containerd使用了解

最新推荐文章于 2025-05-06 19:00:04 发布

daydayup9527

最新推荐文章于 2025-05-06 19:00:04 发布

阅读量466

点赞数 1

分类专栏： docker&compose 文章标签：运维 docker 容器

本文链接：https://blog.youkuaiyun.com/weixin_60092693/article/details/137211827

版权

docker&compose 专栏收录该内容

19 篇文章

订阅专栏

containerd使用了解

yum安装

[root@vm ~]# curl -o /etc/yum.repos.d/docker.repo  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@vm ~]# yum list | grep containerd
containerd.io.x86_64                        1.6.28-3.1.el7             docker-ce-stable
[root@vm ~]# yum -y install containerd.io.x86_64
[root@vm ~]# systemctl enable containerd --now
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
[root@vm ~]# systemctl status containerd
[root@vm ~]# ctr version
Client:
  Version:  1.6.28
  Revision: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
  Go version: go1.20.13

Server:
  Version:  1.6.28
  Revision: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
  UUID: 852c205c-ca6d-475a-823b-b2069a2b183f
[root@vm ~]# ctr container ls
CONTAINER    IMAGE    RUNTIME

二进制方式安装

[root@vm ~]# wget https://github.com/containerd/containerd/releases/download/v1.6.0/cri-containerd-cni-1.6.0-linux-amd64.tar.gz

# 查看etc目录，主要为containerd服务管理配置文件及cni虚拟网卡配置文件
# 查看opt目录，主要为gce环境中使用containerd配置文件及cni插件
# 查看usr目录，bin主要为containerd运行时文件，sbin包含runc

[root@vm ~]#  cat etc/systemd/system/containerd.service  
# 将containerd放到对的目录里，将service放到对应的目录 使用system管理

创建配置文件目录

[root@vm ~]# containerd --help	
[root@vm ~]# mkdir /etc/containerd	#创建配置文件目录
[root@vm ~]# containerd config default > /etc/containerd/config.toml	#生成配置文件
...
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
...
[plugins]

  [plugins."io.containerd.gc.v1.scheduler"]
    deletion_threshold = 0
    mutation_threshold = 100
    pause_threshold = 0.02
    schedule_delay = "0s"
    startup_delay = "100ms"

  [plugins."io.containerd.grpc.v1.cri"]
    device_ownership_from_security_context = false
    disable_apparmor = false
    sandbox_image = "registry.k8s.io/pause:3.6" # 配置可拉取到的



 [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
          endpoint = ["https://gcr.mirrors.ustc.edu.cn"]  
		[plugins.cri.registry.mirrors."harbor.docker.com"] #此处添加了本地容器镜像仓库 Harbor，做为本地容器镜像仓库
		  endpoint =["http://harbor.docker.com"]

[root@vm ~]# cp usr/local/bin/ctr /usr/bin/
[root@vm ~]# ctr version

containerd+runc 但是依赖系统中的seccomp

[root@vm ~]# # wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
[root@vm ~]# chmod+x runc
[root@vm ~]# runc -v

docker&ctr&crictl区别

docker			 使用 docker  images	 命令管理镜像
单机containerd 	使用 ctr images		命令管理镜像(containerd本身的CLI工具)
k8s中containerd	 使用 crictl images    命令管理镜像(Kubernetes社区的专用CLI工具)

[root@vm ~]# ctr --hep

USAGE:
   ctr [global options] command [command options] [arguments...]

COMMANDS
   plugins, plugin            provides information about containerd plugins
   version                    print the client and server versions
   containers, c, container   manage containers
   content                    manage content
   events, event              display containerd events
   images, image, i           manage images
   leases                     manage leases
   namespaces, namespace, ns  manage namespaces
   pprof                      provide golang pprof outputs for containerd
   run                        run a container
   snapshots, snapshot        manage snapshots
   tasks, t, task             manage tasks
   install                    install a new package
   oci                        OCI tools
   deprecations
   shim                       interact with a shim directly
   help, h                    Shows a list of commands or help for one command

镜像操作

[root@vm ~]# ctr images --help
NAME:
   ctr images - manage images

USAGE:
   ctr images command [command options] [arguments...]

COMMANDS:
   check                    check existing images to ensure all content is avail                able locally
   export                   export images
   import                   import images
   list, ls                 list images known to containerd
   mount                    mount an image to a target path
   unmount                  unmount the image from the target
   pull                     pull an image from a remote
   push                     push an image to a remote
   delete, del, remove, rm  remove one or more images by reference
   tag                      tag an image
   label                    set and clear labels for an image
   convert                  convert an image


[root@vm ~]# ctr images pull docker.io/library/nginx:latest   #根据平台统架构 自动下载符合的    uname -a
[root@vm ~]# ctr images pull --platform linux/amd64  docker.io/library/nginx:alpine   # 指定架构的
[root@vm ~]# ctr images pull --all-platforms docker.io/library/nginx:alpine # 下所有的


[root@vm ~]# ctr images mount docker.io/library/nginx:alpine /mnt
[root@vm ~]# ls  /mnt
[root@vm ~]# umount /mnt



[root@vm ~]# ctr  i  export nginx.img  docker.io/library/nginx:alpine
[root@vm ~]# ls  nginx.img
[root@vm ~]# ctr  i  export --al1-platforms nginx.img  docker.io/library/nginx:alpine
[root@vm ~]# ctr i import
[root@vm ~]# ctr i rm  

[root@vm ~]# ctr i check  # 显示镜像大小分层
[root@vm ~]# cri i tag docker.io/library/nginx:alpine  docker.io/library/nginx:alpine-v1 #名字要完整，这种nginx:alpine-v1会不可用

容器操作.

ctr container --help 
ctr c --help
[root@vm ~]# ctr container --help
NAME:
   ctr containers - manage containers

USAGE:
   ctr containers command [command options] [arguments...]

COMMANDS:
   create                   create container
   delete, del, remove, rm  delete one or more existing containers
   info                     get info about a container
   list, ls                 list containers
   label                    set and clear labels for a container
   checkpoint               checkpoint a container
   restore                  restore a container from checkpoint

使用“ctr container create 命今创建容器后，容器并没有处于运行状态，其只是一个静态的容器。
这个 container 对象只是包含了运行一个容器所需的资源及配黑的数据结构。
例如: Tlamespaces、rootfs 和容器的配黑都已经初始化成功了，只是用户进程(本案为nginx)还没有启动。
需要使用ctr tasks~命令才能获取一个动态容器。

#  ctr container 需两步完成容器启动，所以使用不多。采用ctr run
		
[root@vm ~]# ctr c ls  查看容器
[root@vm ~]# ctr task  ls 查看任务，动态的


[root@vm ~]# ctr container create  docker.io/library/nginx:alpine  my-nginx  # 先镜像，后容器名。  镜像不存在时，创建失败
[root@vm ~]# ctr c ls 
[root@vm ~]# ctr c info my-nginx
[root@vm ~]# ctr task  ls   #暂时没有动态的容器
[root@vm ~]# ctr task start -d  my-nginx  # runc,复制containerd连接runC垫片工具containerd-shim-runc-v2至/usr/bin
[root@vm ~]# ctr task  ls  # 显示容器所在宿主机进程，pid
[root@vm ~]# ctr task ps  my-nginx #查看容器的进程(都是物理机的进程  master worker)

# 进入容器
[root@vm ~]# ctr task exec --exec-id 1 my-nginx /bin/bash  # 1 随机写
curl  localhost


# 使用ctr run  
[root@vm ~]# ctr run -d --net-host  docker.io/library/nginx:latest   nginx2
[root@vm ~]# ctr task exec --exec-id $RANDOM -t  nginx2 /bin/bash 
exit

#暂停容器
[root@vm ~]# ctr task pause nginx2
[root@vm ~]# ctr task ls  #再次查看容器状态，看到其状态为PAUSED，表示停止
[root@vm ~]# ctr task resume nginx2
[root@vm ~]# ctr task kill nginx2	# stop状态
[root@vm ~]# ctr task rm  nginx2    #删除进程，容器还在不用再次  ctr create
[root@vm ~]# ctr task start -d nginx2

#删除容器

[root@vm ~]# ctr task delet nginx2
[root@vm ~]# ctr container delete nginx2