文章目录
说明
- k8s在13版本出来以后就不支持docker了
- 但可以支持containerd和padman这些
- 其实docker是调用的containerd服务,只要docker服务是正常的,那么containerd服务也是正常的。
[root@ccx ~]# systemctl is-active docker
active
[root@ccx ~]#
[root@ccx ~]# systemctl is-active containerd
active
[root@ccx ~]#
- 因为docker属于高级运行时【runtime】,其根本是调用的低级运行时
runc, 其实完整的流程是 docker调用containerd,然后containerd调用runc, 所以k8s的13版本以后就不适用docker了,直接使用containerd调用runc。。。。
containerd使用流程
containerd安装
- 命令:
yum install containerd.io cri-tools -y - 安装完毕以后启动该服务
[root@ccx ~]# systemctl enable containerd --now
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
[root@ccx ~]#
配置加速器
在/etc/containerd/config.toml中写入下面内容【需要清空这里面的内容】
[root@ccx ~]# cat /etc/containerd/config.toml
disabled_plugins = ["restart"]
[plugins]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://frz7i079.mirror.aliyuncs.com"]
[plugins.cri]
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2"
[root@ccx ~]#
- 然后重启服务
[root@ccx ~]# systemctl restart containerd
[root@ccx ~]#
containerd配置文件说明
-
containerd 的配置文件是
/etc/containerd/config.toml。 -
因为我们通过上面方法配置了加速器,所以里面之前的内容就没了
-
但我们可以通过一条命令获取更多的配置文件【有必要的时候在执行,现在不要执行】
containerd config default > /etc/containerd/config.toml -
查看默认的配置
命令:containerd config dump【上面条命令执行后就会生成下面的内容】
[root@ccx ~]# containerd config dump
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
plugin_dir = ""
disabled_plugins = []
required_plugins = []
oom_score = 0
imports = ["/etc/containerd/config.toml"]
[grpc]
address = "/run/containerd/containerd.sock"
tcp_address = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[ttrpc]
address = ""
uid = 0
gid = 0
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[timeouts]
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
disable_tcp_service = true
stream_server_address = "127.0.0.1"
stream_server_port = "0"
stream_idle_timeout = "4h0m0s"
enable_selinux = false
selinux_category_range = 1024
sandbox_image = "k8s.gcr.io/pause:3.2"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
disable_cgroup = false
disable_apparmor = false
restrict_oom_score_adj = false
max_concurrent_downloads = 3
disable_proc_mount = false
unset_seccomp_profile = ""
tolerate_missing_hugetlb_controller = true
disable_hugetlb_controller = true
ignore_image_defined_volumes = false
[plugins."io.containerd.grpc.v1.cri".containerd]
snapshotter = "overlayfs"
default_runtime_name = "runc"
no_pivot = false
disable_snapshot_annotations = true
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
runtime_engine = ""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
max_conf_num = 1
conf_template = ""
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = ""
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.runtime.v1.linux"]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.snapshotter.v1.devmapper"]
root_path = ""
pool_name = ""
base_image_size = ""
async_remove = false
[root@ccx ~]#
containerd自带命令说明
查看客户端
命令:ctr ns list
[root@ccx ~]# ctr ns list
NAME LABELS
moby
containerd 客户端工具有 ctr 和 crictl 两个
建议使用ctl工具,方法见下面【containerd 客户端工具 nerdctl 的使用】
crictl的使用
- 如果使用 crictl 命令的话需要执行
[root@vms103 ~]# crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
[root@vms103 ~]#
镜像管理
镜像查看
查看命令如下
[root@vms103 ~]# ctr i list
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@vms103 ~]#
[root@vms103 ~]# crictl images
IMAGE TAG IMAGE ID SIZE
[root@vms103 ~]#
镜像下载
- 使用 crictl 下载镜像的命令为
crictl pull 镜像,比如下载 nginx 镜像:
[root@vms103 ~]# crictl pull docker.io/nginx
Image is up to date for
sha256:f6d0b4767a6c466c178bf718f99bea0d3742b26679081e52dbf8e0c7c4c42d74
[root@vms103 ~]#
- (使用 ctr 下载镜像的命令是 ctr i pull 镜像名)
但是使用 ctr 命令进行查看的时候却是没有的,这是为何?
[root@vms103 ~]# ctr i list
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@vms103 ~]#
- 因为 containerd 和 docker 相比多了命名空间的概念。当使用 crictl 命令的时候,都是在 k8s.io
这个命名空间里的,而 ctr 默认是在 default 这个命名空间里。所以当 crictl 下载镜像之后,
会自动创建一个 k8s.io,而下载的镜像就是放在 k8s.io 里的。
[root@vms103 ~]# ctr ns list
NAME LABELS
k8s.io
[root@vms103 ~]#
- 因为 ctr 默认查看的是 default 命名空间,所以看不到下载的镜像。如果想查看其他命名空间
里的镜像需要加上-n 指定命名空间:
[root@vms103 ~]# ctr -n k8s.io i list -q
docker.io/library/nginx:latest
docker.io/library/nginx@sha256:10b8cc432d56da8b61b070f4c7d2543a9ed17c2b23010b43af434
fd40e2ca4aa
sha256:f6d0b4767a6c466c178bf718f99bea0d3742b26679081e52dbf8e0c7c4c42d74
[root@vms103 ~]#
- 如果 ctr 想切换到其他命名空间,只需定义变量 CONTAINERD_NAMESPACE,比如:
[root@vms103 ~]# export CONTAINERD_NAMESPACE=k8s.io
[root@vms103 ~]# ctr i list -q
docker.io/library/nginx:latest
docker.io/library/nginx@sha256:10b8cc432d56da8b61b070f4c7d2543a9ed17c2b23010b43af434
fd40e2ca4aa
sha256:f6d0b4767a6c466c178bf718f99bea0d3742b26679081e52dbf8e0c7c4c42d74
[root@vms103 ~]#
- 此时就不用指定命名空间了。
[root@vms103 ~]# ctr -n default i list -q
[root@vms103 ~]#
镜像重命名【打标签】
- 对镜像重新打标签 tag,语法为
ctr i tag 旧镜像 新镜像
[root@vms103 ~]# ctr i tag docker.io/library/nginx:latest rhce.cc/cka/nginx:v1
rhce.cc/cka/nginx:v1
[root@vms103 ~]#
查看镜像
[root@vms103 ~]# ctr i list -q
docker.io/library/nginx:latest
docker.io/library/nginx@sha256:10b8cc432d56da8b61b070f4c7d2543a9ed17c2b23010b43af434
fd40e2ca4aa
rhce.cc/cka/nginx:v1
sha256:f6d0b4767a6c466c178bf718f99bea0d3742b26679081e52dbf8e0c7c4c42d74
[root@vms103 ~]#
删除镜像
[root@vms103 ~]# ctr i rm docker.io/library/nginx:latest
docker.io/library/nginx:latest
[root@vms103 ~]#
容器管理
查看
下面开始创建容器,首先查看当前是否存在容器:
[root@vms103 ~]# ctr c list
CONTAINER IMAGE RUNTIME
[root@vms103 ~]#
容器创建
创建一个 名字为 web1 的容器
[root@vms103 ~]# ctr container create rhce.cc/cka/nginx:v1 web1
[root@vms103 ~]#
[root@vms103 ~]# ctr c list
CONTAINER IMAGE RUNTIME
web1 rhce.cc/cka/nginx:v1 io.containerd.runc.v2
[root@vms103 ~]#
删除容器
[root@vms103 ~]# ctr c rm web1
[root@vms103 ~]# ctr c list
CONTAINER IMAGE RUNTIME
[root@vms103 ~]#
containerd 客户端工具 nerdctl 的使用
步骤 1 :安装 containerd
如果上面步骤已经做了,忽略。
[root@vms101 ~]# yum install containerd.io cri-tools -y
...大量输出...
作为依赖被升级:
audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7
libselinux.x86_64 0:2.5-15.el7 libselinux-python.x86_64 0:2.5-15.el7
libselinux-utils.x86_64 0:2.5-15.el7 libsemanage.x86_64 0:2.5-14.el7
libsepol.x86_64 0:2.5-10.el7 policycoreutils.x86_64 0:2.5-34.el7
selinux-policy.noarch 0:3.13.1-268.el7_9.2
完毕!
[root@vms101 ~]#
containerd config default > /etc/containerd/config.toml
步骤 2 :启动 containerd 并设置开机自动启动
如果上面步骤已经做了,忽略。
[root@vms101 ~]# systemctl enable containerd --now
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to
/usr/lib/systemd/system/containerd.service.
[root@vms101 ~]#
步骤 3 :修改 containerd 配置文件并配置加速器
如果上面步骤已经做了,忽略。
[root@vms101 ~]# cat /etc/containerd/config.toml
disabled_plugins = ["restart"]
[plugins]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://frz7i079.mirror.aliyuncs.com"]
[root@vms101 ~]#
步骤 4 :重启 containerd
如果上面步骤已经做了,忽略。
[root@vms101 ~]# systemctl restart containerd
[root@vms101 ~]#
步骤 5 :下载并安装 nerdctl
- 下载地址:
https://github.com/containerd/nerdctl/releases
下载最新版本的 nerdctl - 上传到主机并解压到/usr/local/bin 里:
[root@ccx ~]# tar zxvf nerdctl-0.8.1-linux-amd64.tar.gz -C /usr/local/bin/
nerdctl
containerd-rootless-setuptool.sh
containerd-rootless.sh
[root@ccx ~]#
nerdctl
containerd-rootless-setuptool.sh
containerd-rootless.sh
解压完呢就会多工具【命令】:nerdctl
[root@vms101 ~]# ls /usr/local/bin/
containerd-rootless-setuptool.sh containerd-rootless.sh nerdctl
[root@vms101 ~]#
步骤 6 :安装网络插件
到 https://github.com/containernetworking/plugins/releases 下载最新版本 CNI 插件,解压放在/opt/cni/bin 目录中。
[root@vms101 ~]# mkdir -p /opt/cni/bin/
[root@vms101 ~]# tar zxf cni-plugins-linux-amd64-v0.9.1.tgz -C /opt/cni/bin/
[root@vms101 ~]#
步骤 7 :设置 nerdctl 子命令可以使用 tab 键 键
- 在
/etc/profile里添加source <(nerdctl completion bash),如下:
[root@vms101 ~]# head -2 /etc/profile
# /etc/profile
source <(nerdctl completion bash)
[root@vms101 ~]#
- 让设置生效:
[root@vms101 ~]# source /etc/profile
[root@vms101 ~]#
nerdctl使用说明
说明
- nerdctl基于containerd的,nerdctl是一个工具!!!!
- nerdctl工具的使用方法和docker基本上是一样的,只是把docker换成了nerdctl,而已。
镜像管理
镜像下载
命令:nerdctl pull 需下载名称
[root@vms101 ~]# nerdctl pull nginx
docker.io/library/nginx:latest:
resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:75a55d33ecc73c2a242450a9f1cc858499d468f077ea942867e662c247b5e412:
done |++++++++++++++++++++++++++++++++++++++|
...大量输出...
done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:aa1efa14b3bfc78fab92952a716bb9d6bda5de150727297dbd8bda66c933a0f3:
done |++++++++++++++++++++++++++++++++++++++|
elapsed: 47.7s
total: 51.2 M (1.1 MiB/s)
[root@vms101 ~]#
镜像查看
命令:nerdctl images
[root@vms101 ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 75a55d33ecc7 About a minute ago 51.2 MiB
[root@vms101 ~]#
注:因为是通过官网下载的,所以默认的全路径是: docker.io/library/nginx:latest
镜像重命名【做标签】
命令:nerdctl tag 原名称:tag 自定义名称:tag
给 nginx 镜像做标签为 192.168.26.101/cka/nginx:v1
[root@ccx ~]# nerdctl tag docker.io/library/nginx:latest 192.168.159.129/web/nginx:v1
[root@ccx ~]#
[root@ccx ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.159.129/web/nginx v1 47ae43cdfc70 8 seconds ago 51.3 MiB
nginx latest 47ae43cdfc70 3 minutes ago 51.3 MiB
[root@ccx ~]#
创建容器并测试
参数 -d是不输入内容创建,不能创建的时候指定it,只能后面通过it参数进入bash【方法见下面容器管理】
[root@ccx ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.159.129/web/nginx v1 47ae43cdfc70 8 seconds ago 51.3 MiB
nginx latest 47ae43cdfc70 3 minutes ago 51.3 MiB
[root@ccx ~]#
[root@ccx ~]# nerdctl run -d --name=web --restart=always -p 80:80 192.168.159.129/web/nginx:v1
b7c22f325dcbfea71a6fc0cbf35e28a2eee7399ecdac754d39e859fa8412cebe
[root@ccx ~]#
[root@ccx ~]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b7c22f325dcb 192.168.159.129/web/nginx:v1 "/docker-entrypoint.…" 5 seconds ago Up 0.0.0.0:80->80/tcp web
[root@ccx ~]#
- 在物理机*问此容器
因为我创建的是nginx容器,所以直接在浏览器输入容器所属ip即可看到下面网页内容了。
容器管理【进入bash】
命令:nerdctl exec -it 容器名 cmd名
[root@ccx ~]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b7c22f325dcb 192.168.159.129/web/nginx:v1 "/docker-entrypoint.…" 4 minutes ago Up 0.0.0.0:80->80/tcp web
[root@ccx ~]#
[root@ccx ~]# nerdctl exec -it web bash
root@b7c22f325dcb:/# pwd
/
root@b7c22f325dcb:/# ls
bin docker-entrypoint.d home media proc sbin tmp
boot docker-entrypoint.sh lib mnt root srv usr
dev etc lib64 opt run sys var
root@b7c22f325dcb:/# exit
exit
[root@ccx ~]#
更多
更多的就不做说明了,这个其实没有docker好用,更多功能可以参照docker的使用说明自行研究。