【云原生】第十三篇--容器管理工具 Containerd
轻量级或工业级容器管理工具 Containerd
- 一、Containerd介绍
-
- 1.0 前言
- 1.1 Containerd前世今生
- 1.2 Containerd架构
-
- 1.2.1 架构图
- 1.2.2 常用插件
- 1.2.3 架构缩略图
- 1.2.4 与其它容器运行时工具性能对比
- 二、Containerd安装
-
- 2.1 YUM方式安装
-
- 2.1.1 获取YUM源
- 2.1.2 使用yum命令安装
- 2.1.3 验证安装及启动服务
- 2.1.4 验证可用性
- 2.2 二进制方式安装
-
- 2.2.1 获取安装包
- 2.2.2 安装并测试可用性
-
- 2.2.2.1 安装containerd
- 2.2.2.2 查看containerd安装位置
- 2.2.2.3 复制containerd运行时文件至系统
- 2.2.2.4 添加containerd.service文件至系统
- 2.2.2.5 查看containerd使用帮助
- 2.2.2.6 生成containerd模块配置文件
-
- 2.2.2.6.1 生成默认模块配置文件
- 2.2.2.6.2 替换默认配置文件
- 2.2.2.7 启动containerd服务并设置开机自启动
- 2.2.2.8 复制ctr命令至系统
- 2.2.2.9 查看已安装containerd服务版本
- 2.2.2.10 安装runC
-
- 2.2.2.10.1 获取runC
- 2.2.2.10.2 安装runC并验证安装结果
- 三、Containerd容器镜像管理
-
- 3.1 Containerd容器镜像管理命令
- 3.2 查看镜像
- 3.3 下载镜像
- 3.4 镜像挂载
- 3.5 镜像导出
- 3.6 镜像删除
- 3.7 镜像导入
- 3.8 修改镜像tag
- 四、Containerd容器管理
-
- 4.1 获取命令帮助
-
- 4.1.1 获取ctr命令帮助
- 4.1.2 获取创建静态容器命令帮助
- 4.1.3 获取动态容器命令帮助
- 4.2 查看容器
- 4.3 查看任务
- 4.4 创建静态容器
- 4.5 静态容器启动为动态容器
- 4.6 进入容器操作
- 4.7 直接运行一个动态容器
- 4.8 暂停容器
- 4.9 恢复容器
- 4.10 停止容器
- 4.11 删除容器
- 五、Containerd使用私有容器镜像仓库 Harbor
-
- 5.1 Harbor准备
- 5.2 配置Containerd使用Harbor仓库
-
- 5.2.1 Harbor主机名解析
- 5.2.2 修改Containerd配置文件
- 5.2.3 ctr下载镜像
- 5.2.4 ctr上传镜像
- 六、Containerd NameSpace管理
- 七、Containerd Network管理
-
- 7.1 创建CNI网络
-
- 7.1.1 获取CNI工具源码
- 7.1.2 获取CNI Plugins(CNI插件)
- 7.1.3 准备CNI网络配置文件
- 7.1.4 生成CNI网络
- 7.2 为Containerd容器配置网络功能
-
- 7.2.1 创建一个容器
- 7.2.2 进入容器查看其网络情况
- 7.2.3 获取容器进程ID及其网络命名空间
- 7.2.4 为指定容器添加网络配置
- 八、Containerd容器数据持久化存储
- 九、与其它Containerd容器共享命名空间
- 十、Docker集成Containerd实现容器管理
一、Containerd介绍
1.0 前言
-
早在2016年3月,Docker 1.11的Docker Engine里就包含了containerd,而现在则是把containerd从Docker Engine里彻底剥离出来,作为一个独立的开源项目独立发展,目标是提供一个更加开放、稳定的容器运行基础设施。和原先包含在Docker Engine里containerd相比,独立的containerd将具有更多的功能,可以涵盖整个容器运行时管理的所有需求。
-
containerd并不是直接面向最终用户的,而是主要用于集成到更上层的系统里,比如Swarm, Kubernetes, Mesos等容器编排系统。
-
containerd以Daemon的形式运行在系统上,通过暴露底层的gRPC API,上层系统可以通过这些API管理机器上的容器。
-
每个containerd只负责一台机器,Pull镜像,对容器的操作(启动、停止等),网络,存储都是由containerd完成。具体运行容器由runC负责,实际上只要是符合OCI规范的容器都可以支持。
-
对于容器编排服务来说,运行时只需要使用containerd+runC,更加轻量,容易管理。
-
独立之后containerd的特性演进可以和Docker Engine分开,专注容器运行时管理,可以更稳定。
1.1 Containerd前世今生
2013年docker公司在推出docker产品后,由于其对全球技术产生了一定的影响力,Google公司明显感觉到自己公司内部所使用的Brog系统江湖地位受到的威胁,希望Docker公司能够与自己联合打造一款开源的容器运行时作为Docker核心依赖,但Docker公司拒绝了;接着Google公司联合RedHat、IBM等公司说服Docker公司把其容器核心技术libcontainer捐给中立社区(OCI,Open Container Intiative),并更名为runC。
为了进一步遏制Docker在未来技术市场影响力,避免在容器市场上Docker一家独大,Google公司带领导RedHat、IBM等成立了CNCF(Cloud Native Computing Fundation)基金会,即云原生计算基金会。CNCF的目标很明确,既然在容器应用领域无法与Docker相抗衡,那就做Google更有经验的技术市场------大规模容器编排应用场景,Google公司把自己内部使用的Brog系统开源------Kubernetes,也就是我们今天所说的云原生技术生态。
2016年Docker公司推出了Docker Swarm,意在一统Docker生态,让Docker既可以实现容器应用管理,也可以实现大规模容器编排,经过近1年左右时间的市场验证后,发现在容器编排方面无法独立抗衡kubernetes,所以Docker公司于2017年正式宣布原生支持Kubernetes,至此,Docker在大规模容器编排应用市场败下阵来,但是Docker依然不甘心失败,把Docker核心依赖Containerd捐给了CNCF,依此说明Docker依旧是一个PaaS平台。
2020年CNCF基金会宣布Kubernetes 1.20版本将不再仅支持Docker容器管理工具,此事的起因主要也与Docker捐给CNCF基金会的Containerd有关,早期为了实现Kubernetes能够使用Docker实现容器管理,专门在Kubernetes组件中集成一个shim(垫片)技术,用来将Kubernetes容器运行时接口(CRI,Container Runntime Interface)调用翻译成Docker的API,这样就可以很好地使用Docker了,但是随着Kubernetes在全球技术市场的广泛应用,有更多的容器管理工具的出现,它们都想能够借助于Kubernetes被用户所使用,所以就提出标准化容器运行时接口,只要适配了这个接口就可以集成到Kubernetes生态当中,所以Kubernetes取消了对shim的维护,并且由于Containerd技术的成功,可以实现无缝对接Kubernetes,所以接下来Kubernetes容器运行时的主角是Containerd。
1.2 Containerd架构
1.2.1 架构图
Containerd设计的目的是为了嵌入到Kubernetes中使用,它是一个工业级的容器运行时,不提供给开发人员和终端用户直接使用,这样就避免了与Docker产生竞争,但事实上,Containerd已经实现大多数容器管理功能,例如:容器生命周期管理、容器镜像传输和管理、容器存储与网络管理等。
-
Containerd 采用标准的 C/S 架构
- 服务端通过 GRPC 协议提供稳定的 API
- 客户端通过调用服务端的 API 进行高级的操作
-
为了实现解耦,Containerd 将不同的职责划分给不同的组件,每个组件就相当于一个子系统(subsystem)。连接不同子系统的组件被称为模块。
-
Containerd 两大子系统为:
- Bundle : 在 Containerd 中,Bundle 包含了配置、元数据和根文件系统数据,你可以理解为容器的文件系统。而 Bundle 子系统允许用户从镜像中提取和打包 Bundles。
- Runtime : Runtime 子系统用来执行 Bundles,比如创建容器。
其中,每一个子系统的行为都由一个或多个模块协作完成(架构图中的 Core 部分)。每一种类型的模块都以插件的形式集成到 Containerd 中,而且插件之间是相互依赖的。
例如,上图中的每一个长虚线的方框都表示一种类型的插件,包括 Service Plugin、Metadata Plugin、GC Plugin、Runtime Plugin 等,其中 Service Plugin 又会依赖 Metadata Plugin、GC Plugin 和 Runtime Plugin。每一个小方框都表示一个细分的插件,例如 Metadata Plugin 依赖 Containers Plugin、Content Plugin 等。
1.2.2 常用插件
- Content Plugin : 提供对镜像中可寻址内容的访问,所有不可变的内容都被存储在这里。
- Snapshot Plugin : 用来管理容器镜像的文件系统快照。镜像中的每一个 layer 都会被解压成文件系统快照,类似于 Docker 中的
graphdriver。 - Metrics : 暴露各个组件的监控指标。
1.2.3 架构缩略图
Containerd 被分为三个大块:Storage、Metadata 和 Runtime
1.2.4 与其它容器运行时工具性能对比
这是使用 bucketbench 对 Docker、crio 和 Containerd 的性能测试结果,包括启动、停止和删除容器,以比较它们所耗的时间:
结论: Containerd 在各个方面都表现良好,总体性能优于 Docker 和 crio 。
二、Containerd安装
课程操作系统环境为centos7u6
2.1 YUM方式安装
2.1.1 获取YUM源
获取阿里云YUM源
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看YUM源中Containerd软件
# yum list | grep containerd
containerd.io.x86_64 1.4.12-3.1.el7 docker-ce-stable
2.1.2 使用yum命令安装
安装Containerd.io软件,即可安装Containerd
# yum -y install containerd.io
2.1.3 验证安装及启动服务
使用rpm -qa命令查看是否安装
# rpm -qa | grep containerd
containerd.io-1.4.12-3.1.el7.x86_64
设置containerd服务启动及开机自启动
# systemctl enable containerd
# systemctl start containerd
查看containerd服务启动状态
# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2022-02-18 11:38:30 CST; 9s ago 此行第二列及第三列表示其正在运行状态
Docs: https://containerd.io
Process: 59437 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 59439 (containerd)
Tasks: 7
Memory: 19.5M
CGroup: /system.slice/containerd.service
└─59439 /usr/bin/containerd
......
2.1.4 验证可用性
安装Containerd时ctr命令亦可使用,ctr命令主要用于管理容器及容器镜像等。
使用ctr命令查看Containerd客户端及服务端相关信息。
# ctr version
Client:
Version: 1.4.12
Revision: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
Go version: go1.16.10
Server:
Version: 1.4.12
Revision: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
UUID: 3c4b142d-d91d-44a5-aae2-9673785d4b2c
2.2 二进制方式安装
Containerd有两种安装包:
- 第一种是
containerd-xxx,这种包用于单机测试没问题,不包含runC,需要提前安装。 - 第二种是
cri-containerd-cni-xxxx,包含runc和k8s里的所需要的相关文件。k8s集群里需要用到此包。虽然包含runC,但是依赖系统中的seccomp(安全计算模式,是一种限制容器调用系统资源的模式。)
2.2.1 获取安装包
下载Containerd安装包
# wget https://github.com/containerd/containerd/releases/download/v1.6.0/cri-containerd-cni-1.6.0-linux-amd64.tar.gz
2.2.2 安装并测试可用性
2.2.2.1 安装containerd
查看已获取的安装包
# ls
cri-containerd-cni-1.6.0-linux-amd64.tar.gz
解压已下载的软件包
# tar xf cri-containerd-cni-1.6.0-linux-amd64.tar.gz
查看解压后目录
# ls
etc opt usr
查看etc目录,主要为containerd服务管理配置文件及cni虚拟网卡配置文件
# ls etc
cni crictl.yaml systemd
# ls etc/systemd/
system
# ls etc/systemd/system/
containerd.service
查看opt目录,主要为gce环境中使用containerd配置文件及cni插件
# ls opt
cni containerd
# ls opt/containerd/
cluster
# ls opt/containerd/cluster/
gce version
# ls opt/containerd/cluster/gce
cloud-init cni.template configure.sh env
查看usr目录,主要为containerd运行时文件,包含runc
# ls usr
local
# ls usr/local/
bin sbin
# ls usr/local/bin
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
# ls usr/local/sbin
runc
2.2.2.2 查看containerd安装位置
查看containerd.service文件,了解containerd文件安装位置
# cat etc/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd 查看此位置,把containerd二进制文件放置于此处即可完成安装。
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
2.2.2.3 复制containerd运行时文件至系统
查看宿主机/usr/local/bin目录,里面没有任何内容。
# ls /usr/local/bin/
查看解压后usr/local/bin目录,里面包含containerd运行时文件
# ls usr/
local
# ls usr/local/
bin sbin
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
复制containerd文件至/usr/local/bin目录中,本次可仅复制containerd一个文件也可复制全部文件。
# cp usr/local/bin/containerd /usr/local/bin/
# ls /usr/local/bin/
containerd
2.2.2.4 添加containerd.service文件至系统
查看解压后的etc/system目录
# ls etc
cni crictl.yaml systemd
# ls etc/systemd/
system
# ls etc/systemd/system/
containerd.service
复制containerd服务管理配置文件至/usr/lib/systemd/system/目录中
# cp etc/systemd/system/containerd.service /usr/lib/systemd/system/containerd.service
查看复制后结果
# ls /usr/lib/systemd/system/containerd.service
/usr/lib/systemd/system/containerd.service
2.2.2.5 查看containerd使用帮助
# containerd --help
NAME:
containerd -
__ _ __
_________ ____ / /_____ _(_)___ ___ _________/ /
/ ___/ __ \/ __ \/ __/ __ `/ / __ \/ _ \/ ___/ __ /
/ /__/ /_/ / / / / /_/ /_/ / / / / / __/ / / /_/ /
\___/\____/_/ /_/\__/\__,_/_/_/ /_/\___/_/ \__,_/
high performance container runtime
USAGE:
containerd [global options] command [command options] [arguments...]
VERSION:
v1.6.0
DESCRIPTION:
containerd is a high performance container runtime whose daemon can be started
by using this command. If none of the *config*, *publish*, or *help* commands
are specified, the default action of the **containerd** command is to start the
containerd daemon in the foreground.
A default configuration is used if no TOML configuration is specified or located
at the default file location. The *containerd config* command can be used to
generate the default configuration for containerd. The output of that command
can be used and modified as necessary as a custom configuration.
COMMANDS:
config information on the containerd config
publish binary to publish events to containerd
oci-hook provides a base for OCI runtime hooks to allow arguments to be injected.
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--config value, -c value path to the configuration file (default: "/etc/containerd/config.toml")
--log-level value, -l value set the logging level [trace, debug, info, warn, error, fatal, panic]
--address value, -a value address for containerd's GRPC server
--root value containerd root directory
--state value containerd state directory
--help, -h show help
--version, -v print the version
2.2.2.6 生成containerd模块配置文件
2.2.2.6.1 生成默认模块配置文件
Containerd 的默认配置文件为 /etc/containerd/config.toml,可以使用containerd config default > /etc/containerd/config.toml命令创建一份模块配置文件
创建配置文件目录
# mkdir /etc/containerd
生成配置文件
# containerd config default > /etc/containerd/config.toml
查看配置文件
# cat /etc/containerd/config.toml
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2
[cgroup]
path = ""
[debug]
address = ""
format = ""
gid = 0
level = ""
uid = 0
[grpc]
address = "/run/containerd/containerd.sock"
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
tcp_address = ""
tcp_tls_ca = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
[metrics]
address = ""
grpc_histogram = false
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
deletion_threshold = 0
mutation_threshold = 100
pause_threshold = 0.02
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
device_ownership_from_security_context = false
disable_apparmor = false
disable_cgroup = false
disable_hugetlb_controller = true
disable_proc_mount = false
disable_tcp_service = true
enable_selinux = false
enable_tls_streaming = false
enable_unprivileged_icmp = false
enable_unprivileged_ports = false
ignore_image_defined_volumes = false
max_concurrent_downloads = 3
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "k8s.gcr.io/pause:3.6" 由于网络原因,此处被替换
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
systemd_cgroup = false
tolerate_missing_hugetlb_controller = true
unset_seccomp_profile = ""
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
ip_pref = ""
max_conf_num = 1
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
disable_snapshot_annotations = true
discard_unpacked_layers = false
ignore_rdt_not_enabled_errors = false
no_pivot = false
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = false
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = "node"
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.internal.v1.tracing"]
sampling_ratio = 1.0
service_name = "containerd"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.runtime.v1.linux"]
no_shim = false
runtime = "runc"
runtime_root = ""
shim = "containerd-shim"
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
sched_core = false
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.service.v1.tasks-service"]
rdt_config_file = ""
[plugins."io.containerd.snapshotter.v1.aufs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.btrfs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.devmapper"]
async_remove = false
base_image_size = ""
discard_blocks = false
fs_options = ""
fs_type = ""
pool_name = ""
root_path = ""
[plugins."io.containerd.snapshotter.v1.native"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.overlayfs"]
root_path = ""
upperdir_label = false
[plugins."io.containerd.snapshotter.v1.zfs"]
root_path = ""
[plugins."io.containerd.tracing.processor.v1.otlp"]
endpoint = ""
insecure = false
protocol = ""
[proxy_plugins]
[stream_processors]
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar"
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar+gzip"
[timeouts]
"io.containerd.timeout.bolt.open" = "0s"
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[ttrpc]
address = ""
gid = 0
uid = 0
2.2.2.6.2 替换默认配置文件
但上述配置文件后期改动的地方较多,这里直接换成可单机使用也可k8s环境使用的配置文件并配置好镜像加速器。
# vim /etc/containerd/config.toml
# cat /etc/containerd/config.toml
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = -999
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[plugins]
[plugins.cgroups]
no_prometheus = false
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_selinux = false
sandbox_image = "easzlab/pause-amd64:3.2"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
[plugins.cri.containerd]
snapshotter = "overlayfs"
no_pivot = false
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.cni]
bin_dir = "/opt/kube/bin"
conf_dir = "/etc/cni/net.d"
conf_template = "/etc/cni/net.d/10-default.conf"
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
]
[plugins.cri.registry.mirrors."gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."k8s.gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn/google-containers/"
]
[plugins.cri.registry.mirrors."quay.io"]
endpoint = [
"https://quay.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."harbor.kubemsb.com"] 此处添加了本地容器镜像仓库 Harbor,做为本地容器镜像仓库。
endpoint = [
"http://harbor.kubemsb.com"
]
[plugins.cri.x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins.diff-service]
default = ["walking"]
[plugins.linux]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins.opt]
path = "/opt/containerd"
[plugins.restart]
interval = "10s"
[plugins.scheduler]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
2.2.2.7 启动containerd服务并设置开机自启动
# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
# systemctl start containerd
# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2022-02-18 13:02:37 CST; 7s ago
Docs: https://containerd.io
Process: 60383 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 60384 (containerd)
Tasks: 8
Memory: 20.0M
CGroup: /system.slice/containerd.service
└─60384 /usr/local/bin/containerd
......
2.2.2.8 复制ctr命令至系统
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
# cp usr/local/bin/ctr /usr/bin/
2.2.2.9 查看已安装containerd服务版本
# ctr version
Client:
Version: v1.6.0
Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6e
Go version: go1.17.2
Server:
Version: v1.6.0
Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6e
UUID: c1972cbe-884a-41b0-867f-f8a58c168e6d
2.2.2.10 安装runC
由于二进制包中提供的runC默认需要系统中安装seccomp支持,需要单独安装,且不同版本runC对seccomp版本要求一致,所以建议单独下载runC 二进制包进行安装,里面包含了seccomp模块支持。
2.2.2.10.1 获取runC
使用wget下载
# wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
2.2.2.10.2 安装runC并验证安装结果
查看已下载文件
# ls
runc.amd64
安装runC
# mv runc.amd64 /usr/sbin/runc
为runC添加可执行权限
# chmod +x /usr/sbin/runc
使用runc命令验证是否安装成功
# runc -v
runc version 1.1.0
commit: v1.1.0-0-g067aaf85
spec: 1.0.2-dev
go: go1.17.6
libseccomp: 2.5.3
三、Containerd容器镜像管理
3.1 Containerd容器镜像管理命令
- docker使用docker images命令管理镜像
- 单机containerd使用ctr images命令管理镜像,containerd本身的CLI
- k8s中containerd使用crictl images命令管理镜像,Kubernetes社区的专用CLI工具
获取命令帮助
# ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.6.0
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
获取命令帮助
# ctr images
NAME:
ctr images - manage images
USAGE:
ctr images command [command options] [arguments...]
COMMANDS:
check check existing images to ensure all content is available locally
export export images
import import images
list, ls list images known to containerd
mount mount an image to a target path
unmount unmount the image from the target
pull pull an image from a remote
push push an image to a remote
delete, del, remove, rm remove one or more images by reference
tag tag an image
label set and clear labels for an image
convert convert an image
OPTIONS:
--help, -h show help
3.2 查看镜像
# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
3.3 下载镜像
containerd支持oci标准的镜像,所以可以直接使用docker官方或dockerfile构建的镜像
# ctr images pull --all-platforms docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:050385609d832fae11b007fbbfba77d0bba12bf72bc0dca0ac03e09b1998580f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f2303c6c88653b9a6739d50f611c170b9d97d161c6432409c680f6b46a5f112f: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:bef258acf10dc257d641c47c3a600c92f87be4b4ce4a5e4752b3eade7533dcd9: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:8d6ba530f6489d12676d7f61628427d067243ba4a3a512c3e28813b977cb3b0e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:5288d7ad7a7f84bdd19c1e8f0abb8684b5338f3da86fe9ae1d7f0e9bc2de6595: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:39e51c61c033442d00c40a30b2a9ed01f40205875fbd8664c50b4dc3e99ad5cf: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ee6f71c6f4a82b2afd01f92bdf6be0079364d03020e8a2c569062e1c06d3822b: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 11.0s total: 8.7 Mi (809.5 KiB/s)
unpacking linux/amd64 sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3...
done: 1.860946163s
说明:
这里ctr命令pull镜像时,不能直接把镜像名字写成`nginx:alpine`
查看已下载容器镜像
# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
| REF | TYPE | DIGEST |
|---|---|---|
| docker.io/library/nginx:alpine | application/vnd.docker.distribution.manifest.list.v2+json | sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 |
| SIZE | PLATFORMS | LABELS |
|---|---|---|
| 9.7 MiB | linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x | - |
指定平台下载容器镜像
# ctr images pull --platform linux/amd64 docker.io/library/nginx:alpine
3.4 镜像挂载
方便查看镜像中包含的内容。
把已下载的容器镜像挂载至当前文件系统
# ctr images mount docker.io/library/nginx:alpine /mnt
sha256:af2fcce448e2e4451a5f4796a9bf9cb5c9b5f88e0d6d10029cada42fb9d268ac
/mnt
[root@localhost ~]# ls /mnt
bin dev docker-entrypoint.d docker-entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var
卸载
# umount /mnt
3.5 镜像导出
把容器镜像导出
# ctr i export --all-platforms nginx.img docker.io/library/nginx:alpine
说明
--all-platforms,导出所有平台镜像,本版本为1.6版本,1.4版本不需要添加此选项。
查看已导出容器镜像
# ls
nginx.img
# ls -lh
总用量 196M
-rw-r--r-- 1 root root 73M 2月 18 14:48 nginx.img
3.6 镜像删除
删除指定容器镜像
# ctr image rm docker.io/library/nginx:alpine
docker.io/library/nginx:alpine
再次查看容器镜像
[root@192 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
3.7 镜像导入
导入容器镜像
# ctr images import nginx.img
unpacking docker.io/library/nginx:alpine (sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3)...done
3.8 修改镜像tag
# ctr images tag docker.io/library/nginx:alpine nginx:alpine
nginx:alpine
说明:
把docker.io/library/nginx:alpine 修改为 nginx:alpine
查看修改后的容器镜像
# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
修改后对容器镜像做检查比对
# ctr images check
REF TYPE DIGEST STATUS SIZE UNPACKED
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 complete (7/7) 9.7 MiB/9.7 MiB true
nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 complete (7/7) 9.7 MiB/9.7 MiB true
四、Containerd容器管理
4.1 获取命令帮助
4.1.1 获取ctr命令帮助
[root@localhost ~]# ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.6.0
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
4.1.2 获取创建静态容器命令帮助
# ctr container --help
NAME:
ctr containers - manage containers
USAGE:
ctr containers command [command options] [arguments...]
COMMANDS:
create create container
delete, del, remove, rm delete one or more existing containers
info get info about a container
list, ls list containers
label set and clear labels for a container
checkpoint checkpoint a container
restore restore a container from checkpoint
OPTIONS:
--help, -h show help
说明:
使用`ctr container create `命令创建容器后,容器并没有处于运行状态,其只是一个静态的容器。这个 container 对象只是包含了运行一个容器所需的资源及配置的数据结构,例如: namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程(本案例为nginx)还没有启动。需要使用`ctr tasks`命令才能获取一个动态容器。
4.1.3 获取动态容器命令帮助
# ctr run --help
NAME:
ctr run - run a container
USAGE:
ctr run [command options] [flags] Image|RootFS ID [COMMAND] [ARG...]
OPTIONS:
--rm remove the container after running
--null-io send all IO to /dev/null
--log-uri value log uri
--detach, -d detach from the task after it has started execution
--fifo-dir value directory used for storing IO FIFOs
--cgroup value cgroup path (To disable use of cgroup, set to "" explicitly)
--platform value run image for specific platform
--cni enable cni networking for the container
--runc-binary value specify runc-compatible binary
--runc-root value specify runc-compatible root
--runc-systemd-cgroup start runc with systemd cgroup manager
--uidmap container-uid:host-uid:length run inside a user namespace with the specified UID mapping range; specified with the format container-uid:host-uid:length
--gidmap container-gid:host-gid:length run inside a user namespace with the specified GID mapping range; specified with the format container-gid:host-gid:length
--remap-labels provide the user namespace ID remapping to the snapshotter via label options; requires snapshotter support
--cpus value set the CFS cpu quota (default: 0)
--cpu-shares value set the cpu shares (default: 1024)
--snapshotter value snapshotter name. Empty value stands for the default value. [$CONTAINERD_SNAPSHOTTER]
--snapshotter-label value labels added to the new snapshot for this container.
--config value, -c value path to the runtime-specific spec config file
--cwd value specify the working directory of the process
--env value specify additional container environment variables (e.g. FOO=bar)
--env-file value specify additional container environment variables in a file(e.g. FOO=bar, one per line)
--label value specify additional labels (e.g. foo=bar)
--mount value specify additional container mount (e.g. type=bind,src=/tmp,dst=/host,options=rbind:ro)
--net-host enable host networking for the container
--privileged run privileged container
--read-only set the containers filesystem as readonly
--runtime value runtime name (default: "io.containerd.runc.v2")
--runtime-config-path value optional runtime config path
--tty, -t allocate a TTY for the container
--with-ns value specify existing Linux namespaces to join at container runtime (format ':' )
--pid-file value file path to write the task's pid
--gpus value add gpus to the container
--allow-new-privs turn off OCI spec's NoNewPrivileges feature flag
--memory-limit value memory limit (in bytes) for the container (default: 0)
--device value file path to a device to add to the container; or a path to a directory tree of devices to add to the container
--cap-add value add Linux capabilities (Set capabilities with 'CAP_' prefix)
--cap-drop value drop Linux capabilities (Set capabilities with 'CAP_' prefix)
--seccomp enable the default seccomp profile
--seccomp-profile value file path to custom seccomp profile. seccomp must be set to true, before using seccomp-profile
--apparmor-default-profile value enable AppArmor with the default profile with the specified name, e.g. "cri-containerd.apparmor.d"
--apparmor-profile value enable AppArmor with an existing custom profile
--rdt-class value name of the RDT class to associate the container with. Specifies a Class of Service (CLOS) for cache and memory bandwidth management.
--rootfs use custom rootfs that is not managed by containerd snapshotter
--no-pivot disable use of pivot-root (linux only)
--cpu-quota value Limit CPU CFS quota (default: -1)
--cpu-period value Limit CPU CFS period (default: 0)
--rootfs-propagation value set the propagation of the container rootfs
说明:
使用`ctr run`命令可以创建一个静态容器并使其运行。一步到位运行容器。
4.2 查看容器
container表示静态容器,可用c缩写代表container
# ctr container ls
CONTAINER IMAGE RUNTIME
或
# ctr c ls
CONTAINER IMAGE RUNTIME
4.3 查看任务
task表示容器里跑的进程, 可用t缩写代表task
# ctr task ls
TASK PID STATUS
或
# ctr t ls
TASK PID STATUS
4.4 创建静态容器
# ctr c create docker.io/library/nginx:alpine nginx1
# ctr container ls
CONTAINER IMAGE RUNTIME
nginx1 docker.io/library/nginx:alpine io.containerd.runc.v2
查看容器详细信息
# ctr container info nginx1
4.5 静态容器启动为动态容器
复制containerd连接runC垫片工具至系统
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
[root@localhost ~]# cp usr/local/bin/containerd-shim-runc-v2 /usr/bin/
启动task,即表时在容器中运行了进程,即为动态容器。
# ctr task start -d nginx1
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
说明:
-d表示daemon或者后台的意思,否则会卡住终端
查看容器所在宿主机进程,是以宿主机进程的方式存在的。
# ctr task ls
TASK PID STATUS
nginx1 3395 RUNNING
查看容器的进程(都是物理机的进程)
# ctr task ps nginx1
PID INFO
3395 -
3434 -
物理机查看到相应的进程
# ps -ef | grep 3395
root 3395 3375 0 19:16 ? 00:00:00 nginx: master process nginx -g daemon off;
101 3434 3395 0 19:16 ? 00:00:00 nginx: worker process
4.6 进入容器操作
# ctr task exec --exec-id 1 nginx1 /bin/sh
ifconfig 查看网卡信息
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
curl 127.0.0.1 访问本地提供的web服务
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<!DOCTYPE html>
Welcome to nginx<span class="token operator">!</span><<span class="token operator">/</span>title>
<style>
html <span class="token punctuation">{</span> color<span class="token operator">-</span>scheme: light dark<span class="token punctuation">;</span> <span class="token punctuation">}</span>
body <span class="token punctuation">{</span> width: 35em<span class="token punctuation">;</span> margin: 0 auto<span class="token punctuation">;</span>
font<span class="token operator">-</span>family: Tahoma<span class="token punctuation">,</span> Verdana<span class="token punctuation">,</span> Arial<span class="token punctuation">,</span> sans<span class="token operator">-</span>serif<span class="token punctuation">;</span> <span class="token punctuation">}</span>
<<span class="token operator">/</span>style>
<<span class="token operator">/</span>head>
<body>
<h1>Welcome to nginx<span class="token operator">!</span><<span class="token operator">/</span>h1>
<p><span class="token keyword">If</span> you see this page<span class="token punctuation">,</span> the nginx web server is successfully installed and
working<span class="token punctuation">.</span> Further configuration is required<span class="token punctuation">.</span><<span class="token operator">/</span>p>
<p><span class="token keyword">For</span> online documentation and support please refer to
<a href=<span class="token string">"http://nginx.org/"</span>>nginx<span class="token punctuation">.</span>org<<span class="token operator">/</span>a><span class="token punctuation">.</span><br<span class="token operator">/</span>>
Commercial support is available at
<a href=<span class="token string">"http://nginx.com/"</span>>nginx<span class="token punctuation">.</span>com<<span class="token operator">/</span>a><span class="token punctuation">.</span><<span class="token operator">/</span>p>
<p><em>Thank you <span class="token keyword">for</span> <span class="token keyword">using</span> nginx<span class="token punctuation">.</span><<span class="token operator">/</span>em><<span class="token operator">/</span>p>
<<span class="token operator">/</span>body>
<<span class="token operator">/</span>html>
100 615 100 615 0 0 429k 0 <span class="token operator">--</span>:<span class="token operator">--</span>:<span class="token operator">--</span> <span class="token operator">--</span>:<span class="token operator">--</span>:<span class="token operator">--</span> <span class="token operator">--</span>:<span class="token operator">--</span>:<span class="token operator">--</span> 600k
</code></pre>
<pre><code class="prism language-powershell">说明:
为exec进程设定一个id,可以随意输入,只要保证唯一即可,也可使用<span class="token variable">$RANDOM</span>变量。
</code></pre>
<h2>4.7 直接运行一个动态容器</h2>
<pre><code class="prism language-powershell"><span class="token comment"># ctr run -d --net-host docker.io/library/nginx:alpine nginx2</span>
<span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>sh: <span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>d<span class="token operator">/</span> is not empty<span class="token punctuation">,</span> will attempt to perform configuration
<span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>sh: Looking <span class="token keyword">for</span> shell scripts in <span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>d<span class="token operator">/</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
<span class="token operator">*</span> <span class="token operator">-</span>d 代表dameon,后台运行
<span class="token operator">*</span> <span class="token operator">--</span>net<span class="token operator">-</span>host 代表容器的IP就是宿主机的IP<span class="token punctuation">(</span>相当于docker里的host类型网络<span class="token punctuation">)</span>
</code></pre>
<pre><code class="prism language-powershell">查看已运行容器
<span class="token comment"># ctr container ls</span>
CONTAINER IMAGE RUNTIME
nginx2 docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:alpine io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<pre><code class="prism language-powershell">查看已运行容器中运行的进程<span class="token punctuation">,</span>既tasks
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 RUNNING
</code></pre>
<pre><code class="prism language-powershell">进入容器
<span class="token comment"># ctr task exec --exec-id 1 -t nginx2 /bin/sh</span>
</code></pre>
<pre><code class="prism language-powershell"><span class="token operator">/</span> <span class="token comment"># ifconfig </span>
ens33 Link encap:Ethernet HWaddr 00:0C:29:B1:B6:1D
inet addr:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 Bcast:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>255 Mask:255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>0
inet6 addr: fe80::2b33:40ed:9311:8812<span class="token operator">/</span>64 Scope:Link
inet6 addr: fe80::adf4:a8bc:a1c:a9f7<span class="token operator">/</span>64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55360 errors:0 dropped:0 overruns:0 frame:0
TX packets:30526 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:53511295 <span class="token punctuation">(</span>51<span class="token punctuation">.</span>0 MiB<span class="token punctuation">)</span> TX bytes:2735050 <span class="token punctuation">(</span>2<span class="token punctuation">.</span>6 MiB<span class="token punctuation">)</span>
lo Link encap:Local Loopback
inet addr:127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1 Mask:255<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0
inet6 addr: ::1<span class="token operator">/</span>128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5916 <span class="token punctuation">(</span>5<span class="token punctuation">.</span>7 KiB<span class="token punctuation">)</span> TX bytes:5916 <span class="token punctuation">(</span>5<span class="token punctuation">.</span>7 KiB<span class="token punctuation">)</span>
virbr0 Link encap:Ethernet HWaddr 52:54:00:E9:51:82
inet addr:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>1 Bcast:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>255 Mask:255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 <span class="token punctuation">(</span>0<span class="token punctuation">.</span>0 B<span class="token punctuation">)</span> TX bytes:0 <span class="token punctuation">(</span>0<span class="token punctuation">.</span>0 B<span class="token punctuation">)</span>
</code></pre>
<pre><code class="prism language-powershell">为容器中运行的网站添加网站文件
<span class="token operator">/</span> <span class="token comment"># echo "nginx2" > /usr/share/nginx/html/index.html</span>
<span class="token operator">/</span> <span class="token comment"># exit</span>
</code></pre>
<pre><code class="prism language-powershell">在宿主机上访问网站
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># curl 192.168.10.164</span>
nginx2
</code></pre>
<h2>4.8 暂停容器</h2>
<pre><code class="prism language-powershell">查看容器状态
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 RUNNING
</code></pre>
<pre><code class="prism language-powershell">暂停容器
<span class="token comment"># ctr tasks pause nginx2</span>
</code></pre>
<pre><code class="prism language-powershell">再次查看容器状态,看到其状态为PAUSED,表示停止。
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 PAUSED
</code></pre>
<pre><code class="prism language-powershell"><span class="token namespace">[root@localhost ~]</span><span class="token comment"># curl http://192.168.10.164</span>
在宿主机访问,发现不可以访问到网站
</code></pre>
<h2>4.9 恢复容器</h2>
<pre><code class="prism language-powershell">使用resume命令恢复容器
<span class="token comment"># ctr tasks resume nginx2</span>
</code></pre>
<pre><code class="prism language-powershell">查看恢复后状态
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 RUNNING
</code></pre>
<pre><code class="prism language-powershell">在宿主机上访问容器中提供的服务
<span class="token comment"># curl http://192.168.10.164</span>
nginx2
</code></pre>
<h2>4.10 停止容器</h2>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks --help</span>
NAME:
ctr tasks <span class="token operator">-</span> manage tasks
USAGE:
ctr tasks command <span class="token namespace">[command options]</span> <span class="token namespace">[arguments...]</span>
COMMANDS:
attach attach to the IO of a running container
checkpoint checkpoint a container
delete<span class="token punctuation">,</span> <span class="token function">del</span><span class="token punctuation">,</span> remove<span class="token punctuation">,</span> <span class="token function">rm</span> delete one or more tasks
exec execute additional processes in an existing container
list<span class="token punctuation">,</span> <span class="token function">ls</span> list tasks
<span class="token function">kill</span> signal a container <span class="token punctuation">(</span>default: SIGTERM<span class="token punctuation">)</span>
pause pause an existing container
<span class="token function">ps</span> list processes <span class="token keyword">for</span> container
resume resume a paused container
<span class="token function">start</span> <span class="token function">start</span> a container that has been created
metrics<span class="token punctuation">,</span> metric get a single <span class="token keyword">data</span> point of metrics <span class="token keyword">for</span> a task with the built<span class="token operator">-in</span> Linux runtime
OPTIONS:
<span class="token operator">--</span>help<span class="token punctuation">,</span> <span class="token operator">-</span>h show help
</code></pre>
<pre><code class="prism language-powershell">使用<span class="token function">kill</span>命令停止容器中运行的进程,既为停止容器
<span class="token comment"># ctr tasks kill nginx2</span>
</code></pre>
<pre><code class="prism language-powershell">查看容器停止后状态,STATUS为STOPPED
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx1 3395 RUNNING
nginx2 4061 STOPPED
</code></pre>
<h2>4.11 删除容器</h2>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks delete nginx2</span>
必须先停止tasks或先删除task,再删除容器
</code></pre>
<pre><code class="prism language-powershell">查看静态容器,确认其还存在于系统中
<span class="token comment"># ctr container ls</span>
CONTAINER IMAGE RUNTIME
nginx2 docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:alpine io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<pre><code class="prism language-powershell">删除容器
<span class="token comment"># ctr container delete nginx2</span>
</code></pre>
<h1>五、Containerd使用私有容器镜像仓库 Harbor</h1>
<h2>5.1 Harbor准备</h2>
<p><a href="http://img.e-com-net.com/image/info8/ab8ff6d6406447f48616f53bc920a257.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/ab8ff6d6406447f48616f53bc920a257.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第14张图片" width="650" height="264" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/b6cc2cabde8d4ff58dd0ed11b7d02541.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/b6cc2cabde8d4ff58dd0ed11b7d02541.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第15张图片" width="650" height="278" style="border:1px solid black;"></a></p>
<h2>5.2 配置Containerd使用Harbor仓库</h2>
<h3>5.2.1 Harbor主机名解析</h3>
<blockquote>
<p>在所有安装containerd宿主机上添加此配置信息。</p>
</blockquote>
<pre><code class="prism language-powershell"><span class="token comment"># vim /etc/hosts</span>
<span class="token comment"># cat /etc/hosts</span>
127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1 localhost localhost<span class="token punctuation">.</span>localdomain localhost4 localhost4<span class="token punctuation">.</span>localdomain4
::1 localhost localhost<span class="token punctuation">.</span>localdomain localhost6 localhost6<span class="token punctuation">.</span>localdomain6
192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165 harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com
</code></pre>
<pre><code class="prism language-powershell">说明
<span class="token operator">*</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165是harbor的IP
<span class="token operator">*</span> harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com建议用FQDN形式,如果用类似harbor这种短名,后面下载镜像会出问题
</code></pre>
<h3>5.2.2 修改Containerd配置文件</h3>
<pre><code class="prism language-powershell">此配置文件已提前替换过,仅修改本地容器镜像仓库地址即可。
<span class="token comment"># vim /etc/containerd/config.toml</span>
<span class="token comment"># cat /etc/containerd/config.toml</span>
root = <span class="token string">"/var/lib/containerd"</span>
state = <span class="token string">"/run/containerd"</span>
oom_score = <span class="token operator">-</span>999
<span class="token namespace">[grpc]</span>
address = <span class="token string">"/run/containerd/containerd.sock"</span>
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
<span class="token namespace">[debug]</span>
address = <span class="token string">""</span>
uid = 0
gid = 0
level = <span class="token string">""</span>
<span class="token namespace">[metrics]</span>
address = <span class="token string">""</span>
grpc_histogram = false
<span class="token namespace">[cgroup]</span>
path = <span class="token string">""</span>
<span class="token namespace">[plugins]</span>
<span class="token namespace">[plugins.cgroups]</span>
no_prometheus = false
<span class="token namespace">[plugins.cri]</span>
stream_server_address = <span class="token string">"127.0.0.1"</span>
stream_server_port = <span class="token string">"0"</span>
enable_selinux = false
sandbox_image = <span class="token string">"easzlab/pause-amd64:3.2"</span>
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
<span class="token namespace">[plugins.cri.containerd]</span>
snapshotter = <span class="token string">"overlayfs"</span>
no_pivot = false
<span class="token namespace">[plugins.cri.containerd.default_runtime]</span>
runtime_type = <span class="token string">"io.containerd.runtime.v1.linux"</span>
runtime_engine = <span class="token string">""</span>
runtime_root = <span class="token string">""</span>
<span class="token namespace">[plugins.cri.containerd.untrusted_workload_runtime]</span>
runtime_type = <span class="token string">""</span>
runtime_engine = <span class="token string">""</span>
runtime_root = <span class="token string">""</span>
<span class="token namespace">[plugins.cri.cni]</span>
bin_dir = <span class="token string">"/opt/kube/bin"</span>
conf_dir = <span class="token string">"/etc/cni/net.d"</span>
conf_template = <span class="token string">"/etc/cni/net.d/10-default.conf"</span>
<span class="token namespace">[plugins.cri.registry]</span>
<span class="token namespace">[plugins.cri.registry.mirrors]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"docker.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://docker.mirrors.ustc.edu.cn"</span><span class="token punctuation">,</span>
<span class="token string">"http://hub-mirror.c.163.com"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"gcr.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://gcr.mirrors.ustc.edu.cn"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"k8s.gcr.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://gcr.mirrors.ustc.edu.cn/google-containers/"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"quay.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://quay.mirrors.ustc.edu.cn"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"harbor.kubemsb.com"</span><span class="token punctuation">]</span> 在此处添加<span class="token punctuation">,</span>在镜像加速器下面添加这一段
endpoint = <span class="token punctuation">[</span>
<span class="token string">"http://harbor.kubemsb.com"</span>
<span class="token punctuation">]</span>
<span class="token namespace">[plugins.cri.x509_key_pair_streaming]</span>
tls_cert_file = <span class="token string">""</span>
tls_key_file = <span class="token string">""</span>
<span class="token namespace">[plugins.diff-service]</span>
default = <span class="token punctuation">[</span><span class="token string">"walking"</span><span class="token punctuation">]</span>
<span class="token namespace">[plugins.linux]</span>
shim = <span class="token string">"containerd-shim"</span>
runtime = <span class="token string">"runc"</span>
runtime_root = <span class="token string">""</span>
no_shim = false
shim_debug = false
<span class="token namespace">[plugins.opt]</span>
path = <span class="token string">"/opt/containerd"</span>
<span class="token namespace">[plugins.restart]</span>
interval = <span class="token string">"10s"</span>
<span class="token namespace">[plugins.scheduler]</span>
pause_threshold = 0<span class="token punctuation">.</span>02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = <span class="token string">"0s"</span>
startup_delay = <span class="token string">"100ms"</span>
</code></pre>
<pre><code class="prism language-powershell">重启containerd,以便于重新加载配置文件。
<span class="token comment"># systemctl restart containerd</span>
</code></pre>
<h3>5.2.3 ctr下载镜像</h3>
<pre><code class="prism language-powershell">下载容器镜像
<span class="token comment"># ctr images pull --platform linux/amd64 docker.io/library/nginx:latest</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
<span class="token operator">*</span> <span class="token operator">--</span>platform linux<span class="token operator">/</span>amd64 指定系统平台,也可以使用<span class="token operator">--</span>all<span class="token operator">-</span>platforms指定所有平台镜像。
</code></pre>
<pre><code class="prism language-powershell">输出:
docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest: resolved <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
index<span class="token operator">-</span>sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
manifest<span class="token operator">-</span>sha256:bb129a712c2431ecce4af8dde831e980373b26368233ef0f3b2bae9e9ec515ee: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:b559bad762bec166fd028483dd2a03f086d363ee827d8c98b7268112c508665a: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
config<span class="token operator">-</span>sha256:c316d5a335a5cf324b0dc83b3da82d7608724769f6454f6d9a621f3ec2534a5a: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:5eb5b503b37671af16371272f9c5313a3e82f1d0756e14506704489ad9900803: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:1ae07ab881bd848493ad54c2ba32017f94d1d8dbfd0ba41b618f17e80f834a0f: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:78091884b7bea0fa918527207924e9993bcc21bf7f1c9687da40042ceca31ac9: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:091c283c6a66ad0edd2ab84cb10edacc00a1a7bc5277f5365c0d5c5457a75aff: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:55de5851019b8f65ed6e28120c6300e35e556689d021e4b3411c7f4e90a9704b: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
elapsed: 20<span class="token punctuation">.</span>0s total: 53<span class="token punctuation">.</span>2 M <span class="token punctuation">(</span>2<span class="token punctuation">.</span>7 MiB<span class="token operator">/</span>s<span class="token punctuation">)</span>
unpacking linux<span class="token operator">/</span>amd64 sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
done: 3<span class="token punctuation">.</span>028652226s
</code></pre>
<pre><code class="prism language-powershell">查看已下载容器镜像
<span class="token comment"># ctr images ls</span>
REF <span class="token function">TYPE</span> DIGEST SIZE PLATFORMS LABELS
docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest application<span class="token operator">/</span>vnd<span class="token punctuation">.</span>docker<span class="token punctuation">.</span>distribution<span class="token punctuation">.</span>manifest<span class="token punctuation">.</span>list<span class="token punctuation">.</span>v2<span class="token operator">+</span>json sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767 54<span class="token punctuation">.</span>1 MiB linux<span class="token operator">/</span>386<span class="token punctuation">,</span>linux<span class="token operator">/</span>amd64<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v5<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v7<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm64<span class="token operator">/</span>v8<span class="token punctuation">,</span>linux<span class="token operator">/</span>mips64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>ppc64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>s390x <span class="token operator">-</span>
</code></pre>
<h3>5.2.4 ctr上传镜像</h3>
<blockquote>
<p>上传到Harbor library公有项目</p>
</blockquote>
<pre><code class="prism language-powershell">重新生成新的tag
<span class="token comment"># ctr images tag docker.io/library/nginx:latest harbor.kubemsb.com/library/nginx:latest</span>
harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest
</code></pre>
<pre><code class="prism language-powershell">查看已生成容器镜像
<span class="token comment"># ctr images ls</span>
REF <span class="token function">TYPE</span> DIGEST SIZE PLATFORMS LABELS
docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest application<span class="token operator">/</span>vnd<span class="token punctuation">.</span>docker<span class="token punctuation">.</span>distribution<span class="token punctuation">.</span>manifest<span class="token punctuation">.</span>list<span class="token punctuation">.</span>v2<span class="token operator">+</span>json sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767 54<span class="token punctuation">.</span>1 MiB linux<span class="token operator">/</span>386<span class="token punctuation">,</span>linux<span class="token operator">/</span>amd64<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v5<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v7<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm64<span class="token operator">/</span>v8<span class="token punctuation">,</span>linux<span class="token operator">/</span>mips64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>ppc64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>s390x <span class="token operator">-</span>
harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest application<span class="token operator">/</span>vnd<span class="token punctuation">.</span>docker<span class="token punctuation">.</span>distribution<span class="token punctuation">.</span>manifest<span class="token punctuation">.</span>list<span class="token punctuation">.</span>v2<span class="token operator">+</span>json sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767 54<span class="token punctuation">.</span>1 MiB linux<span class="token operator">/</span>386<span class="token punctuation">,</span>linux<span class="token operator">/</span>amd64<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v5<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v7<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm64<span class="token operator">/</span>v8<span class="token punctuation">,</span>linux<span class="token operator">/</span>mips64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>ppc64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>s390x <span class="token operator">-</span>
</code></pre>
<pre><code class="prism language-powershell">推送容器镜像至Harbor
<span class="token comment"># ctr images push --platform linux/amd64 --plain-http -u admin:Harbor12345 harbor.kubemsb.com/library/nginx:latest</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
<span class="token operator">*</span> 先tag再push
<span class="token operator">*</span> 因为我们harbor是http协议,不是https协议,所以需要加上`<span class="token operator">--</span>plain<span class="token operator">-</span>http`
<span class="token operator">*</span> `<span class="token operator">--</span>user admin:Harbor12345`指定harbor的用户名与密码
</code></pre>
<pre><code class="prism language-powershell">输出:
manifest<span class="token operator">-</span>sha256:0fd68ec4b64b8dbb2bef1f1a5de9d47b658afd3635dc9c45bf0cbeac46e72101: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
config<span class="token operator">-</span>sha256:dd025cdfe837e1c6395365870a491cf16bae668218edb07d85c626928a60e478: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
elapsed: 0<span class="token punctuation">.</span>5 s total: 9<span class="token punctuation">.</span>3 Ki <span class="token punctuation">(</span>18<span class="token punctuation">.</span>1 KiB<span class="token operator">/</span>s<span class="token punctuation">)</span>
</code></pre>
<p><a href="http://img.e-com-net.com/image/info8/500aafc831164b20827f977f999ebf5e.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/500aafc831164b20827f977f999ebf5e.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第16张图片" width="650" height="232" style="border:1px solid black;"></a></p>
<pre><code class="prism language-powershell">下载已上传容器镜像
<span class="token comment"># ctr images pull --plain-http harbor.kubemsb.com/library/nginx:latest</span>
</code></pre>
<h1>六、Containerd NameSpace管理</h1>
<blockquote>
<p>containerd中namespace的作用为:隔离运行的容器,可以实现运行多个容器。</p>
</blockquote>
<pre><code class="prism language-powershell">查看命令帮助
<span class="token comment"># ctr namespace --help</span>
NAME:
ctr namespaces <span class="token operator">-</span> manage namespaces
USAGE:
ctr namespaces command <span class="token namespace">[command options]</span> <span class="token namespace">[arguments...]</span>
COMMANDS:
create<span class="token punctuation">,</span> c create a new namespace
list<span class="token punctuation">,</span> <span class="token function">ls</span> list namespaces
remove<span class="token punctuation">,</span> <span class="token function">rm</span> remove one or more namespaces
label <span class="token function">set</span> and clear labels <span class="token keyword">for</span> a namespace
OPTIONS:
<span class="token operator">--</span>help<span class="token punctuation">,</span> <span class="token operator">-</span>h show help
</code></pre>
<pre><code class="prism language-powershell">列出已有namespace
<span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
</code></pre>
<pre><code class="prism language-powershell">创建namespace
<span class="token comment"># ctr namespace create kubemsb</span>
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
kubemsb 此命名空间为新添加的
</code></pre>
<pre><code class="prism language-powershell">删除namespace
<span class="token comment"># ctr namespace rm kubemsb</span>
kubemsb
再次查看是否删除
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
</code></pre>
<pre><code class="prism language-powershell">查看指定namespace中是否有用户进程在运行
<span class="token comment"># ctr -n kubemsb tasks ls</span>
TASK PID STATUS
</code></pre>
<pre><code class="prism language-powershell">在指定namespace中下载容器镜像
<span class="token comment"># ctr -n kubemsb images pull docker.io/library/nginx:latest</span>
</code></pre>
<pre><code class="prism language-powershell">在指定namespace中创建静态容器
<span class="token comment"># ctr -n kubemsb container create docker.io/library/nginx:latest nginxapp</span>
</code></pre>
<pre><code class="prism language-powershell">查看在指定namespace中创建的容器
<span class="token comment"># ctr -n kubemsb container ls</span>
CONTAINER IMAGE RUNTIME
nginxapp docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<h1>七、Containerd Network管理</h1>
<blockquote>
<p>默认Containerd管理的容器仅有lo网络,无法访问容器之外的网络,可以为其添加网络插件,使用容器可以连接外网。CNI(Container Network Interface)</p>
</blockquote>
<h2>7.1 创建CNI网络</h2>
<table>
<thead>
<tr>
<th><em>containernetworking</em>/<em>cni</em></th>
<th> CNI v1.0.1</th>
</tr>
</thead>
<tbody>
<tr>
<td><em>containernetworking</em>/<em>plugins</em></td>
<td> CNI Plugins v1.0.1</td>
</tr>
</tbody>
</table>
<h3>7.1.1 获取CNI工具源码</h3>
<p><a href="http://img.e-com-net.com/image/info8/bf1f327731bb4d02ad612d8173dfd9b9.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/bf1f327731bb4d02ad612d8173dfd9b9.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第17张图片" width="650" height="391" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/1f471651e6024cbfa03f40095daa2030.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/1f471651e6024cbfa03f40095daa2030.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第18张图片" width="650" height="322" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/1d68fe7cd7d147a2a699db704b068d0b.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/1d68fe7cd7d147a2a699db704b068d0b.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第19张图片" width="650" height="381" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/1bc10f90722443c98b7cb61b08c968d2.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/1bc10f90722443c98b7cb61b08c968d2.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第20张图片" width="650" height="389" style="border:1px solid black;"></a></p>
<pre><code class="prism language-powershell">使用wget下载cni工具源码包
<span class="token comment"># wget https://github.com/containernetworking/cni/archive/refs/tags/v1.0.1.tar.gz</span>
</code></pre>
<pre><code class="prism language-powershell">查看已下载cni工具源码包
<span class="token comment"># ls</span>
v1<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token punctuation">.</span>tar<span class="token punctuation">.</span>gz
解压已下载cni工具源码包
<span class="token comment"># tar xf v1.0.1.tar.gz</span>
查看解压后已下载cni工具源码包
<span class="token comment"># ls</span>
cni<span class="token operator">-</span>1<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1
重命名已下载cni工具源码包目录
<span class="token comment"># mv cni-1.0.1 cni</span>
查看重新命名后目录
<span class="token comment"># ls</span>
cni
查看cni工具目录中包含的文件
<span class="token comment"># ls cni</span>
cnitool CONTRIBUTING<span class="token punctuation">.</span>md DCO go<span class="token punctuation">.</span>mod GOVERNANCE<span class="token punctuation">.</span>md LICENSE MAINTAINERS plugins RELEASING<span class="token punctuation">.</span>md scripts test<span class="token punctuation">.</span>sh
CODE<span class="token operator">-</span>OF<span class="token operator">-</span>CONDUCT<span class="token punctuation">.</span>md CONVENTIONS<span class="token punctuation">.</span>md Documentation go<span class="token punctuation">.</span>sum libcni logo<span class="token punctuation">.</span>png pkg README<span class="token punctuation">.</span>md ROADMAP<span class="token punctuation">.</span>md SPEC<span class="token punctuation">.</span>md
</code></pre>
<h3>7.1.2 获取CNI Plugins(CNI插件)</h3>
<p><a href="http://img.e-com-net.com/image/info8/e74f4e97982d4222876fbf67b93c2795.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/e74f4e97982d4222876fbf67b93c2795.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第21张图片" width="650" height="396" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/5c6814ba83c94727902e8a7a3aa23a22.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/5c6814ba83c94727902e8a7a3aa23a22.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第22张图片" width="650" height="277" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/3ec44f8efc7a4d279e1f65188653ce77.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/3ec44f8efc7a4d279e1f65188653ce77.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第23张图片" width="650" height="339" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/21a862cc898c4e6ba120a4c11691b07c.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/21a862cc898c4e6ba120a4c11691b07c.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第24张图片" width="650" height="218" style="border:1px solid black;"></a></p>
<pre><code class="prism language-powershell">使用wget下载cni插件工具源码包
<span class="token comment"># wget https://github.com/containernetworking/plugins/releases/download/v1.0.1/cni-plugins-linux-amd64-v1.0.1.tgz</span>
</code></pre>
<pre><code class="prism language-powershell">查看已下载cni插件工具源码包
<span class="token comment"># ls</span>
cni<span class="token operator">-</span>plugins<span class="token operator">-</span>linux<span class="token operator">-</span>amd64<span class="token operator">-</span>v1<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token punctuation">.</span>tgz
cni
创建cni插件工具解压目录
<span class="token comment"># mkdir /home/cni-plugins</span>
解压cni插件工具至上述创建的目录中
<span class="token comment"># tar xf cni-plugins-linux-amd64-v1.0.1.tgz -C /home/cni-plugins</span>
查看解压后目录
<span class="token comment"># ls cni-plugins</span>
bandwidth bridge dhcp firewall host<span class="token operator">-</span>device host<span class="token operator">-</span>local ipvlan loopback macvlan portmap ptp sbr static tuning vlan vrf
</code></pre>
<h3>7.1.3 准备CNI网络配置文件</h3>
<blockquote>
<p>准备容器网络配置文件,用于为容器提供网关、IP地址等。</p>
</blockquote>
<pre><code class="prism language-powershell">创建名为mynet的网络,其中包含名为cni0的网桥
<span class="token comment"># vim /etc/cni/net.d/10-mynet.conf</span>
<span class="token comment"># cat /etc/cni/net.d/10-mynet.conf</span>
<span class="token punctuation">{</span>
<span class="token string">"cniVersion"</span>: <span class="token string">"1.0.0"</span><span class="token punctuation">,</span>
<span class="token string">"name"</span>: <span class="token string">"mynet"</span><span class="token punctuation">,</span>
<span class="token string">"type"</span>: <span class="token string">"bridge"</span><span class="token punctuation">,</span>
<span class="token string">"bridge"</span>: <span class="token string">"cni0"</span><span class="token punctuation">,</span>
<span class="token string">"isGateway"</span>: true<span class="token punctuation">,</span>
<span class="token string">"ipMasq"</span>: true<span class="token punctuation">,</span>
<span class="token string">"ipam"</span>: <span class="token punctuation">{</span>
<span class="token string">"type"</span>: <span class="token string">"host-local"</span><span class="token punctuation">,</span>
<span class="token string">"subnet"</span>: <span class="token string">"10.66.0.0/16"</span><span class="token punctuation">,</span>
<span class="token string">"routes"</span>: <span class="token punctuation">[</span>
<span class="token punctuation">{</span> <span class="token string">"dst"</span>: <span class="token string">"0.0.0.0/0"</span> <span class="token punctuation">}</span>
<span class="token punctuation">]</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre>
<pre><code class="prism language-powershell"><span class="token comment"># vim /etc/cni/net.d/99-loopback.conf</span>
<span class="token comment"># cat /etc/cni/net.d/99-loopback.conf</span>
<span class="token punctuation">{</span>
<span class="token string">"cniVerion"</span>: <span class="token string">"1.0.0"</span><span class="token punctuation">,</span>
<span class="token string">"name"</span>: <span class="token string">"lo"</span><span class="token punctuation">,</span>
<span class="token string">"type"</span>: <span class="token string">"loopback"</span>
<span class="token punctuation">}</span>
</code></pre>
<h3>7.1.4 生成CNI网络</h3>
<pre><code class="prism language-powershell">获取epel源
<span class="token comment"># wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo</span>
安装jq
<span class="token comment"># yum -y install jq</span>
</code></pre>
<pre><code class="prism language-powershell">进入cni工具目录
<span class="token comment"># cd cni</span>
<span class="token namespace">[root@localhost cni]</span><span class="token comment"># ls</span>
cnitool CONTRIBUTING<span class="token punctuation">.</span>md DCO go<span class="token punctuation">.</span>mod GOVERNANCE<span class="token punctuation">.</span>md LICENSE MAINTAINERS plugins RELEASING<span class="token punctuation">.</span>md scripts test<span class="token punctuation">.</span>sh
CODE<span class="token operator">-</span>OF<span class="token operator">-</span>CONDUCT<span class="token punctuation">.</span>md CONVENTIONS<span class="token punctuation">.</span>md Documentation go<span class="token punctuation">.</span>sum libcni logo<span class="token punctuation">.</span>png pkg README<span class="token punctuation">.</span>md ROADMAP<span class="token punctuation">.</span>md SPEC<span class="token punctuation">.</span>md
必须在scripts目录中执行,需要依赖exec<span class="token operator">-</span>plugins<span class="token punctuation">.</span>sh文件,再次进入scripts目录
<span class="token namespace">[root@localhost cni]</span><span class="token comment"># cd scripts/ </span>
查看执行脚本文件
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># ls</span>
docker<span class="token operator">-</span>run<span class="token punctuation">.</span>sh exec<span class="token operator">-</span>plugins<span class="token punctuation">.</span>sh priv<span class="token operator">-</span>net<span class="token operator">-</span>run<span class="token punctuation">.</span>sh release<span class="token punctuation">.</span>sh
执行脚本文件,基于<span class="token operator">/</span>etc<span class="token operator">/</span>cni<span class="token operator">/</span>net<span class="token punctuation">.</span>d<span class="token operator">/</span>目录中的<span class="token operator">*</span><span class="token punctuation">.</span>conf配置文件生成容器网络
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># CNI_PATH=/home/cni-plugins ./priv-net-run.sh echo "Hello World"</span>
Hello World
</code></pre>
<pre><code class="prism language-powershell">在宿主机上查看是否生成容器网络名为cni0的网桥
<span class="token comment"># ip a s</span>
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
5: cni0: <NO<span class="token operator">-</span>CARRIER<span class="token punctuation">,</span>BROADCAST<span class="token punctuation">,</span>MULTICAST<span class="token punctuation">,</span>UP> mtu 1500 qdisc noqueue state DOWN <span class="token function">group</span> default qlen 1000
link<span class="token operator">/</span>ether 36:af:7a:4a:d6:12 brd ff:ff:ff:ff:ff:ff
inet 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token operator">/</span>16 brd 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255 scope global cni0
valid_lft forever preferred_lft forever
inet6 fe80::34af:7aff:fe4a:d612<span class="token operator">/</span>64 scope link
valid_lft forever preferred_lft forever
</code></pre>
<pre><code class="prism language-powershell">在宿主机上查看其路由表情况
<span class="token comment"># ip route</span>
default via 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2 dev ens33 proto dhcp metric 100
10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token operator">/</span>16 dev cni0 proto kernel scope link src 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1
192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>0<span class="token operator">/</span>24 dev ens33 proto kernel scope link src 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 metric 100
192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>0<span class="token operator">/</span>24 dev virbr0 proto kernel scope link src 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>1
</code></pre>
<h2>7.2 为Containerd容器配置网络功能</h2>
<h3>7.2.1 创建一个容器</h3>
<pre><code class="prism language-powershell"><span class="token comment"># ctr images ls</span>
REF <span class="token function">TYPE</span> DIGEST SIZE PLATFORMS LABELS
<span class="token comment"># ctr images pull docker.io/library/busybox:latest</span>
<span class="token comment"># ctr run -d docker.io/library/busybox:latest busybox</span>
<span class="token comment"># ctr container ls</span>
CONTAINER IMAGE RUNTIME
busybox docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>busybox:latest io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
busybox 8377 RUNNING
</code></pre>
<h3>7.2.2 进入容器查看其网络情况</h3>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox sh</span>
<span class="token operator">/</span> <span class="token comment"># ip a s</span>
1: lo: <LOOPBACK<span class="token punctuation">,</span>UP<span class="token punctuation">,</span>LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link<span class="token operator">/</span>loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token operator">/</span>8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1<span class="token operator">/</span>128 scope host
valid_lft forever preferred_lft forever
</code></pre>
<h3>7.2.3 获取容器进程ID及其网络命名空间</h3>
<pre><code class="prism language-powershell">在宿主机中完成指定容器进程ID获取
<span class="token comment"># pid=$(ctr tasks ls | grep busybox | awk '{print $2}')</span>
<span class="token comment"># echo $pid</span>
8377
</code></pre>
<pre><code class="prism language-powershell">在宿主机中完成指定容器网络命名空间路径获取
<span class="token comment"># netnspath=/proc/$pid/ns/net</span>
<span class="token comment"># echo $netnspath</span>
<span class="token operator">/</span>proc<span class="token operator">/</span>8377<span class="token operator">/</span>ns<span class="token operator">/</span>net
</code></pre>
<h3>7.2.4 为指定容器添加网络配置</h3>
<pre><code class="prism language-powershell">确认执行脚本文件时所在的目录
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># pwd</span>
<span class="token operator">/</span>home<span class="token operator">/</span>cni<span class="token operator">/</span>scripts
</code></pre>
<pre><code class="prism language-powershell">执行脚本文件为容器添加网络配置
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># CNI_PATH=/home/cni-plugins ./exec-plugins.sh add $pid $netnspath</span>
</code></pre>
<pre><code class="prism language-powershell">进入容器确认是否添加网卡信息
<span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox sh</span>
<span class="token operator">/</span> <span class="token comment"># ip a s</span>
1: lo: <LOOPBACK<span class="token punctuation">,</span>UP<span class="token punctuation">,</span>LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link<span class="token operator">/</span>loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token operator">/</span>8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1<span class="token operator">/</span>128 scope host
valid_lft forever preferred_lft forever
2: eth0@if7: <BROADCAST<span class="token punctuation">,</span>MULTICAST<span class="token punctuation">,</span>UP<span class="token punctuation">,</span>LOWER_UP<span class="token punctuation">,</span>M<span class="token operator">-</span>DOWN> mtu 1500 qdisc noqueue
link<span class="token operator">/</span>ether a2:35:b7:e0:60:0a brd ff:ff:ff:ff:ff:ff
inet 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>3<span class="token operator">/</span>16 brd 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a035:b7ff:fee0:600a<span class="token operator">/</span>64 scope link
valid_lft forever preferred_lft forever
在容器中ping容器宿主机IP地址
<span class="token operator">/</span> <span class="token comment"># ping -c 2 192.168.10.164</span>
PING 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 <span class="token punctuation">(</span>192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164<span class="token punctuation">)</span>: 56 <span class="token keyword">data</span> bytes
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164: seq=0 ttl=64 time=0<span class="token punctuation">.</span>132 ms
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164: seq=1 ttl=64 time=0<span class="token punctuation">.</span>044 ms
<span class="token operator">--</span><span class="token operator">-</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 ping statistics <span class="token operator">--</span><span class="token operator">-</span>
2 packets transmitted<span class="token punctuation">,</span> 2 packets received<span class="token punctuation">,</span> 0<span class="token operator">%</span> packet loss
round<span class="token operator">-</span>trip min<span class="token operator">/</span>avg<span class="token operator">/</span>max = 0<span class="token punctuation">.</span>044<span class="token operator">/</span>0<span class="token punctuation">.</span>088<span class="token operator">/</span>0<span class="token punctuation">.</span>132 ms
在容器中ping宿主机所在网络的网关IP地址
<span class="token operator">/</span> <span class="token comment"># ping -c 2 192.168.10.2</span>
PING 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2 <span class="token punctuation">(</span>192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2<span class="token punctuation">)</span>: 56 <span class="token keyword">data</span> bytes
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2: seq=0 ttl=127 time=0<span class="token punctuation">.</span>338 ms
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2: seq=1 ttl=127 time=0<span class="token punctuation">.</span>280 ms
<span class="token operator">--</span><span class="token operator">-</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2 ping statistics <span class="token operator">--</span><span class="token operator">-</span>
2 packets transmitted<span class="token punctuation">,</span> 2 packets received<span class="token punctuation">,</span> 0<span class="token operator">%</span> packet loss
round<span class="token operator">-</span>trip min<span class="token operator">/</span>avg<span class="token operator">/</span>max = 0<span class="token punctuation">.</span>280<span class="token operator">/</span>0<span class="token punctuation">.</span>309<span class="token operator">/</span>0<span class="token punctuation">.</span>338 ms
在容器中ping宿主机所在网络中的其它主机IP地址
<span class="token operator">/</span> <span class="token comment"># ping -c 2 192.168.10.165</span>
PING 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165 <span class="token punctuation">(</span>192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165<span class="token punctuation">)</span>: 56 <span class="token keyword">data</span> bytes
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165: seq=0 ttl=63 time=0<span class="token punctuation">.</span>422 ms
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165: seq=1 ttl=63 time=0<span class="token punctuation">.</span>908 ms
<span class="token operator">--</span><span class="token operator">-</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165 ping statistics <span class="token operator">--</span><span class="token operator">-</span>
2 packets transmitted<span class="token punctuation">,</span> 2 packets received<span class="token punctuation">,</span> 0<span class="token operator">%</span> packet loss
round<span class="token operator">-</span>trip min<span class="token operator">/</span>avg<span class="token operator">/</span>max = 0<span class="token punctuation">.</span>422<span class="token operator">/</span>0<span class="token punctuation">.</span>665<span class="token operator">/</span>0<span class="token punctuation">.</span>908 ms
</code></pre>
<pre><code class="prism language-powershell">在容器中开启httpd服务
<span class="token operator">/</span> <span class="token comment"># echo "containerd net web test" > /tmp/index.html</span>
<span class="token operator">/</span> <span class="token comment"># httpd -h /tmp</span>
<span class="token operator">/</span> <span class="token comment"># wget -O - -q 127.0.0.1</span>
containerd net web test
<span class="token operator">/</span> <span class="token comment"># exit</span>
</code></pre>
<pre><code class="prism language-powershell">在宿主机访问容器提供的httpd服务
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># curl http://10.66.0.3</span>
containerd net web test
</code></pre>
<h1>八、Containerd容器数据持久化存储</h1>
<blockquote>
<p>实现把宿主机目录挂载至Containerd容器中,实现容器数据持久化存储</p>
</blockquote>
<pre><code class="prism language-powershell"><span class="token comment"># ctr container create docker.io/library/busybox:latest busybox3 --mount type=bind,src=/tmp,dst=/hostdir,options=rbind:rw</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
创建一个静态容器,实现宿主机目录与容器挂载
src=<span class="token operator">/</span>tmp 为宿主机目录
dst=<span class="token operator">/</span>hostdir 为容器中目录
</code></pre>
<pre><code class="prism language-powershell">运行用户进程
<span class="token comment"># ctr tasks start -d busybox3 bash</span>
</code></pre>
<pre><code class="prism language-powershell">进入容器,查看是否挂载成功
<span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox3 sh</span>
<span class="token operator">/</span> <span class="token comment"># ls /hostdir</span>
VMwareDnD
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>bolt<span class="token punctuation">.</span>service<span class="token operator">-</span>MWV1Ju
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>chronyd<span class="token punctuation">.</span>service<span class="token operator">-</span>6B6j8p
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>colord<span class="token punctuation">.</span>service<span class="token operator">-</span>6fI31A
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>cups<span class="token punctuation">.</span>service<span class="token operator">-</span>tuK4zI
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>rtkit<span class="token operator">-</span>daemon<span class="token punctuation">.</span>service<span class="token operator">-</span>vhP67o
tracker<span class="token operator">-</span>extract<span class="token operator">-</span>files<span class="token punctuation">.</span>0
vmware<span class="token operator">-</span>root_703<span class="token operator">-</span>3988031936
vmware<span class="token operator">-</span>root_704<span class="token operator">-</span>2990744159
vmware<span class="token operator">-</span>root_713<span class="token operator">-</span>4290166671
向容器中挂载目录中添加文件
<span class="token operator">/</span> <span class="token comment"># echo "hello world" > /hostdir/test.txt</span>
退出容器
<span class="token operator">/</span> <span class="token comment"># exit</span>
在宿主机上查看被容器挂载的目录中是否添加了新的文件,已添加表明被容器挂载成功,并可以读写此目录中内容。
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># cat /tmp/test.txt</span>
hello world
</code></pre>
<h1>九、与其它Containerd容器共享命名空间</h1>
<blockquote>
<p>当需要与其它Containerd管理的容器共享命名空间时,可使用如下方法。</p>
</blockquote>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
busybox3 13778 RUNNING
busybox 8377 RUNNING
busybox1 12469 RUNNING
</code></pre>
<pre><code class="prism language-powershell"><span class="token comment"># ctr container create --with-ns "pid:/proc/13778/ns/pid" docker.io/library/busybox:latest busybox4</span>
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr tasks start -d busybox4 bash</span>
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox3 sh</span>
<span class="token operator">/</span> <span class="token comment"># ps aux</span>
PID USER TIME COMMAND
1 root 0:00 sh
20 root 0:00 sh
26 root 0:00 sh
32 root 0:00 <span class="token function">ps</span> aux
</code></pre>
<h1>十、Docker集成Containerd实现容器管理</h1>
<p>目前Containerd主要任务还在于解决容器运行时的问题,对于其周边生态还不完善,所以可以借助Docker结合Containerd来实现Docker完整的功能应用。</p>
<pre><code class="prism language-powershell">准备Docker安装YUM源
<span class="token comment"># wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo</span>
</code></pre>
<pre><code class="prism language-powershell">安装Docker<span class="token operator">-</span>ce
<span class="token comment"># yum -y install docker-ce</span>
</code></pre>
<pre><code class="prism language-powershell">修改Docker服务文件,以便使用已安装的containerd。
<span class="token comment"># vim /etc/systemd/system/multi-user.target.wants/docker.service</span>
修改前:
<span class="token namespace">[Service]</span>
<span class="token function">Type</span>=notify
<span class="token comment"># the default is not to use systemd for cgroups because the delegate issues still</span>
<span class="token comment"># exists and systemd currently does not support the cgroup feature set required</span>
<span class="token comment"># for containers run by docker</span>
ExecStart=<span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>dockerd <span class="token operator">-</span>H fd:<span class="token operator">/</span><span class="token operator">/</span> <span class="token operator">--</span>containerd=<span class="token operator">/</span>run<span class="token operator">/</span>containerd<span class="token operator">/</span>containerd<span class="token punctuation">.</span>sock 此处
ExecReload=<span class="token operator">/</span>bin<span class="token operator">/</span><span class="token function">kill</span> <span class="token operator">-</span>s HUP <span class="token variable">$MAINPID</span>
修改后:
<span class="token namespace">[Service]</span>
<span class="token function">Type</span>=notify
<span class="token comment"># the default is not to use systemd for cgroups because the delegate issues still</span>
<span class="token comment"># exists and systemd currently does not support the cgroup feature set required</span>
<span class="token comment"># for containers run by docker</span>
ExecStart=<span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>dockerd <span class="token operator">--</span>containerd <span class="token operator">/</span>run<span class="token operator">/</span>containerd<span class="token operator">/</span>containerd<span class="token punctuation">.</span>sock <span class="token operator">--</span>debug 此处
ExecReload=<span class="token operator">/</span>bin<span class="token operator">/</span><span class="token function">kill</span> <span class="token operator">-</span>s HUP <span class="token variable">$MAINPID</span>
TimeoutSec=0
RestartSec=2
Restart=always
</code></pre>
<pre><code class="prism language-powershell">设置docker daemon启动并设置其开机自启动
<span class="token comment"># systemctl daemon-reload</span>
<span class="token comment"># systemctl enable docker</span>
Created symlink <span class="token keyword">from</span> <span class="token operator">/</span>etc<span class="token operator">/</span>systemd<span class="token operator">/</span>system<span class="token operator">/</span>multi<span class="token operator">-</span>user<span class="token punctuation">.</span>target<span class="token punctuation">.</span>wants<span class="token operator">/</span>docker<span class="token punctuation">.</span>service to <span class="token operator">/</span>usr<span class="token operator">/</span>lib<span class="token operator">/</span>systemd<span class="token operator">/</span>system<span class="token operator">/</span>docker<span class="token punctuation">.</span>service<span class="token punctuation">.</span>
<span class="token comment"># systemctl start docker</span>
</code></pre>
<pre><code class="prism language-powershell">查看其启动后进程
<span class="token comment"># ps aux | grep docker</span>
root 16270 0<span class="token punctuation">.</span>0 3<span class="token punctuation">.</span>1 1155116 63320 ? Ssl 12:09 0:00 <span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>dockerd <span class="token operator">--</span>containerd <span class="token operator">/</span>run<span class="token operator">/</span>containerd<span class="token operator">/</span>containerd<span class="token punctuation">.</span>sock <span class="token operator">--</span>debug
</code></pre>
<pre><code class="prism language-powershell">使用docker运行容器
<span class="token comment"># docker run -d nginx:latest</span>
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
219a9c6727bcd162d0a4868746c513a277276a110f47e15368b4229988003c13
</code></pre>
<pre><code class="prism language-powershell">使用docker <span class="token function">ps</span>命令查看正在运行的容器
<span class="token comment"># docker ps</span>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
219a9c6727bc nginx:latest <span class="token string">"/docker-entrypoint.…"</span> 14 seconds ago Up 13 seconds 80<span class="token operator">/</span>tcp happy_tu
</code></pre>
<pre><code class="prism language-powershell">使用ctr查看是否添加一个新的namespace,本案例中发现添加一个moby命名空间,即为docker使用的命名空间。
<span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
kubemsb
moby
</code></pre>
<pre><code class="prism language-powershell">查看moby命名空间,发现使用docker run运行的容器包含在其中。
<span class="token comment"># ctr -n moby container ls</span>
CONTAINER IMAGE RUNTIME
219a9c6727bcd162d0a4868746c513a277276a110f47e15368b4229988003c13 <span class="token operator">-</span> io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<pre><code class="prism language-powershell">使用ctr能够查看到一个正在运行的容器,既表示docker run运行的容器是被containerd管理的。
<span class="token comment"># ctr -n moby tasks ls</span>
TASK PID STATUS
219a9c6727bcd162d0a4868746c513a277276a110f47e15368b4229988003c13 16719 RUNNING
</code></pre>
<pre><code class="prism language-powershell">使用docker stop停止且使用docker <span class="token function">rm</span>删除容器后再观察,发现容器被删除。
<span class="token comment"># docker stop 219;docker rm 219</span>
219
219
<span class="token comment"># ctr -n moby container ls</span>
CONTAINER IMAGE RUNTIME
<span class="token comment"># ctr -n moby tasks ls</span>
TASK PID STATUS
</code></pre>
</div>
</div>
</div>
</div>
</div>
<!--PC和WAP自适应版-->
<div id="SOHUCS" sid="1643500808177770496"></div>
<script type="text/javascript" src="/views/front/js/chanyan.js"></script>
<!-- 文章页-底部 动态广告位 -->
<div class="youdao-fixed-ad" id="detail_ad_bottom"></div>
</div>
<div class="col-md-3">
<div class="row" id="ad">
<!-- 文章页-右侧1 动态广告位 -->
<div id="right-1" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
<div class="youdao-fixed-ad" id="detail_ad_1"> </div>
</div>
<!-- 文章页-右侧2 动态广告位 -->
<div id="right-2" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
<div class="youdao-fixed-ad" id="detail_ad_2"></div>
</div>
<!-- 文章页-右侧3 动态广告位 -->
<div id="right-3" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
<div class="youdao-fixed-ad" id="detail_ad_3"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="container">
<h4 class="pt20 mb15 mt0 border-top">你可能感兴趣的:(云原生,云原生,docker,kubernetes)</h4>
<div id="paradigm-article-related">
<div class="recommend-post mb30">
<ul class="widget-links">
<li><a href="/article/1835505228137459712.htm"
title="腾讯云技术深度探索:构建高效云原生微服务架构" target="_blank">腾讯云技术深度探索:构建高效云原生微服务架构</a>
<span class="text-muted">我的运维人生</span>
<a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a><a class="tag" taget="_blank" href="/search/%E6%9E%B6%E6%9E%84/1.htm">架构</a><a class="tag" taget="_blank" href="/search/%E8%85%BE%E8%AE%AF%E4%BA%91/1.htm">腾讯云</a><a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4%E5%BC%80%E5%8F%91/1.htm">运维开发</a><a class="tag" taget="_blank" href="/search/%E6%8A%80%E6%9C%AF%E5%85%B1%E4%BA%AB/1.htm">技术共享</a>
<div>腾讯云技术深度探索:构建高效云原生微服务架构在当今快速发展的技术环境中,云原生技术已成为企业数字化转型的关键驱动力。腾讯云作为行业领先的云服务提供商,不断推出创新的产品和技术,助力企业构建高效、可扩展的云原生微服务架构。本文将深入探讨腾讯云在微服务领域的最新进展,并通过一个实际案例展示如何在腾讯云平台上构建云原生应用。腾讯云微服务架构概览腾讯云微服务架构基于云原生理念,旨在帮助企业快速实现应用的容</div>
</li>
<li><a href="/article/1835502578050363392.htm"
title="PHP环境搭建详细教程" target="_blank">PHP环境搭建详细教程</a>
<span class="text-muted">好看资源平台</span>
<a class="tag" taget="_blank" href="/search/%E5%89%8D%E7%AB%AF/1.htm">前端</a><a class="tag" taget="_blank" href="/search/php/1.htm">php</a>
<div>PHP是一个流行的服务器端脚本语言,广泛用于Web开发。为了使PHP能够在本地或服务器上运行,我们需要搭建一个合适的PHP环境。本教程将结合最新资料,介绍在不同操作系统上搭建PHP开发环境的多种方法,包括Windows、macOS和Linux系统的安装步骤,以及本地和Docker环境的配置。1.PHP环境搭建概述PHP环境的搭建主要分为以下几类:集成开发环境:例如XAMPP、WAMP、MAMP,这</div>
</li>
<li><a href="/article/1835485429059645440.htm"
title="docker" target="_blank">docker</a>
<span class="text-muted">igotyback</span>
<a class="tag" taget="_blank" href="/search/eureka/1.htm">eureka</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
<div>Docker容器的文件系统是隔离的,但是可以通过挂载卷(Volumes)或绑定挂载(BindMounts)将宿主机的文件系统目录映射到容器内部。要查看Docker容器的映射路径,可以使用以下方法:查看容器配置:使用dockerinspect命令可以查看容器的详细配置信息,包括挂载的卷。例如:bashdockerinspect在输出的JSON格式中,查找"Mounts"部分,这里会列出所有的挂载信息</div>
</li>
<li><a href="/article/1835448111909138432.htm"
title="react-intl——react国际化使用方案" target="_blank">react-intl——react国际化使用方案</a>
<span class="text-muted">苹果酱0567</span>
<a class="tag" taget="_blank" href="/search/%E9%9D%A2%E8%AF%95%E9%A2%98%E6%B1%87%E6%80%BB%E4%B8%8E%E8%A7%A3%E6%9E%90/1.htm">面试题汇总与解析</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E5%BC%80%E5%8F%91%E8%AF%AD%E8%A8%80/1.htm">开发语言</a><a class="tag" taget="_blank" href="/search/%E4%B8%AD%E9%97%B4%E4%BB%B6/1.htm">中间件</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/boot/1.htm">boot</a><a class="tag" taget="_blank" href="/search/%E5%90%8E%E7%AB%AF/1.htm">后端</a>
<div>国际化介绍i18n:internationalization国家化简称,首字母+首尾字母间隔的字母个数+尾字母,类似的还有k8s(Kubernetes)React-intl是React中最受欢迎的库。使用步骤安装#usenpmnpminstallreact-intl-D#useyarn项目入口文件配置//index.tsximportReactfrom"react";importReactDOMf</div>
</li>
<li><a href="/article/1835447859219099648.htm"
title="06选课支付模块之基于消息队列发送支付通知消息" target="_blank">06选课支付模块之基于消息队列发送支付通知消息</a>
<span class="text-muted">echo 云清</span>
<a class="tag" taget="_blank" href="/search/%E5%AD%A6%E6%88%90%E5%9C%A8%E7%BA%BF/1.htm">学成在线</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/rabbitmq/1.htm">rabbitmq</a><a class="tag" taget="_blank" href="/search/%E6%B6%88%E6%81%AF%E9%98%9F%E5%88%97/1.htm">消息队列</a><a class="tag" taget="_blank" href="/search/%E6%94%AF%E4%BB%98%E9%80%9A%E7%9F%A5/1.htm">支付通知</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E6%88%90%E5%9C%A8%E7%BA%BF/1.htm">学成在线</a>
<div>消息队列发送支付通知消息需求分析订单服务作为通用服务,在订单支付成功后需要将支付结果异步通知给其他对接的微服务,微服务收到支付结果根据订单的类型去更新自己的业务数据技术方案使用消息队列进行异步通知需要保证消息的可靠性即生产端将消息成功通知到服务端:消息发送到交换机-->由交换机发送到队列-->消费者监听队列,收到消息进行处理,参考文章02-使用Docker安装RabbitMQ-CSDN博客生产者确</div>
</li>
<li><a href="/article/1835408447806468096.htm"
title="Ubuntu18.04 Docker部署Kinship(Django)项目过程" target="_blank">Ubuntu18.04 Docker部署Kinship(Django)项目过程</a>
<span class="text-muted">Dante617</span>
<div>1Docker的安装https://blog.csdn.net/weixin_41735055/article/details/1003551792下载镜像dockerpullprogramize/python3.6.8-dlib下载的镜像里包含python3.6.8和dlib19.17.03启动镜像dockerrun-it--namekinship-p7777:80-p3307:3306-p55</div>
</li>
<li><a href="/article/1835399957885054976.htm"
title="docker from指令的含义_多个FROM-含义" target="_blank">docker from指令的含义_多个FROM-含义</a>
<span class="text-muted">weixin_39722188</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/from%E6%8C%87%E4%BB%A4%E7%9A%84%E5%90%AB%E4%B9%89/1.htm">from指令的含义</a>
<div>小编典典什么是基本图片?一组文件,加上EXPOSE端口ENTRYPOINT和CMD。您可以添加文件并基于该基础图像构建新图像,Dockerfile并以FROM指令开头:后面提到的图像FROM是新图像的“基础图像”。这是否意味着如果我neo4j/neo4j在FROM指令中声明,则在运行映像时,neo数据库将自动运行并且可在端口7474的容器中使用?仅当您不覆盖CMD和时ENTRYPOINT。但是图像</div>
</li>
<li><a href="/article/1835399831116410880.htm"
title="Dockerfile FROM 两个" target="_blank">Dockerfile FROM 两个</a>
<span class="text-muted">redDelta</span>
<div>Docker相关视频讲解:什么是容器Docker介绍实现"DockerfileFROM两个"的步骤步骤表格步骤操作1创建一个Dockerfile文件2写入FROM指令3构建第一个镜像4创建第二个Dockerfile文件5写入FROM指令6构建第二个镜像7合并两个镜像操作步骤说明步骤1:创建一个Dockerfile文件使用任意文本编辑器创建一个名为Dockerfile的文件。登录后复制#Docker</div>
</li>
<li><a href="/article/1835395039572881408.htm"
title="Dockerfile命令详解之 FROM" target="_blank">Dockerfile命令详解之 FROM</a>
<span class="text-muted">清风怎不知意</span>
<a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8%E5%8C%96/1.htm">容器化</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/%E5%89%8D%E7%AB%AF/1.htm">前端</a><a class="tag" taget="_blank" href="/search/javascript/1.htm">javascript</a>
<div>许多同学不知道Dockerfile应该如何写,不清楚Dockerfile中的指令分别有什么意义,能达到什么样的目的,接下来我将在容器化专栏中详细的为大家解释每一个指令的含义以及用法。专栏订阅传送门https://blog.csdn.net/qq_38220908/category_11989778.html指令不区分大小写。但是,按照惯例,它们应该是大写的,以便更容易地将它们与参数区分开来。(引用</div>
</li>
<li><a href="/article/1835394786899619840.htm"
title="Dockerfile(1) - FROM 指令详解" target="_blank">Dockerfile(1) - FROM 指令详解</a>
<span class="text-muted">小菠萝测试笔记</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/python/1.htm">python</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/cmd/1.htm">cmd</a><a class="tag" taget="_blank" href="/search/%E5%A4%A7%E6%95%B0%E6%8D%AE/1.htm">大数据</a>
<div>FROM指明当前的镜像基于哪个镜像构建dockerfile必须以FROM开头,除了ARG命令可以在FROM前面FROM[--platform=][AS]FROM[--platform=][:][AS]FROM[--platform=][@][AS]小栗子FROMalpine:latest一个dockerfile可以有多个FROM可以有多个FROM来创建多个镜像,或区分构建阶段,将一个构建阶段作为另</div>
</li>
<li><a href="/article/1835379662918873088.htm"
title="【从问题中去学习k8s】k8s中的常见面试题(夯实理论基础)(二十八)" target="_blank">【从问题中去学习k8s】k8s中的常见面试题(夯实理论基础)(二十八)</a>
<span class="text-muted">向往风的男子</span>
<a class="tag" taget="_blank" href="/search/k8s/1.htm">k8s</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E4%B9%A0/1.htm">学习</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>本站以分享各种运维经验和运维所需要的技能为主《python零基础入门》:python零基础入门学习《python运维脚本》:python运维脚本实践《shell》:shell学习《terraform》持续更新中:terraform_Aws学习零基础入门到最佳实战《k8》从问题中去学习k8s《docker学习》暂未更新《ceph学习》ceph日常问题解决分享《日志收集》ELK+各种中间件《运维日常》</div>
</li>
<li><a href="/article/1835375621996376064.htm"
title="Kubernetes数据持久化" target="_blank">Kubernetes数据持久化</a>
<span class="text-muted">看清所苡看轻</span>
<a class="tag" taget="_blank" href="/search/kubernetes%28k8s%29/1.htm">kubernetes(k8s)</a><a class="tag" taget="_blank" href="/search/emptyDir/1.htm">emptyDir</a><a class="tag" taget="_blank" href="/search/HostPath/1.htm">HostPath</a><a class="tag" taget="_blank" href="/search/pv/1.htm">pv</a><a class="tag" taget="_blank" href="/search/pvc/1.htm">pvc</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a>
<div>在k8s中,Volume(数据卷)存在明确的生命周期(与包含该数据卷的容器组(pod)相同)。因此Volume的生命周期比同一容器组(pod)中任意容器的生命周期要更长,不管容器重启了多少次,数据都被保留下来。当然,如果pod不存在了,数据卷自然退出了。此时,根据pod所使用的数据卷类型不同,数据可能随着数据卷的退出而删除,也可能被真正持久化,并在下次容器组重启时仍然可以使用。从根本上来说,一个数</div>
</li>
<li><a href="/article/1835361001260806144.htm"
title="Kubernetes部署MySQL数据持久化" target="_blank">Kubernetes部署MySQL数据持久化</a>
<span class="text-muted">沫殇-MS</span>
<a class="tag" taget="_blank" href="/search/Kubernetes/1.htm">Kubernetes</a><a class="tag" taget="_blank" href="/search/MySQL%E6%95%B0%E6%8D%AE%E5%BA%93/1.htm">MySQL数据库</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>一、安装配置NFS服务端1、安装nfs-kernel-server:sudoapt-yinstallnfs-kernel-server2、服务端创建共享目录#列出所有可用块设备的信息lsblk#格式化磁盘sudomkfs-text4/dev/sdb#创建一个目录:sudomkdir-p/data/nfs/mysql#更改目录权限:sudochown-Rnobody:nogroup/data/nfs</div>
</li>
<li><a href="/article/1835354574077128704.htm"
title="Kubernetes的3种数据持久化方式" target="_blank">Kubernetes的3种数据持久化方式</a>
<span class="text-muted">Seal^_^</span>
<a class="tag" taget="_blank" href="/search/%E3%80%90%E4%BA%91%E5%8E%9F%E7%94%9F%E3%80%91%E5%AE%B9%E5%99%A8%E5%8C%96%E4%B8%8E%E7%BC%96%E6%8E%92%E6%8A%80%E6%9C%AF/1.htm">【云原生】容器化与编排技术</a><a class="tag" taget="_blank" href="/search/%E6%8C%81%E7%BB%AD%E9%9B%86%E6%88%90/1.htm">持续集成</a><a class="tag" taget="_blank" href="/search/%23/1.htm">#</a><a class="tag" taget="_blank" href="/search/Kubernetes/1.htm">Kubernetes</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a><a class="tag" taget="_blank" href="/search/EmptyDir/1.htm">EmptyDir</a><a class="tag" taget="_blank" href="/search/%E9%9D%A2%E8%AF%95/1.htm">面试</a><a class="tag" taget="_blank" href="/search/HostPath/1.htm">HostPath</a>
<div>Kubernetes的3种数据持久化方式1.EmptyDir2.HostPath3.PersistentVolume(PV)TheBegin点点关注,收藏不迷路Kubernetes提供了几种数据持久化方式,以满足不同场景的需求:1.EmptyDir用途:临时数据存储,Pod内容器间共享。特点:生命周期与Pod相同,Pod删除时数据也删除。2.HostPath用途:访问宿主机特定文件或目录。特点:增</div>
</li>
<li><a href="/article/1835353689854930944.htm"
title="【Kubernetes】常见面试题汇总(十一)" target="_blank">【Kubernetes】常见面试题汇总(十一)</a>
<span class="text-muted">summer.335</span>
<a class="tag" taget="_blank" href="/search/Kubernetes/1.htm">Kubernetes</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
<div>目录33.简述Kubernetes外部如何访问集群内的服务?34.简述Kubernetesingress?35.简述Kubernetes镜像的下载策略?33.简述Kubernetes外部如何访问集群内的服务?(1)对于Kubernetes,集群外的客户端默认情况,无法通过Pod的IP地址或者Service的虚拟IP地址:虚拟端口号进行访问。(2)通常可以通过以下方式进行访问Kubernetes集群</div>
</li>
<li><a href="/article/1835351925957160960.htm"
title="k8s中Service暴露的种类以及用法" target="_blank">k8s中Service暴露的种类以及用法</a>
<span class="text-muted">听说唐僧不吃肉</span>
<a class="tag" taget="_blank" href="/search/K8S/1.htm">K8S</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
<div>一、说明在Kubernetes中,有几种不同的方式可以将服务(Service)暴露给外部流量。这些方式通过定义服务的spec.type字段来确定。二、详解1.ClusterIP定义:默认类型,服务只能在集群内部访问。作用:通过集群内部IP地址暴露服务。示例:spec:type:ClusterIPports:-port:80targetPo</div>
</li>
<li><a href="/article/1835347257772306432.htm"
title="Kubernetes 自定义控制器开发" target="_blank">Kubernetes 自定义控制器开发</a>
<span class="text-muted">IT回忆录</span>
<a class="tag" taget="_blank" href="/search/Kubenetes/1.htm">Kubenetes</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a>
<div>目录前言一、CRD二、创建数据库表(Mysql)二、控制器开发1.使用kubernetes的examplecontroller模板2.在controller.go中新增数据表监听方法3.修改tools工具生成资源对象结构体定义这里记录开发k8s控制器的一般方式,controller开发主要使用k8s提供的client-go库进行。前言Controller监听集群内部资源对象的变化,编辑资源对象(增</div>
</li>
<li><a href="/article/1835344356878413824.htm"
title="用kubedam搭建的k8s证书过期处理方法" target="_blank">用kubedam搭建的k8s证书过期处理方法</a>
<span class="text-muted">我滴鬼鬼呀wks</span>
<a class="tag" taget="_blank" href="/search/k8s/1.htm">k8s</a><a class="tag" taget="_blank" href="/search/1024%E7%A8%8B%E5%BA%8F%E5%91%98%E8%8A%82/1.htm">1024程序员节</a>
<div>kubeadm部署的k8s证书过期1、查看证书过期时间kubeadmalphacertscheck-expiration若证书已经过期无法试用kubectl命令建议修改服务器时间到未过期的时间段2、配置kube-controller-manager.yaml文件cat/etc/kubernetes/manifests/kube-controller-manager.yamlapiVersion:v</div>
</li>
<li><a href="/article/1835340955637608448.htm"
title="k8s证书过期问题处理" target="_blank">k8s证书过期问题处理</a>
<span class="text-muted">olina_qin</span>
<a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
<div>k8s证书过期问题处理opensslx509-in/etc/kubernetes/pki/apiserver.crt-noout-dateskubeadmcertsrenewallsystemctlrestartkubeleopensslx509-in/etc/kubernetes/pki/apiserver.crt-noout-text|grep"NotAfter"cp/etc/kubernet</div>
</li>
<li><a href="/article/1835337301350248448.htm"
title="Kubernetes Ingress 控制器(Nginx)安装与使用教程" target="_blank">Kubernetes Ingress 控制器(Nginx)安装与使用教程</a>
<span class="text-muted">农优影</span>
<div>KubernetesIngress控制器(Nginx)安装与使用教程kubernetes-ingressNGINXandNGINXPlusIngressControllersforKubernetes项目地址:https://gitcode.com/gh_mirrors/ku/kubernetes-ingress1.项目目录结构及介绍在nginxinc/kubernetes-ingress仓库中,</div>
</li>
<li><a href="/article/1835331377520799744.htm"
title="【K8s】专题十一:Kubernetes 集群证书过期处理方法" target="_blank">【K8s】专题十一:Kubernetes 集群证书过期处理方法</a>
<span class="text-muted">行者Sun1989</span>
<a class="tag" taget="_blank" href="/search/Kubernetes/1.htm">Kubernetes</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>本文内容均来自个人笔记并重新梳理,如有错误欢迎指正!如果对您有帮助,烦请点赞、关注、转发、订阅专栏!专栏订阅入口Linux专栏|Docker专栏|Kubernetes专栏往期精彩文章【Docker】(全网首发)KylinV10下MySQL容器内存占用异常的解决方法【Docker】(全网首发)KylinV10下MySQL容器内存占用异常的解决方法(续)【Docker】MySQL源码构建Docker镜</div>
</li>
<li><a href="/article/1835269935358636032.htm"
title="Docker学习十一:Kubernetes概述" target="_blank">Docker学习十一:Kubernetes概述</a>
<span class="text-muted">爱打羽球的程序猿</span>
<a class="tag" taget="_blank" href="/search/Docker%E5%AD%A6%E4%B9%A0%E7%B3%BB%E5%88%97/1.htm">Docker学习系列</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E4%B9%A0/1.htm">学习</a>
<div>一、Kubernetes简介2006年,Google提出了云计算的概念,当时的云计算领域还是以虚拟机为代表的云平台。2013年,Docker横空出世,Docker提出了镜像、仓库等核心概念,规范了服务的交付标准,使得复杂服务的落地变得更加简单,之后Docker又定义了OCI标准,Docker在容器领域称为事实的标准。但是,Docker诞生只是帮助定义了开发和交付标准,如果想要在生产环境中大批量的使</div>
</li>
<li><a href="/article/1835269304761806848.htm"
title="Cloud Native Weekly | 华为云抢先发布Redis5.0,红帽宣布收购混合云提供商" target="_blank">Cloud Native Weekly | 华为云抢先发布Redis5.0,红帽宣布收购混合云提供商</a>
<span class="text-muted">weixin_34302561</span>
<a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E5%BA%93/1.htm">数据库</a><a class="tag" taget="_blank" href="/search/devops/1.htm">devops</a><a class="tag" taget="_blank" href="/search/%E5%A4%A7%E6%95%B0%E6%8D%AE/1.htm">大数据</a>
<div>1——华为云抢先发布Redis5.02——DigitalOceanK8s服务正式上线3——红帽宣布收购混合云提供商NooBaa4——微软发布多项AzureKubernetes服务更新1华为云抢先发布Redis5.012月17日,华为云在DCS2.0的基础上,快人一步,抢先推出了新的Redis5.0产品,这是一个崭新的突破。目前国内在缓存领域的发展普遍停留在Redis4.0阶段,华为云率先发布了Re</div>
</li>
<li><a href="/article/1835267918531751936.htm"
title="安装 `privoxy` 将 Socks5 转换为 HTTP 代理" target="_blank">安装 `privoxy` 将 Socks5 转换为 HTTP 代理</a>
<span class="text-muted">MonkeyKing.sun</span>
<a class="tag" taget="_blank" href="/search/%E7%BD%91%E7%BB%9C/1.htm">网络</a>
<div>(base)shgbitai@shgbitai-C9X299-PGF:~/tools$curl-xhttp://127.0.0.1:1080https://registry-1.docker.io/v2/curl:(56)ProxyCONNECTaborted(base)shgbitai@shgbitai-C9X299-PGF:~/tools$curl-xhttps://127.0.0.1:108</div>
</li>
<li><a href="/article/1835267665455837184.htm"
title="Halo 开发者指南——容器私有化部署" target="_blank">Halo 开发者指南——容器私有化部署</a>
<span class="text-muted">SHENHUANJIE</span>
<a class="tag" taget="_blank" href="/search/Docker/1.htm">Docker</a><a class="tag" taget="_blank" href="/search/Halo/1.htm">Halo</a><a class="tag" taget="_blank" href="/search/%E5%8D%8E%E4%B8%BA%E4%BA%91/1.htm">华为云</a><a class="tag" taget="_blank" href="/search/SWR/1.htm">SWR</a><a class="tag" taget="_blank" href="/search/Registry/1.htm">Registry</a>
<div>华为云SWR私有化部署镜像构建dockerbuild-thalo-dev/halo:2.20.0.上传镜像镜像标签sudodockertag{镜像名称}:{版本名称}swr.cn-south-1.myhuaweicloud.com/{组织名称}/{镜像名称}:{版本名称}sudodockertaghalo-dev/halo:2.20.0swr.cn-south-1.myhuaweicloud.co</div>
</li>
<li><a href="/article/1835262244313722880.htm"
title="SpringBoot整合ES搜索引擎 实现网站热搜词及热度计算" target="_blank">SpringBoot整合ES搜索引擎 实现网站热搜词及热度计算</a>
<span class="text-muted">码踏云端</span>
<a class="tag" taget="_blank" href="/search/springboot/1.htm">springboot</a><a class="tag" taget="_blank" href="/search/Elasticsearch/1.htm">Elasticsearch</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/boot/1.htm">boot</a><a class="tag" taget="_blank" href="/search/elasticsearch/1.htm">elasticsearch</a><a class="tag" taget="_blank" href="/search/%E5%90%8E%E7%AB%AF/1.htm">后端</a><a class="tag" taget="_blank" href="/search/%E7%83%AD%E6%90%9C%E8%AF%8D/1.htm">热搜词</a><a class="tag" taget="_blank" href="/search/%E7%83%AD%E5%BA%A6%E8%AE%A1%E7%AE%97/1.htm">热度计算</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
<div>博主简介:历代文学网(PC端可以访问:https://literature.sinhy.com/#/literature?__c=1000,移动端可微信小程序搜索“历代文学”)总架构师,15年工作经验,精通Java编程,高并发设计,Springboot和微服务,熟悉Linux,ESXI虚拟化以及云原生Docker和K8s,热衷于探索科技的边界,并将理论知识转化为实际应用。保持对新技术的好奇心,乐于</div>
</li>
<li><a href="/article/1835259716809355264.htm"
title="小白 | 华为云docker设置镜像加速器" target="_blank">小白 | 华为云docker设置镜像加速器</a>
<span class="text-muted">伏一</span>
<a class="tag" taget="_blank" href="/search/%E5%B7%A5%E5%85%B7%E5%AE%89%E8%A3%85/1.htm">工具安装</a><a class="tag" taget="_blank" href="/search/%E5%8D%8E%E4%B8%BA%E4%BA%91/1.htm">华为云</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>一、操作场景通过dockerpull命令下载镜像中心的公有镜像时,往往会因为网络原因而需要很长时间,甚至可能因超时而下载失败。为此,容器镜像服务提供了镜像下载加速功能,帮助您获得更快的下载体验。二、约束与限制构建镜像的客户端所安装的容器引擎(Docker)版本必须为1.11.2及以上。“华北-乌兰察布一”、“亚太-雅加达”、“拉美-墨西哥城一”、“拉美-墨西哥城二”和“拉美-圣保罗一”区域不支持该</div>
</li>
<li><a href="/article/1835245099416645632.htm"
title="docker改容器IP的两种方法" target="_blank">docker改容器IP的两种方法</a>
<span class="text-muted">redmond88</span>
<a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/tcp%2Fip/1.htm">tcp/ip</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>最简单实用的方法:docker默认的内网网段为172.17.0.0/16,如果公司内网网段也是172.17.x.x的话,就会发生路由冲突。解决办法改路由比较办法,可以一开始就将docker配置的bip改成169.254.0.1/24,可以避免冲突。在daemon配置文件里加个"bip":“169.254.0.1/24”,重启docker就可以了1234[root@st-dev6~]#vim/etc</div>
</li>
<li><a href="/article/1835209173944594432.htm"
title="(k8s)Kubernetes 从0到1容器编排之旅" target="_blank">(k8s)Kubernetes 从0到1容器编排之旅</a>
<span class="text-muted">道不贱卖,法不轻传</span>
<a class="tag" taget="_blank" href="/search/kubernets/1.htm">kubernets</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
<div>一、引言在当今数字化的浪潮中,Kubernetes如同一艘强大的航船,引领着容器化应用的部署与管理。它以其卓越的灵活性、可扩展性和可靠性,成为众多企业和开发者的首选。然而,要真正发挥Kubernetes的强大威力,仅仅掌握基本操作是远远不够的。本文将带你深入探索Kubernetes使用过程中的奇技妙法,为你开启一段优雅的容器编排之旅。二、高级资源管理之精妙艺术1.资源配额与限制:雕琢资源之美•Ku</div>
</li>
<li><a href="/article/1835199093819928576.htm"
title="docker 安装、运行nginx shell脚本" target="_blank">docker 安装、运行nginx shell脚本</a>
<span class="text-muted">三希</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/nginx/1.htm">nginx</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>以下是一个简单的用于安装和运行DockerNginx的shell脚本:bash#!/bin/bash#安装Docker(如果还未安装)#请根据实际情况调整安装命令#拉取Nginx镜像dockerpullnginx#运行Nginx容器dockerrun-d--namemynginx-p80:80nginx</div>
</li>
<li><a href="/article/111.htm"
title="JAVA基础" target="_blank">JAVA基础</a>
<span class="text-muted">灵静志远</span>
<a class="tag" taget="_blank" href="/search/%E4%BD%8D%E8%BF%90%E7%AE%97/1.htm">位运算</a><a class="tag" taget="_blank" href="/search/%E5%8A%A0%E8%BD%BD/1.htm">加载</a><a class="tag" taget="_blank" href="/search/Date/1.htm">Date</a><a class="tag" taget="_blank" href="/search/%E5%AD%97%E7%AC%A6%E4%B8%B2%E6%B1%A0/1.htm">字符串池</a><a class="tag" taget="_blank" href="/search/%E8%A6%86%E7%9B%96/1.htm">覆盖</a>
<div>一、类的初始化顺序
1 (静态变量,静态代码块)-->(变量,初始化块)--> 构造器
同一括号里的,根据它们在程序中的顺序来决定。上面所述是同一类中。如果是继承的情况,那就在父类到子类交替初始化。
二、String
1 String a = "abc";
JAVA虚拟机首先在字符串池中查找是否已经存在了值为"abc"的对象,根</div>
</li>
<li><a href="/article/238.htm"
title="keepalived实现redis主从高可用" target="_blank">keepalived实现redis主从高可用</a>
<span class="text-muted">bylijinnan</span>
<a class="tag" taget="_blank" href="/search/redis/1.htm">redis</a>
<div>方案说明
两台机器(称为A和B),以统一的VIP对外提供服务
1.正常情况下,A和B都启动,B会把A的数据同步过来(B is slave of A)
2.当A挂了后,VIP漂移到B;B的keepalived 通知redis 执行:slaveof no one,由B提供服务
3.当A起来后,VIP不切换,仍在B上面;而A的keepalived 通知redis 执行slaveof B,开始</div>
</li>
<li><a href="/article/365.htm"
title="java文件操作大全" target="_blank">java文件操作大全</a>
<span class="text-muted">0624chenhong</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
<div>最近在博客园看到一篇比较全面的文件操作文章,转过来留着。
http://www.cnblogs.com/zhuocheng/archive/2011/12/12/2285290.html
转自http://blog.sina.com.cn/s/blog_4a9f789a0100ik3p.html
一.获得控制台用户输入的信息
&nbs</div>
</li>
<li><a href="/article/492.htm"
title="android学习任务" target="_blank">android学习任务</a>
<span class="text-muted">不懂事的小屁孩</span>
<a class="tag" taget="_blank" href="/search/%E5%B7%A5%E4%BD%9C/1.htm">工作</a>
<div>任务
完成情况 搞清楚带箭头的pupupwindows和不带的使用 已完成 熟练使用pupupwindows和alertdialog,并搞清楚两者的区别 已完成 熟练使用android的线程handler,并敲示例代码 进行中 了解游戏2048的流程,并完成其代码工作 进行中-差几个actionbar 研究一下android的动画效果,写一个实例 已完成 复习fragem</div>
</li>
<li><a href="/article/619.htm"
title="zoom.js" target="_blank">zoom.js</a>
<span class="text-muted">换个号韩国红果果</span>
<a class="tag" taget="_blank" href="/search/oom/1.htm">oom</a>
<div>它的基于bootstrap 的
https://raw.github.com/twbs/bootstrap/master/js/transition.js transition.js模块引用顺序
<link rel="stylesheet" href="style/zoom.css">
<script src=&q</div>
</li>
<li><a href="/article/746.htm"
title="详解Oracle云操作系统Solaris 11.2" target="_blank">详解Oracle云操作系统Solaris 11.2</a>
<span class="text-muted">蓝儿唯美</span>
<a class="tag" taget="_blank" href="/search/Solaris/1.htm">Solaris</a>
<div>当Oracle发布Solaris 11时,它将自己的操作系统称为第一个面向云的操作系统。Oracle在发布Solaris 11.2时继续它以云为中心的基调。但是,这些说法没有告诉我们为什么Solaris是配得上云的。幸好,我们不需要等太久。Solaris11.2有4个重要的技术可以在一个有效的云实现中发挥重要作用:OpenStack、内核域、统一存档(UA)和弹性虚拟交换(EVS)。 </div>
</li>
<li><a href="/article/873.htm"
title="spring学习——springmvc(一)" target="_blank">spring学习——springmvc(一)</a>
<span class="text-muted">a-john</span>
<a class="tag" taget="_blank" href="/search/springMVC/1.htm">springMVC</a>
<div>Spring MVC基于模型-视图-控制器(Model-View-Controller,MVC)实现,能够帮助我们构建像Spring框架那样灵活和松耦合的Web应用程序。
1,跟踪Spring MVC的请求
请求的第一站是Spring的DispatcherServlet。与大多数基于Java的Web框架一样,Spring MVC所有的请求都会通过一个前端控制器Servlet。前</div>
</li>
<li><a href="/article/1000.htm"
title="hdu4342 History repeat itself-------多校联合五" target="_blank">hdu4342 History repeat itself-------多校联合五</a>
<span class="text-muted">aijuans</span>
<a class="tag" taget="_blank" href="/search/%E6%95%B0%E8%AE%BA/1.htm">数论</a>
<div>水题就不多说什么了。
#include<iostream>#include<cstdlib>#include<stdio.h>#define ll __int64using namespace std;int main(){ int t; ll n; scanf("%d",&t); while(t--) </div>
</li>
<li><a href="/article/1127.htm"
title="EJB和javabean的区别" target="_blank">EJB和javabean的区别</a>
<span class="text-muted">asia007</span>
<a class="tag" taget="_blank" href="/search/bean/1.htm">bean</a><a class="tag" taget="_blank" href="/search/ejb/1.htm">ejb</a>
<div>EJB不是一般的JavaBean,EJB是企业级JavaBean,EJB一共分为3种,实体Bean,消息Bean,会话Bean,书写EJB是需要遵循一定的规范的,具体规范你可以参考相关的资料.另外,要运行EJB,你需要相应的EJB容器,比如Weblogic,Jboss等,而JavaBean不需要,只需要安装Tomcat就可以了
1.EJB用于服务端应用开发, 而JavaBeans</div>
</li>
<li><a href="/article/1254.htm"
title="Struts的action和Result总结" target="_blank">Struts的action和Result总结</a>
<span class="text-muted">百合不是茶</span>
<a class="tag" taget="_blank" href="/search/struts/1.htm">struts</a><a class="tag" taget="_blank" href="/search/Action%E9%85%8D%E7%BD%AE/1.htm">Action配置</a><a class="tag" taget="_blank" href="/search/Result%E9%85%8D%E7%BD%AE/1.htm">Result配置</a>
<div>
一:Action的配置详解:
下面是一个Struts中一个空的Struts.xml的配置文件
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
&quo</div>
</li>
<li><a href="/article/1381.htm"
title="如何带好自已的团队" target="_blank">如何带好自已的团队</a>
<span class="text-muted">bijian1013</span>
<a class="tag" taget="_blank" href="/search/%E9%A1%B9%E7%9B%AE%E7%AE%A1%E7%90%86/1.htm">项目管理</a><a class="tag" taget="_blank" href="/search/%E5%9B%A2%E9%98%9F%E7%AE%A1%E7%90%86/1.htm">团队管理</a><a class="tag" taget="_blank" href="/search/%E5%9B%A2%E9%98%9F/1.htm">团队</a>
<div>在网上看到博客"
怎么才能让团队成员好好干活"的评论,觉得写的比较好。 原文如下: 我做团队管理有几年了吧,我和你分享一下我认为带好团队的几点:
1.诚信
对团队内成员,无论是技术研究、交流、问题探讨,要尽可能的保持一种诚信的态度,用心去做好,你的团队会感觉得到。 2.努力提</div>
</li>
<li><a href="/article/1508.htm"
title="Java代码混淆工具" target="_blank">Java代码混淆工具</a>
<span class="text-muted">sunjing</span>
<a class="tag" taget="_blank" href="/search/ProGuard/1.htm">ProGuard</a>
<div>Open Source Obfuscators
ProGuard
http://java-source.net/open-source/obfuscators/proguardProGuard is a free Java class file shrinker and obfuscator. It can detect and remove unused classes, fields, m</div>
</li>
<li><a href="/article/1635.htm"
title="【Redis三】基于Redis sentinel的自动failover主从复制" target="_blank">【Redis三】基于Redis sentinel的自动failover主从复制</a>
<span class="text-muted">bit1129</span>
<a class="tag" taget="_blank" href="/search/redis/1.htm">redis</a>
<div>在第二篇中使用2.8.17搭建了主从复制,但是它存在Master单点问题,为了解决这个问题,Redis从2.6开始引入sentinel,用于监控和管理Redis的主从复制环境,进行自动failover,即Master挂了后,sentinel自动从从服务器选出一个Master使主从复制集群仍然可以工作,如果Master醒来再次加入集群,只能以从服务器的形式工作。
什么是Sentine</div>
</li>
<li><a href="/article/1762.htm"
title="使用代理实现Hibernate Dao层自动事务" target="_blank">使用代理实现Hibernate Dao层自动事务</a>
<span class="text-muted">白糖_</span>
<a class="tag" taget="_blank" href="/search/DAO/1.htm">DAO</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/AOP/1.htm">AOP</a><a class="tag" taget="_blank" href="/search/%E6%A1%86%E6%9E%B6/1.htm">框架</a><a class="tag" taget="_blank" href="/search/Hibernate/1.htm">Hibernate</a>
<div>都说spring利用AOP实现自动事务处理机制非常好,但在只有hibernate这个框架情况下,我们开启session、管理事务就往往很麻烦。
public void save(Object obj){
Session session = this.getSession();
Transaction tran = session.beginTransaction();
try </div>
</li>
<li><a href="/article/1889.htm"
title="maven3实战读书笔记" target="_blank">maven3实战读书笔记</a>
<span class="text-muted">braveCS</span>
<a class="tag" taget="_blank" href="/search/maven3/1.htm">maven3</a>
<div>Maven简介
是什么?
Is a software project management and comprehension tool.项目管理工具
是基于POM概念(工程对象模型)
[设计重复、编码重复、文档重复、构建重复,maven最大化消除了构建的重复]
[与XP:简单、交流与反馈;测试驱动开发、十分钟构建、持续集成、富有信息的工作区]
功能: </div>
</li>
<li><a href="/article/2016.htm"
title="编程之美-子数组的最大乘积" target="_blank">编程之美-子数组的最大乘积</a>
<span class="text-muted">bylijinnan</span>
<a class="tag" taget="_blank" href="/search/%E7%BC%96%E7%A8%8B%E4%B9%8B%E7%BE%8E/1.htm">编程之美</a>
<div>
public class MaxProduct {
/**
* 编程之美 子数组的最大乘积
* 题目: 给定一个长度为N的整数数组,只允许使用乘法,不能用除法,计算任意N-1个数的组合中乘积中最大的一组,并写出算法的时间复杂度。
* 以下程序对应书上两种方法,求得“乘积中最大的一组”的乘积——都是有溢出的可能的。
* 但按题目的意思,是要求得这个子数组,而不</div>
</li>
<li><a href="/article/2143.htm"
title="读书笔记-2" target="_blank">读书笔记-2</a>
<span class="text-muted">chengxuyuancsdn</span>
<a class="tag" taget="_blank" href="/search/%E8%AF%BB%E4%B9%A6%E7%AC%94%E8%AE%B0/1.htm">读书笔记</a>
<div>1、反射
2、oracle年-月-日 时-分-秒
3、oracle创建有参、无参函数
4、oracle行转列
5、Struts2拦截器
6、Filter过滤器(web.xml)
1、反射
(1)检查类的结构
在java.lang.reflect包里有3个类Field,Method,Constructor分别用于描述类的域、方法和构造器。
2、oracle年月日时分秒
s</div>
</li>
<li><a href="/article/2270.htm"
title="[求学与房地产]慎重选择IT培训学校" target="_blank">[求学与房地产]慎重选择IT培训学校</a>
<span class="text-muted">comsci</span>
<a class="tag" taget="_blank" href="/search/it/1.htm">it</a>
<div> 关于培训学校的教学和教师的问题,我们就不讨论了,我主要关心的是这个问题
培训学校的教学楼和宿舍的环境和稳定性问题
我们大家都知道,房子是一个比较昂贵的东西,特别是那种能够当教室的房子...
&nb</div>
</li>
<li><a href="/article/2397.htm"
title="RMAN配置中通道(CHANNEL)相关参数 PARALLELISM 、FILESPERSET的关系" target="_blank">RMAN配置中通道(CHANNEL)相关参数 PARALLELISM 、FILESPERSET的关系</a>
<span class="text-muted">daizj</span>
<a class="tag" taget="_blank" href="/search/oracle/1.htm">oracle</a><a class="tag" taget="_blank" href="/search/rman/1.htm">rman</a><a class="tag" taget="_blank" href="/search/filesperset/1.htm">filesperset</a><a class="tag" taget="_blank" href="/search/PARALLELISM/1.htm">PARALLELISM</a>
<div>RMAN配置中通道(CHANNEL)相关参数 PARALLELISM 、FILESPERSET的关系 转
PARALLELISM ---
我们还可以通过parallelism参数来指定同时"自动"创建多少个通道:
RMAN > configure device type disk parallelism 3 ;
表示启动三个通道,可以加快备份恢复的速度。 </div>
</li>
<li><a href="/article/2524.htm"
title="简单排序:冒泡排序" target="_blank">简单排序:冒泡排序</a>
<span class="text-muted">dieslrae</span>
<a class="tag" taget="_blank" href="/search/%E5%86%92%E6%B3%A1%E6%8E%92%E5%BA%8F/1.htm">冒泡排序</a>
<div>
public void bubbleSort(int[] array){
for(int i=1;i<array.length;i++){
for(int k=0;k<array.length-i;k++){
if(array[k] > array[k+1]){
</div>
</li>
<li><a href="/article/2651.htm"
title="初二上学期难记单词三" target="_blank">初二上学期难记单词三</a>
<span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/sciet/1.htm">sciet</a>
<div>concert 音乐会
tonight 今晚
famous 有名的;著名的
song 歌曲
thousand 千
accident 事故;灾难
careless 粗心的,大意的
break 折断;断裂;破碎
heart 心(脏)
happen 偶尔发生,碰巧
tourist 旅游者;观光者
science (自然)科学
marry 结婚
subject 题目;</div>
</li>
<li><a href="/article/2778.htm"
title="I.安装Memcahce 1. 安装依赖包libevent Memcache需要安装libevent,所以安装前可能需要执行 Shell代码 收藏代码" target="_blank">I.安装Memcahce 1. 安装依赖包libevent Memcache需要安装libevent,所以安装前可能需要执行 Shell代码 收藏代码</a>
<span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/redis/1.htm">redis</a>
<div>wget http://download.redis.io/redis-stable.tar.gz
tar xvzf redis-stable.tar.gz
cd redis-stable
make
前面3步应该没有问题,主要的问题是执行make的时候,出现了异常。
异常一:
make[2]: cc: Command not found
异常原因:没有安装g</div>
</li>
<li><a href="/article/2905.htm"
title="并发容器" target="_blank">并发容器</a>
<span class="text-muted">shuizhaosi888</span>
<a class="tag" taget="_blank" href="/search/%E5%B9%B6%E5%8F%91%E5%AE%B9%E5%99%A8/1.htm">并发容器</a>
<div> 通过并发容器来改善同步容器的性能,同步容器将所有对容器状态的访问都串行化,来实现线程安全,这种方式严重降低并发性,当多个线程访问时,吞吐量严重降低。
并发容器ConcurrentHashMap
替代同步基于散列的Map,通过Lock控制。
&nb</div>
</li>
<li><a href="/article/3032.htm"
title="Spring Security(12)——Remember-Me功能" target="_blank">Spring Security(12)——Remember-Me功能</a>
<span class="text-muted">234390216</span>
<a class="tag" taget="_blank" href="/search/Spring+Security/1.htm">Spring Security</a><a class="tag" taget="_blank" href="/search/Remember+Me/1.htm">Remember Me</a><a class="tag" taget="_blank" href="/search/%E8%AE%B0%E4%BD%8F%E6%88%91/1.htm">记住我</a>
<div>Remember-Me功能
目录
1.1 概述
1.2 基于简单加密token的方法
1.3 基于持久化token的方法
1.4 Remember-Me相关接口和实现</div>
</li>
<li><a href="/article/3159.htm"
title="位运算" target="_blank">位运算</a>
<span class="text-muted">焦志广</span>
<a class="tag" taget="_blank" href="/search/%E4%BD%8D%E8%BF%90%E7%AE%97/1.htm">位运算</a>
<div>
一、位运算符C语言提供了六种位运算符:
& 按位与
| 按位或
^ 按位异或
~ 取反
<< 左移
>> 右移
1. 按位与运算 按位与运算符"&"是双目运算符。其功能是参与运算的两数各对应的二进位相与。只有对应的两个二进位均为1时,结果位才为1 ,否则为0。参与运算的数以补码方式出现。
例如:9&am</div>
</li>
<li><a href="/article/3286.htm"
title="nodejs 数据库连接 mongodb mysql" target="_blank">nodejs 数据库连接 mongodb mysql</a>
<span class="text-muted">liguangsong</span>
<a class="tag" taget="_blank" href="/search/mongodb/1.htm">mongodb</a><a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a><a class="tag" taget="_blank" href="/search/node/1.htm">node</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E5%BA%93%E8%BF%9E%E6%8E%A5/1.htm">数据库连接</a>
<div>1.mysql 连接
package.json中dependencies加入
"mysql":"~2.7.0"
执行 npm install
在config 下创建文件 database.js
</div>
</li>
<li><a href="/article/3413.htm"
title="java动态编译" target="_blank">java动态编译</a>
<span class="text-muted">olive6615</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/HotSpot/1.htm">HotSpot</a><a class="tag" taget="_blank" href="/search/jvm/1.htm">jvm</a><a class="tag" taget="_blank" href="/search/%E5%8A%A8%E6%80%81%E7%BC%96%E8%AF%91/1.htm">动态编译</a>
<div> 在HotSpot虚拟机中,有两个技术是至关重要的,即动态编译(Dynamic compilation)和Profiling。
HotSpot是如何动态编译Javad的bytecode呢?Java bytecode是以解释方式被load到虚拟机的。HotSpot里有一个运行监视器,即Profile Monitor,专门监视</div>
</li>
<li><a href="/article/3540.htm"
title="Storm0.9.5的集群部署配置优化" target="_blank">Storm0.9.5的集群部署配置优化</a>
<span class="text-muted">roadrunners</span>
<a class="tag" taget="_blank" href="/search/%E4%BC%98%E5%8C%96/1.htm">优化</a><a class="tag" taget="_blank" href="/search/storm.yaml/1.htm">storm.yaml</a>
<div>nimbus结点配置(storm.yaml)信息:
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional inf</div>
</li>
<li><a href="/article/3667.htm"
title="101个MySQL 的调节和优化的提示" target="_blank">101个MySQL 的调节和优化的提示</a>
<span class="text-muted">tomcat_oracle</span>
<a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a>
<div> 1. 拥有足够的物理内存来把整个InnoDB文件加载到内存中——在内存中访问文件时的速度要比在硬盘中访问时快的多。 2. 不惜一切代价避免使用Swap交换分区 – 交换时是从硬盘读取的,它的速度很慢。 3. 使用电池供电的RAM(注:RAM即随机存储器)。 4. 使用高级的RAID(注:Redundant Arrays of Inexpensive Disks,即磁盘阵列</div>
</li>
<li><a href="/article/3794.htm"
title="zoj 3829 Known Notation(贪心)" target="_blank">zoj 3829 Known Notation(贪心)</a>
<span class="text-muted">阿尔萨斯</span>
<a class="tag" taget="_blank" href="/search/ZOJ/1.htm">ZOJ</a>
<div> 题目链接:zoj 3829 Known Notation
题目大意:给定一个不完整的后缀表达式,要求有2种不同操作,用尽量少的操作使得表达式完整。
解题思路:贪心,数字的个数要要保证比∗的个数多1,不够的话优先补在开头是最优的。然后遍历一遍字符串,碰到数字+1,碰到∗-1,保证数字的个数大于等1,如果不够减的话,可以和最后面的一个数字交换位置(用栈维护十分方便),因为添加和交换代价都是1</div>
</li>
</ul>
</div>
</div>
</div>
<div>
<div class="container">
<div class="indexes">
<strong>按字母分类:</strong>
<a href="/tags/A/1.htm" target="_blank">A</a><a href="/tags/B/1.htm" target="_blank">B</a><a href="/tags/C/1.htm" target="_blank">C</a><a
href="/tags/D/1.htm" target="_blank">D</a><a href="/tags/E/1.htm" target="_blank">E</a><a href="/tags/F/1.htm" target="_blank">F</a><a
href="/tags/G/1.htm" target="_blank">G</a><a href="/tags/H/1.htm" target="_blank">H</a><a href="/tags/I/1.htm" target="_blank">I</a><a
href="/tags/J/1.htm" target="_blank">J</a><a href="/tags/K/1.htm" target="_blank">K</a><a href="/tags/L/1.htm" target="_blank">L</a><a
href="/tags/M/1.htm" target="_blank">M</a><a href="/tags/N/1.htm" target="_blank">N</a><a href="/tags/O/1.htm" target="_blank">O</a><a
href="/tags/P/1.htm" target="_blank">P</a><a href="/tags/Q/1.htm" target="_blank">Q</a><a href="/tags/R/1.htm" target="_blank">R</a><a
href="/tags/S/1.htm" target="_blank">S</a><a href="/tags/T/1.htm" target="_blank">T</a><a href="/tags/U/1.htm" target="_blank">U</a><a
href="/tags/V/1.htm" target="_blank">V</a><a href="/tags/W/1.htm" target="_blank">W</a><a href="/tags/X/1.htm" target="_blank">X</a><a
href="/tags/Y/1.htm" target="_blank">Y</a><a href="/tags/Z/1.htm" target="_blank">Z</a><a href="/tags/0/1.htm" target="_blank">其他</a>
</div>
</div>
</div>
<footer id="footer" class="mb30 mt30">
<div class="container">
<div class="footBglm">
<a target="_blank" href="/">首页</a> -
<a target="_blank" href="/custom/about.htm">关于我们</a> -
<a target="_blank" href="/search/Java/1.htm">站内搜索</a> -
<a target="_blank" href="/sitemap.txt">Sitemap</a> -
<a target="_blank" href="/custom/delete.htm">侵权投诉</a>
</div>
<div class="copyright">版权所有 IT知识库 CopyRight © 2000-2050 E-COM-NET.COM , All Rights Reserved.
<!-- <a href="https://beian.miit.gov.cn/" rel="nofollow" target="_blank">京ICP备09083238号</a><br>-->
</div>
</div>
</footer>
<!-- 代码高亮 -->
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shCore.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shLegacy.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shAutoloader.js"></script>
<link type="text/css" rel="stylesheet" href="/static/syntaxhighlighter/styles/shCoreDefault.css"/>
<script type="text/javascript" src="/static/syntaxhighlighter/src/my_start_1.js"></script>
</body>
</html>