Containerd 安裝

Containerd Github: containerd/containerd

Containerd GitHub上提供了兩種類型的壓縮包，containerd-${VERSION}.${OS}-${ARCH}.tar.gz不包含依賴包，cri-containerd-cni-${VERSION}.${OS}-${ARCH}.tar.gz包含相關(guān)依賴的壓縮包，由于 containerd 需要調(diào)用 runc，所以我們也需要先安裝 runc，所以還是下載cri-containerd-cni-${VERSION}.${OS}-${ARCH}.tar.gz類型的包。

wget https://github.com/containerd/containerd/releases/download/v1.5.9/cri-containerd-cni-1.5.9-linux-amd64.tar.gz

直接將壓縮包解壓到系統(tǒng)目錄中：

tar -C / -xzf cri-containerd-cni-1.5.9-linux-amd64.tar.gz

添加環(huán)境變量

source ~/.bashrc

生成配置文件

mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml

containerd安裝包中含有containerd.server文件在etc/systemd/system/containerd.service下，所以我們能通過systemd 來配置 containerd 作為守護(hù)進(jìn)程運行，其文件內(nèi)容為

# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

啟動containerd

systemctl enable containerd --now

查看Containerd本地CLI命令工具ctr的版本

~ # ctr version                                                                                                                                                               
Client:
  Version:  v1.5.9
  Revision: 1407cab509ff0d96baa4f0eb6ff9980270e6e620
  Go version: go1.16.12

Server:
  Version:  v1.5.9
  Revision: 1407cab509ff0d96baa4f0eb6ff9980270e6e620
  UUID: 20543d70-a71c-4202-a98d-32e54331393b

查看兼容CRI的容器運行時命令行接口crictl的版本：

~ # crictl --version                                                                                                                                                          
crictl version 1.20.0-24-g53ad8bb7

命令參考

crictl

生成默認(rèn)的配置文件：containerd config default > /etc/containerd/config.toml
配置文檔地址：containerd / containerd。

鏡像加速

在/etc/containerd/config.toml 文件中添加需要加速的鏡像信息：

[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
 endpoint = ["https://registry.aliyuncs.com/k8sxio"]

其中，registry.mirrors."xxx"表示需要配置 mirror 的鏡像倉庫原鏡像倉庫，endpoint表示提供 mirror 的鏡像加速服務(wù)。

鏡像驗證

tls驗證

跳過tls驗證：

[plugins."io.containerd.grpc.v1.cri".registry.configs."<YOUR REGISTRY>".tls]
  insecure_skip_verify = true

用戶驗證

[plugins."io.containerd.grpc.v1.cri".registry.configs."<YOUR REGISTRY>".auth]
  username = "<YOUR USERNAME>"
  password = '<USERNAME PASSWORD>'

ctr

/etc/containerd/config.toml配置文件中的內(nèi)容僅會對crictl生效。
crictl images list = ctr -n=k8s.io image list

ctr命令

pull image:

ctr i pull --user admin:password --skip-verify <YOUR REGISTRY>/app/web1:latest

參考：

• https://github.com/containerd/containerd
• https://zhuanlan.zhihu.com/p/373881297
• https://www.qikqiak.com/post/containerd-usage/