Containerd的安装和配置

2022-02-16  本文已影响0人  橘子基因

Containerd 安装

Containerd Github: containerd/containerd

Containerd GitHub上提供了两种类型的压缩包,containerd-${VERSION}.${OS}-${ARCH}.tar.gz不包含依赖包,cri-containerd-cni-${VERSION}.${OS}-${ARCH}.tar.gz包含相关依赖的压缩包,由于 containerd 需要调用 runc,所以我们也需要先安装 runc,所以还是下载cri-containerd-cni-${VERSION}.${OS}-${ARCH}.tar.gz类型的包。

wget https://github.com/containerd/containerd/releases/download/v1.5.9/cri-containerd-cni-1.5.9-linux-amd64.tar.gz

直接将压缩包解压到系统目录中:

tar -C / -xzf cri-containerd-cni-1.5.9-linux-amd64.tar.gz

添加环境变量

source ~/.bashrc

生成配置文件

mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml

containerd安装包中含有containerd.server文件在etc/systemd/system/containerd.service下,所以我们能通过systemd 来配置 containerd 作为守护进程运行,其文件内容为

# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

启动containerd

systemctl enable containerd --now

查看Containerd本地CLI命令工具ctr的版本

~ # ctr version                                                                                                                                                               
Client:
  Version:  v1.5.9
  Revision: 1407cab509ff0d96baa4f0eb6ff9980270e6e620
  Go version: go1.16.12

Server:
  Version:  v1.5.9
  Revision: 1407cab509ff0d96baa4f0eb6ff9980270e6e620
  UUID: 20543d70-a71c-4202-a98d-32e54331393b

查看兼容CRI的容器运行时命令行接口crictl的版本:

~ # crictl --version                                                                                                                                                          
crictl version 1.20.0-24-g53ad8bb7

命令参考

crictl

生成默认的配置文件:containerd config default > /etc/containerd/config.toml
配置文档地址:containerd / containerd

镜像加速

在/etc/containerd/config.toml 文件中添加需要加速的镜像信息:

[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
 endpoint = ["https://registry.aliyuncs.com/k8sxio"]

其中,registry.mirrors."xxx"表示需要配置 mirror 的镜像仓库原镜像仓库,endpoint表示提供 mirror 的镜像加速服务。

镜像验证

tls验证

跳过tls验证:

[plugins."io.containerd.grpc.v1.cri".registry.configs."<YOUR REGISTRY>".tls]
  insecure_skip_verify = true

用户验证

[plugins."io.containerd.grpc.v1.cri".registry.configs."<YOUR REGISTRY>".auth]
  username = "<YOUR USERNAME>"
  password = '<USERNAME PASSWORD>'

ctr

/etc/containerd/config.toml配置文件中的内容仅会对crictl生效。
crictl images list = ctr -n=k8s.io image list

ctr命令

pull image:

ctr i pull --user admin:password --skip-verify <YOUR REGISTRY>/app/web1:latest

参考:

上一篇下一篇

猜你喜欢

热点阅读