Containerd的安装和配置
Containerd 安装
Containerd Github: containerd/containerd
Containerd GitHub上提供了两种类型的压缩包,
containerd-${VERSION}.${OS}-${ARCH}.tar.gz
不包含依赖包,cri-containerd-cni-${VERSION}.${OS}-${ARCH}.tar.gz
包含相关依赖的压缩包,由于 containerd 需要调用 runc,所以我们也需要先安装 runc,所以还是下载cri-containerd-cni-${VERSION}.${OS}-${ARCH}.tar.gz
类型的包。
wget https://github.com/containerd/containerd/releases/download/v1.5.9/cri-containerd-cni-1.5.9-linux-amd64.tar.gz
直接将压缩包解压到系统目录中:
tar -C / -xzf cri-containerd-cni-1.5.9-linux-amd64.tar.gz
添加环境变量
source ~/.bashrc
生成配置文件
mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
containerd安装包中含有containerd.server
文件在etc/systemd/system/containerd.service
下,所以我们能通过systemd 来配置 containerd 作为守护进程运行,其文件内容为
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
启动containerd
systemctl enable containerd --now
查看Containerd本地CLI命令工具ctr的版本
~ # ctr version
Client:
Version: v1.5.9
Revision: 1407cab509ff0d96baa4f0eb6ff9980270e6e620
Go version: go1.16.12
Server:
Version: v1.5.9
Revision: 1407cab509ff0d96baa4f0eb6ff9980270e6e620
UUID: 20543d70-a71c-4202-a98d-32e54331393b
查看兼容CRI的容器运行时命令行接口crictl的版本:
~ # crictl --version
crictl version 1.20.0-24-g53ad8bb7
命令参考
crictl
生成默认的配置文件:containerd config default > /etc/containerd/config.toml
配置文档地址:containerd / containerd。
镜像加速
在/etc/containerd/config.toml 文件中添加需要加速的镜像信息:
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://registry.aliyuncs.com/k8sxio"]
其中,registry.mirrors."xxx"
表示需要配置 mirror 的镜像仓库原镜像仓库,endpoint
表示提供 mirror 的镜像加速服务。
镜像验证
tls验证
跳过tls验证:
[plugins."io.containerd.grpc.v1.cri".registry.configs."<YOUR REGISTRY>".tls]
insecure_skip_verify = true
用户验证
[plugins."io.containerd.grpc.v1.cri".registry.configs."<YOUR REGISTRY>".auth]
username = "<YOUR USERNAME>"
password = '<USERNAME PASSWORD>'
ctr
/etc/containerd/config.toml
配置文件中的内容仅会对crictl生效。
crictl images list = ctr -n=k8s.io image list
ctr命令
pull image:
ctr i pull --user admin:password --skip-verify <YOUR REGISTRY>/app/web1:latest