【模块一】kubernetes容器编排进阶实战之containerd安装及nerdctl客户端⼯具

标签：进阶 kubernetes containerd server1 nerdctl runc com root

安装containerd

apt/yum安装

#验证仓库版本
[root@k8s-node3 ~]#apt-cache madison containerd
containerd | 1.7.12-0ubuntu2~22.04.1 | https://mirrors.aliyun.com/ubuntu jammy-updates/main amd64 Packages
containerd | 1.6.12-0ubuntu1~22.04.3 | https://mirrors.aliyun.com/ubuntu jammy-security/main amd64 Packages
containerd | 1.5.9-0ubuntu3 | https://mirrors.aliyun.com/ubuntu jammy/main amd64 Packages
containerd | 1.5.9-0ubuntu3 | https://mirrors.aliyun.com/ubuntu jammy/main Sources
containerd | 1.6.12-0ubuntu1~22.04.6 | https://mirrors.aliyun.com/ubuntu jammy-security/main Sources
containerd | 1.6.12-0ubuntu1~22.04.6 | https://mirrors.aliyun.com/ubuntu jammy-updates/main Sources
containerd-app | 1.7.12-0ubuntu2~22.04.1 | https://mirrors.aliyun.com/ubuntu jammy-updates/universe Sources

#安装containerd：
[root@k8s-node3 apt]#apt -y install containerd=1.6.12-0ubuntu1~22.04.3

#查看service⽂件：
[root@k8s-node3 ~]#cat /lib/systemd/system/containerd.service 

#验证runc环境：
root@containerd-server1:~# whereis runc
runc: /usr/sbin/runc /usr/share/man/man8/runc.8.gz
root@containerd-server1:~#
root@containerd-server1:~# whereis containerd
containerd: /usr/bin/containerd /usr/share/man/man8/containerd.8.gz
root@containerd-server1:~#
root@containerd-server1:~# runc -v
runc version 1.1.12-0ubuntu2~22.04.1
spec: 1.0.2-dev
go: go1.21.1
libseccomp: 2.5.3

[root@k8s-node3 ~]#containerd -v
containerd github.com/containerd/containerd 1.6.12-0ubuntu1~22.04.3 


#containerd配置⽂件：
root@containerd-server1:~# containerd --help
root@containerd-server1:~# containerd config --help
root@containerd-server1:~# containerd config default #查看默认配置
root@containerd-server1:~# mkdir /etc/containerd/
root@containerd-server1:~# containerd config default > /etc/containerd/config.toml
root@containerd-server1:~# systemctl restart containerd.servicecontainerd配置⽂件：

#containerd 下载镜像的路径（可替换成能下载的镜像）
[root@k8s-node3 ~]#vim /etc/containerd/config.toml 
    sandbox_image = "registry.k8s.io/pause:3.6"

（国内阿里云）  
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9

#重启镜像
[root@k8s-node3 ~]#systemctl restart containerd.service 

#通过命令⾏测试下载镜像：
containerd的命令⾏客户端有ctr、crictl、nerdctl等，containerd相⽐docker多了⼀个命名空间的逻辑概念，⾃身
的命令⾏客户端ctr命令默认是在default命名空间⾥、nerdctl也是在default，当使⽤crictl命令的时候，是在k8s.io
这个命名空间，⽽k8s的创建的pod也是在k8s.io命名空间，因此在使⽤nerdctl管理kubernetes环境的pod的时候
要指定命名空间为k8s.io，否则看不到kubernetes环境中的pod。

root@containerd-server1:~# ctr images pull docker.io/library/alpine:latest

#验证镜像：
root@containerd-server1:~# ctr images ls

#ctr客户端创建测试容器：
运⾏容器并使⽤宿主机⽹络：
root@containerd-server1:~# ctr run -t --net-host docker.io/library/alpine:latest testcontainer sh

⼆进制安装containerd

通过官⽅⼆进制安装containerd、runc及CNI,kubernetes从 v1.24.0开始默认使⽤containerd作为容器运⾏时，因此需要提前安装好containerd之后在安装v1.24或更⾼版本的kubernetes(如果要继续使⽤docker，则需要单独安装 docker及cri-dockerd、GitHub - Mirantis/cri-dockerd: dockerd as a compliant Container Runtime Interface for Kubernetesdockerd as a compliant Container Runtime Interface for Kubernetes - Mirantis/cri-dockerdhttps://github.com/Mirantis/cri-dockerd

#下载containerd⼆进制并创建service⽂件：

root@containerd-server1:/usr/local/src# wget https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz
root@containerd-server1:/usr/local/src# tar xvf containerd-1.6.20-linux-amd64.tar.gz
bin/
bin/containerd-shim
bin/containerd-shim-runc-v1
bin/containerd-stress
bin/containerd
bin/ctr
bin/containerd-shim-runc-v2
#copy⼆进制
root@containerd-server1:/usr/local/src# cp bin/* /usr/local/bin/
#验证containerd执⾏结果
root@containerd-server1:/usr/local/src# containerd -v
containerd github.com/containerd/containerd v1.6.20
2806fc1057397dbaeefbea0e4e17bddfbd388f38
#创建service⽂件
root@containerd-server1:/usr/local/src# vim /lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/usr/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify

Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target

#编辑配置⽂件：
root@containerd-server1:~# mkdir /etc/containerd
root@containerd-server1:~# containerd config default > /etc/containerd/config.toml
root@containerd-server1:~# vim /etc/containerd/config.toml
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9" #61
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors] #153
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] #154
 endpoint = ["https://9916w1ow.mirror.aliyuncs.com"] #155
 
root@containerd-server1:~# systemctl restart containerd && systemctl enable containerd

#部署runc：
root@containerd-server1:~# wget
https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64
root@containerd-server1:~# chmod a+x runc.amd64
root@containerd-server1:~# mv runc.amd64 /usr/bin/runc

#下载测试镜像并验证
root@containerd-server1:~# ctr images pull docker.io/library/alpine:latest
root@containerd-server1:~# ctr images ls
root@containerd-server1:~# ctr -n k8s.io images ls #指定namespaces

#ctr客户端创建测试容器：
root@containerd-server1:~# ctr run -t --net-host docker.io/library/alpine:latest test-container sh

containerd客户端⼯具扩展

GitHub - containerd/nerdctl: contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ... - containerd/nerdctlhttps://github.com/containerd/nerdctl

安装nerdctl

root@containerd-server1:~# wget
https://github.com/containerd/nerdctl/releases/download/v1.3.0/nerdctl-1.3.0-linux-amd64.tar.gz
root@containerd-server1:~# tar xvf nerdctl-1.3.0-linux-amd64.tar.gz -C /usr/local/bin/
root@containerd-server1:~# nerdctl version
Client:
 Version: v1.3.0
 OS/Arch: linux/amd64
 Git commit: c6ddd63dea9aa438fdb0587c0d3d9ae61a60523e
 buildctl:
 Version:
Server:
 containerd:
 Version: v1.6.20
 GitCommit: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc:
 Version: 1.1.5
 GitCommit: v1.1.5-0-gf19387a6

nerdctl配置⽂件

root@containerd-server1:~# mkdir /etc/nerdctl/
root@containerd-server1:~# vim /etc/nerdctl/nerdctl.toml
namespace = "k8s.io"
debug = false
debug_full = false
insecure_registry = true

安装CNI：

root@containerd-server1:~# wget
https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
root@containerd-server1:~# mkdir /opt/cni/bin -p #保存cni插件的路径
root@containerd-server1:~# tar xvf cni-plugins-linux-amd64-v1.2.0.tgz -C 
/opt/cni/bin/
./
./loopback
./bandwidth
./ptp
./vlan
./host-device
./tuning
./vrf
./sbr
./dhcp
./static
./firewall
./macvlan
./dummy
./bridge
./ipvlan
./portmap
./host-local

创建Nginx测试容器并指定端⼝：

创建容器并制定端⼝
root@containerd-server1:~# nerdctl run -d -p 80:80 --name=nginx-web1 --restart=always
nginx:1.20.2
root@containerd-server1:~# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED 
 STATUS PORTS NAMES
936a48ea2c54 docker.io/library/nginx:latest "/docker-entrypoint.…" 36 seconds
ago Up 0.0.0.0:80->80/tcp nginx-web1
root@containerd-server1:~# nerdctl exec -it 936a48ea2c54 bash
root@936a48ea2c54:/#

创建Tomcat测试容器并指定端⼝:

root@containerd-server1:~# nerdctl run -d -p 8080:8080 --name=tomcat-web1 --restart=always tomcat:7.0.88-alpine

[root@k8s-node3 ~]#nerdctl exec -it tomcat-web1 bash
bash-4.2# pwd
/usr/local/tomcat
bash-4.2# ls
BUILDING.txt	 NOTICE		RUNNING.txt  lib	     temp	   work
CONTRIBUTING.md  README.md	bin	     logs	     webapps
LICENSE		 RELEASE-NOTES	conf	     native-jni-lib  webapps.dist
bash-4.2# cd webapps
bash-4.2# mkdir app1                                                                                                             
bash-4.2# echo "app1 `date +%T`" > app1/index.jsp
bash-4.2# ls app1/index.jsp
app1/index.jsp
bash-4.2# exit

创建MySQL测试容器并指定端⼝:

 root@containerd-server1:~#nerdctl run -t -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=MySQL127336 -d mysql:5.6.39
 
 
[root@k8s-node3 ~]#nerdctl exec -it m1 bash
root@ee97a3d11251:/# mysql -uroot -p123456
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.44 MySQL Community Server (GPL)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

标签：进阶,kubernetes,containerd,server1,nerdctl,runc,com,root
From： https://blog.csdn.net/weixin_74814027/article/details/143636329