containerd使用了解

yum安装

[root@vm ~]# curl -o /etc/yum.repos.d/docker.repo  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@vm ~]# yum list | grep containerd
containerd.io.x86_64                        1.6.28-3.1.el7             docker-ce-stable
[root@vm ~]# yum -y install containerd.io.x86_64
[root@vm ~]# systemctl enable containerd --now
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
[root@vm ~]# systemctl status containerd
[root@vm ~]# ctr version
Client:Version:  1.6.28Revision: ae07eda36dd25f8a1b98dfbf587313b99c0190bbGo version: go1.20.13Server:Version:  1.6.28Revision: ae07eda36dd25f8a1b98dfbf587313b99c0190bbUUID: 852c205c-ca6d-475a-823b-b2069a2b183f
[root@vm ~]# ctr container ls
CONTAINER    IMAGE    RUNTIME

二进制方式安装

[root@vm ~]# wget https://github.com/containerd/containerd/releases/download/v1.6.0/cri-containerd-cni-1.6.0-linux-amd64.tar.gz# 查看etc目录，主要为containerd服务管理配置文件及cni虚拟网卡配置文件
# 查看opt目录，主要为gce环境中使用containerd配置文件及cni插件
# 查看usr目录，bin主要为containerd运行时文件，sbin包含runc[root@vm ~]#  cat etc/systemd/system/containerd.service  
# 将containerd放到对的目录里，将service放到对应的目录 使用system管理

创建配置文件目录

[root@vm ~]# containerd --help	
[root@vm ~]# mkdir /etc/containerd	#创建配置文件目录
[root@vm ~]# containerd config default > /etc/containerd/config.toml	#生成配置文件
...
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
...
[plugins][plugins."io.containerd.gc.v1.scheduler"]deletion_threshold = 0mutation_threshold = 100pause_threshold = 0.02schedule_delay = "0s"startup_delay = "100ms"[plugins."io.containerd.grpc.v1.cri"]device_ownership_from_security_context = falsedisable_apparmor = falsesandbox_image = "registry.k8s.io/pause:3.6" # 配置可拉取到的[plugins."io.containerd.grpc.v1.cri".registry][plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"][plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]endpoint = ["https://gcr.mirrors.ustc.edu.cn"]  [plugins.cri.registry.mirrors."harbor.docker.com"] #此处添加了本地容器镜像仓库 Harbor，做为本地容器镜像仓库endpoint =["http://harbor.docker.com"]

[root@vm ~]# cp usr/local/bin/ctr /usr/bin/
[root@vm ~]# ctr version

containerd+runc 但是依赖系统中的seccomp

[root@vm ~]# # wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
[root@vm ~]# chmod+x runc
[root@vm ~]# runc -v

docker&ctr&crictl区别

docker			 使用 docker  images	 命令管理镜像
单机containerd 	使用 ctr images		命令管理镜像(containerd本身的CLI工具)
k8s中containerd	 使用 crictl images    命令管理镜像(Kubernetes社区的专用CLI工具)

[root@vm ~]# ctr --hepUSAGE:ctr [global options] command [command options] [arguments...]COMMANDSplugins, plugin            provides information about containerd pluginsversion                    print the client and server versionscontainers, c, container   manage containerscontent                    manage contentevents, event              display containerd eventsimages, image, i           manage imagesleases                     manage leasesnamespaces, namespace, ns  manage namespacespprof                      provide golang pprof outputs for containerdrun                        run a containersnapshots, snapshot        manage snapshotstasks, t, task             manage tasksinstall                    install a new packageoci                        OCI toolsdeprecationsshim                       interact with a shim directlyhelp, h                    Shows a list of commands or help for one command

镜像操作

[root@vm ~]# ctr images --help
NAME:ctr images - manage imagesUSAGE:ctr images command [command options] [arguments...]COMMANDS:check                    check existing images to ensure all content is avail                able locallyexport                   export imagesimport                   import imageslist, ls                 list images known to containerdmount                    mount an image to a target pathunmount                  unmount the image from the targetpull                     pull an image from a remotepush                     push an image to a remotedelete, del, remove, rm  remove one or more images by referencetag                      tag an imagelabel                    set and clear labels for an imageconvert                  convert an image[root@vm ~]# ctr images pull docker.io/library/nginx:latest   #根据平台统架构 自动下载符合的    uname -a
[root@vm ~]# ctr images pull --platform linux/amd64  docker.io/library/nginx:alpine   # 指定架构的
[root@vm ~]# ctr images pull --all-platforms docker.io/library/nginx:alpine # 下所有的[root@vm ~]# ctr images mount docker.io/library/nginx:alpine /mnt
[root@vm ~]# ls  /mnt
[root@vm ~]# umount /mnt[root@vm ~]# ctr  i  export nginx.img  docker.io/library/nginx:alpine
[root@vm ~]# ls  nginx.img
[root@vm ~]# ctr  i  export --al1-platforms nginx.img  docker.io/library/nginx:alpine
[root@vm ~]# ctr i import
[root@vm ~]# ctr i rm  [root@vm ~]# ctr i check  # 显示镜像大小分层
[root@vm ~]# cri i tag docker.io/library/nginx:alpine  docker.io/library/nginx:alpine-v1 #名字要完整，这种nginx:alpine-v1会不可用

容器操作.

ctr container --help 
ctr c --help
[root@vm ~]# ctr container --help
NAME:ctr containers - manage containersUSAGE:ctr containers command [command options] [arguments...]COMMANDS:create                   create containerdelete, del, remove, rm  delete one or more existing containersinfo                     get info about a containerlist, ls                 list containerslabel                    set and clear labels for a containercheckpoint               checkpoint a containerrestore                  restore a container from checkpoint使用“ctr container create 命今创建容器后，容器并没有处于运行状态，其只是一个静态的容器。
这个 container 对象只是包含了运行一个容器所需的资源及配黑的数据结构。
例如: Tlamespaces、rootfs 和容器的配黑都已经初始化成功了，只是用户进程(本案为nginx)还没有启动。
需要使用ctr tasks~命令才能获取一个动态容器。#  ctr container 需两步完成容器启动，所以使用不多。采用ctr run[root@vm ~]# ctr c ls  查看容器
[root@vm ~]# ctr task  ls 查看任务，动态的[root@vm ~]# ctr container create  docker.io/library/nginx:alpine  my-nginx  # 先镜像，后容器名。  镜像不存在时，创建失败
[root@vm ~]# ctr c ls 
[root@vm ~]# ctr c info my-nginx
[root@vm ~]# ctr task  ls   #暂时没有动态的容器
[root@vm ~]# ctr task start -d  my-nginx  # runc,复制containerd连接runC垫片工具containerd-shim-runc-v2至/usr/bin
[root@vm ~]# ctr task  ls  # 显示容器所在宿主机进程，pid
[root@vm ~]# ctr task ps  my-nginx #查看容器的进程(都是物理机的进程  master worker)

# 进入容器
[root@vm ~]# ctr task exec --exec-id 1 my-nginx /bin/bash  # 1 随机写
curl  localhost# 使用ctr run  
[root@vm ~]# ctr run -d --net-host  docker.io/library/nginx:latest   nginx2
[root@vm ~]# ctr task exec --exec-id $RANDOM -t  nginx2 /bin/bash 
exit#暂停容器
[root@vm ~]# ctr task pause nginx2
[root@vm ~]# ctr task ls  #再次查看容器状态，看到其状态为PAUSED，表示停止
[root@vm ~]# ctr task resume nginx2
[root@vm ~]# ctr task kill nginx2	# stop状态
[root@vm ~]# ctr task rm  nginx2    #删除进程，容器还在不用再次  ctr create
[root@vm ~]# ctr task start -d nginx2#删除容器[root@vm ~]# ctr task delet nginx2
[root@vm ~]# ctr container delete nginx2