⼆进制
root@containerd-server1:/usr/local/src# cp bin/* /usr/local/bin/
#验证containerd执⾏结果
root@containerd-server1:/usr/local/src# containerd -v
containerd github.com/containerd/containerd v1.6.20
2806fc1057397dbaeefbea0e4e17bddfbd388f38
#创建service⽂件
root@containerd-server1:/usr/local/src# vim /lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/usr/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify

Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target

#编辑配置⽂件:
root@containerd-server1:~# mkdir /etc/containerd
root@containerd-server1:~# containerd config default > /etc/containerd/config.toml
root@containerd-server1:~# vim /etc/containerd/config.toml
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9" #61
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors] #153
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] #154
 endpoint = ["https://9916w1ow.mirror.aliyuncs.com"] #155
 
root@containerd-server1:~# systemctl restart containerd && systemctl enable containerd

#部署runc:
root@containerd-server1:~# wget
https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64
root@containerd-server1:~# chmod a+x runc.amd64
root@containerd-server1:~# mv runc.amd64 /usr/bin/runc

#下载测试镜像并验证
root@containerd-server1:~# ctr images pull docker.io/library/alpine:latest
root@containerd-server1:~# ctr images ls
root@containerd-server1:~# ctr -n k8s.io images ls #指定namespaces

#ctr客户端创建测试容器:
root@containerd-server1:~# ctr run -t --net-host docker.io/library/alpine:latest test-container sh

containerd客户端⼯具扩展

GitHub - containerd/nerdctl: contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ... - containerd/nerdctlicon-default.png?t=O83Ahttps://github.com/containerd/nerdctl

安装nerdctl

root@containerd-server1:~# wget
https://github.com/containerd/nerdctl/releases/download/v1.3.0/nerdctl-1.3.0-linux-amd64.tar.gz
root@containerd-server1:~# tar xvf nerdctl-1.3.0-linux-amd64.tar.gz -C /usr/local/bin/
root@containerd-server1:~# nerdctl version
Client:
 Version: v1.3.0
 OS/Arch: linux/amd64
 Git commit: c6ddd63dea9aa438fdb0587c0d3d9ae61a60523e
 buildctl:
 Version:
Server:
 containerd:
 Version: v1.6.20
 GitCommit: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc:
 Version: 1.1.5
 GitCommit: v1.1.5-0-gf19387a6

nerdctl配置⽂件

root@containerd-server1:~# mkdir /etc/nerdctl/
root@containerd-server1:~# vim /etc/nerdctl/nerdctl.toml
namespace = "k8s.io"
debug = false
debug_full = false
insecure_registry = true

安装CNI:

root@containerd-server1:~# wget
https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
root@containerd-server1:~# mkdir /opt/cni/bin -p #保存cni插件的路径
root@containerd-server1:~# tar xvf cni-plugins-linux-amd64-v1.2.0.tgz -C 
/opt/cni/bin/
./
./loopback
./bandwidth
./ptp
./vlan
./host-device
./tuning
./vrf
./sbr
./dhcp
./static
./firewall
./macvlan
./dummy
./bridge
./ipvlan
./portmap
./host-local

创建Nginx测试容器并指定端⼝:

创建容器并制定端⼝
root@containerd-server1:~# nerdctl run -d -p 80:80 --name=nginx-web1 --restart=always
nginx:1.20.2
root@containerd-server1:~# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED 
 STATUS PORTS NAMES
936a48ea2c54 docker.io/library/nginx:latest "/docker-entrypoint.…" 36 seconds
ago Up 0.0.0.0:80->80/tcp nginx-web1
root@containerd-server1:~# nerdctl exec -it 936a48ea2c54 bash
root@936a48ea2c54:/#

创建Tomcat测试容器并指定端⼝:

root@containerd-server1:~# nerdctl run -d -p 8080:8080 --name=tomcat-web1 --restart=always tomcat:7.0.88-alpine

[root@k8s-node3 ~]#nerdctl exec -it tomcat-web1 bash
bash-4.2# pwd
/usr/local/tomcat
bash-4.2# ls
BUILDING.txt	 NOTICE		RUNNING.txt  lib	     temp	   work
CONTRIBUTING.md  README.md	bin	     logs	     webapps
LICENSE		 RELEASE-NOTES	conf	     native-jni-lib  webapps.dist
bash-4.2# cd webapps
bash-4.2# mkdir app1                                                                                                             
bash-4.2# echo "app1 `date +%T`" > app1/index.jsp
bash-4.2# ls app1/index.jsp
app1/index.jsp
bash-4.2# exit

创建MySQL测试容器并指定端⼝:

 root@containerd-server1:~#nerdctl run -t -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=MySQL127336 -d mysql:5.6.39
 
 
[root@k8s-node3 ~]#nerdctl exec -it m1 bash
root@ee97a3d11251:/# mysql -uroot -p123456
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.44 MySQL Community Server (GPL)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 

 

 

 

 

 

 

标签:进阶,kubernetes,containerd,server1,nerdctl,runc,com,root
From: https://blog.csdn.net/weixin_74814027/article/details/143636329

相关文章

  • 鸿蒙开发进阶(HarmonyOS )账号密码自动填充
     鸿蒙NEXT开发实战往期必看文章:一分钟了解”纯血版!鸿蒙HarmonyOSNext应用开发!“非常详细的”鸿蒙HarmonyOSNext应用开发学习路线!(从零基础入门到精通)HarmonyOSNEXT应用开发案例实践总结合(持续更新......)HarmonyOSNEXT应用开发性能优化实践总结(持续更新......)密码保......
  • 鸿蒙开发进阶(HarmonyOS)录像实现方案(ArkTS)
     鸿蒙NEXT开发实战往期必看文章:一分钟了解”纯血版!鸿蒙HarmonyOSNext应用开发!“非常详细的”鸿蒙HarmonyOSNext应用开发学习路线!(从零基础入门到精通)HarmonyOSNEXT应用开发案例实践总结合(持续更新......)HarmonyOSNEXT应用开发性能优化实践总结(持续更新......)当前示......
  • 鸿蒙开发进阶(OpenHarmony)DAC模拟信号
    鸿蒙NEXT开发实战往期必看文章:一分钟了解”纯血版!鸿蒙HarmonyOSNext应用开发!“非常详细的”鸿蒙HarmonyOSNext应用开发学习路线!(从零基础入门到精通)HarmonyOSNEXT应用开发案例实践总结合(持续更新......)HarmonyOSNEXT应用开发性能优化实践总结(持续更新......)功能简介......
  • 鸿蒙开发进阶(HarmonyOS)原生能力设备唯一ID实践
      鸿蒙NEXT开发实战往期必看文章:一分钟了解”纯血版!鸿蒙HarmonyOSNext应用开发!“非常详细的”鸿蒙HarmonyOSNext应用开发学习路线!(从零基础入门到精通)HarmonyOSNEXT应用开发案例实践总结合(持续更新......)HarmonyOSNEXT应用开发性能优化实践总结(持续更新......)场景......
  • 向量数据库 PieCloudVector 进阶系列丨打造以 LLM 为基础的聊天机器人
    本系列前两篇文章深入探讨了PieCloudVector在图片和音频数据上的应用之后,本文将聚焦于文本数据,探索PieCloudVector对于文本数据的向量化处理、存储以及检索,并最终结合LLM打造聊天机器人的全流程。在自然语言处理任务中涉及到大量对文本数据的处理、分析和理解,而向量数据库......
  • 【C++进阶】智能指针的使用及原理(1)
    1.智能指针的使用场景分析下面程序中我们可以看到,new了以后,我们也delete了,但是因为抛异常导,后面的delete没有得到执行,所以就内存泄漏了,所以我们需要new以后捕获异常,捕获到异常后delete内存,再把异常抛出,但是因为new本身也可能抛异常,连续的两个new和下面的Divide都可能会抛异......
  • 配置docker和containerd,使用ca证书访问harbor
    配置docker和containerd,使用ca证书访问harbor目录配置docker和containerd,使用ca证书访问harbordocker配置ca证书访问harborcontainerd配置ca证书访问harbor验证证书有效性docker配置方法containerd配置方法验证证书有效性描述harbor链接汇总harbor部署harbor部署httpsdo......
  • 【模块一】kubernetes容器编排进阶实战之k8s基础概念
    kubernetes基本介绍kubernetes组件简介   -master:       主人,并不部署服务,而是管理salve节点。      后期更名为:controllplane,控制面板。         etcd:      2379(客户端通信)、2380(集群内部通信)         ......
  • 大模型(LLMs)学习笔记——进阶知识
    一.生成式大模型简介1.什么是生成式大模型前排提示,文末有大模型AGI-CSDN独家资料包哦!生成式大模型(一般简称大模型LLMs)是指能用于创作新内容,例如文本、图片、音频以及视频的一类深度学习模型。相比普通深度学习模型,主要有两点不同:模型参数量更大,参数量都在Billion......
  • 第三十四章 Vue路由进阶之声明式导航(导航高亮)
    目录一、导航高亮1.1.基于语法1.2.主要代码 二、声明式导航的两个类名2.1.声明式导航类名匹配方式2.2.声明式导航类名样式自定义 ​2.3.核心代码一、导航高亮1.1.基于语法在Vue中通过VueRouter插件,我们可以非常简单的实现实现导航高亮效果VueRouter提......