【云原生】第十三篇--容器管理工具 Containerd
轻量级或工业级容器管理工具 Containerd
- 一、Containerd介绍
-
- 1.0 前言
- 1.1 Containerd前世今生
- 1.2 Containerd架构
-
- 1.2.1 架构图
- 1.2.2 常用插件
- 1.2.3 架构缩略图
- 1.2.4 与其它容器运行时工具性能对比
- 二、Containerd安装
-
- 2.1 YUM方式安装
-
- 2.1.1 获取YUM源
- 2.1.2 使用yum命令安装
- 2.1.3 验证安装及启动服务
- 2.1.4 验证可用性
- 2.2 二进制方式安装
-
- 2.2.1 获取安装包
- 2.2.2 安装并测试可用性
-
- 2.2.2.1 安装containerd
- 2.2.2.2 查看containerd安装位置
- 2.2.2.3 复制containerd运行时文件至系统
- 2.2.2.4 添加containerd.service文件至系统
- 2.2.2.5 查看containerd使用帮助
- 2.2.2.6 生成containerd模块配置文件
-
- 2.2.2.6.1 生成默认模块配置文件
- 2.2.2.6.2 替换默认配置文件
- 2.2.2.7 启动containerd服务并设置开机自启动
- 2.2.2.8 复制ctr命令至系统
- 2.2.2.9 查看已安装containerd服务版本
- 2.2.2.10 安装runC
-
- 2.2.2.10.1 获取runC
- 2.2.2.10.2 安装runC并验证安装结果
- 三、Containerd容器镜像管理
-
- 3.1 Containerd容器镜像管理命令
- 3.2 查看镜像
- 3.3 下载镜像
- 3.4 镜像挂载
- 3.5 镜像导出
- 3.6 镜像删除
- 3.7 镜像导入
- 3.8 修改镜像tag
- 四、Containerd容器管理
-
- 4.1 获取命令帮助
-
- 4.1.1 获取ctr命令帮助
- 4.1.2 获取创建静态容器命令帮助
- 4.1.3 获取动态容器命令帮助
- 4.2 查看容器
- 4.3 查看任务
- 4.4 创建静态容器
- 4.5 静态容器启动为动态容器
- 4.6 进入容器操作
- 4.7 直接运行一个动态容器
- 4.8 暂停容器
- 4.9 恢复容器
- 4.10 停止容器
- 4.11 删除容器
- 五、Containerd使用私有容器镜像仓库 Harbor
-
- 5.1 Harbor准备
- 5.2 配置Containerd使用Harbor仓库
-
- 5.2.1 Harbor主机名解析
- 5.2.2 修改Containerd配置文件
- 5.2.3 ctr下载镜像
- 5.2.4 ctr上传镜像
- 六、Containerd NameSpace管理
- 七、Containerd Network管理
-
- 7.1 创建CNI网络
-
- 7.1.1 获取CNI工具源码
- 7.1.2 获取CNI Plugins(CNI插件)
- 7.1.3 准备CNI网络配置文件
- 7.1.4 生成CNI网络
- 7.2 为Containerd容器配置网络功能
-
- 7.2.1 创建一个容器
- 7.2.2 进入容器查看其网络情况
- 7.2.3 获取容器进程ID及其网络命名空间
- 7.2.4 为指定容器添加网络配置
- 八、Containerd容器数据持久化存储
- 九、与其它Containerd容器共享命名空间
- 十、Docker集成Containerd实现容器管理
一、Containerd介绍
1.0 前言
-
早在2016年3月,Docker 1.11的Docker Engine里就包含了containerd,而现在则是把containerd从Docker Engine里彻底剥离出来,作为一个独立的开源项目独立发展,目标是提供一个更加开放、稳定的容器运行基础设施。和原先包含在Docker Engine里containerd相比,独立的containerd将具有更多的功能,可以涵盖整个容器运行时管理的所有需求。
-
containerd并不是直接面向最终用户的,而是主要用于集成到更上层的系统里,比如Swarm, Kubernetes, Mesos等容器编排系统。
-
containerd以Daemon的形式运行在系统上,通过暴露底层的gRPC API,上层系统可以通过这些API管理机器上的容器。
-
每个containerd只负责一台机器,Pull镜像,对容器的操作(启动、停止等),网络,存储都是由containerd完成。具体运行容器由runC负责,实际上只要是符合OCI规范的容器都可以支持。
-
对于容器编排服务来说,运行时只需要使用containerd+runC,更加轻量,容易管理。
-
独立之后containerd的特性演进可以和Docker Engine分开,专注容器运行时管理,可以更稳定。
1.1 Containerd前世今生
2013年docker公司在推出docker产品后,由于其对全球技术产生了一定的影响力,Google公司明显感觉到自己公司内部所使用的Brog系统江湖地位受到的威胁,希望Docker公司能够与自己联合打造一款开源的容器运行时作为Docker核心依赖,但Docker公司拒绝了;接着Google公司联合RedHat、IBM等公司说服Docker公司把其容器核心技术libcontainer捐给中立社区(OCI,Open Container Intiative),并更名为runC。
为了进一步遏制Docker在未来技术市场影响力,避免在容器市场上Docker一家独大,Google公司带领导RedHat、IBM等成立了CNCF(Cloud Native Computing Fundation)基金会,即云原生计算基金会。CNCF的目标很明确,既然在容器应用领域无法与Docker相抗衡,那就做Google更有经验的技术市场------大规模容器编排应用场景,Google公司把自己内部使用的Brog系统开源------Kubernetes,也就是我们今天所说的云原生技术生态。
2016年Docker公司推出了Docker Swarm,意在一统Docker生态,让Docker既可以实现容器应用管理,也可以实现大规模容器编排,经过近1年左右时间的市场验证后,发现在容器编排方面无法独立抗衡kubernetes,所以Docker公司于2017年正式宣布原生支持Kubernetes,至此,Docker在大规模容器编排应用市场败下阵来,但是Docker依然不甘心失败,把Docker核心依赖Containerd捐给了CNCF,依此说明Docker依旧是一个PaaS平台。
2020年CNCF基金会宣布Kubernetes 1.20版本将不再仅支持Docker容器管理工具,此事的起因主要也与Docker捐给CNCF基金会的Containerd有关,早期为了实现Kubernetes能够使用Docker实现容器管理,专门在Kubernetes组件中集成一个shim(垫片)技术,用来将Kubernetes容器运行时接口(CRI,Container Runntime Interface)调用翻译成Docker的API,这样就可以很好地使用Docker了,但是随着Kubernetes在全球技术市场的广泛应用,有更多的容器管理工具的出现,它们都想能够借助于Kubernetes被用户所使用,所以就提出标准化容器运行时接口,只要适配了这个接口就可以集成到Kubernetes生态当中,所以Kubernetes取消了对shim的维护,并且由于Containerd技术的成功,可以实现无缝对接Kubernetes,所以接下来Kubernetes容器运行时的主角是Containerd。
1.2 Containerd架构
1.2.1 架构图
Containerd设计的目的是为了嵌入到Kubernetes中使用,它是一个工业级的容器运行时,不提供给开发人员和终端用户直接使用,这样就避免了与Docker产生竞争,但事实上,Containerd已经实现大多数容器管理功能,例如:容器生命周期管理、容器镜像传输和管理、容器存储与网络管理等。
-
Containerd 采用标准的 C/S 架构
- 服务端通过 GRPC 协议提供稳定的 API
- 客户端通过调用服务端的 API 进行高级的操作
-
为了实现解耦,Containerd 将不同的职责划分给不同的组件,每个组件就相当于一个子系统(subsystem)。连接不同子系统的组件被称为模块。
-
Containerd 两大子系统为:
- Bundle : 在 Containerd 中,Bundle 包含了配置、元数据和根文件系统数据,你可以理解为容器的文件系统。而 Bundle 子系统允许用户从镜像中提取和打包 Bundles。
- Runtime : Runtime 子系统用来执行 Bundles,比如创建容器。
其中,每一个子系统的行为都由一个或多个模块协作完成(架构图中的 Core 部分)。每一种类型的模块都以插件的形式集成到 Containerd 中,而且插件之间是相互依赖的。
例如,上图中的每一个长虚线的方框都表示一种类型的插件,包括 Service Plugin、Metadata Plugin、GC Plugin、Runtime Plugin 等,其中 Service Plugin 又会依赖 Metadata Plugin、GC Plugin 和 Runtime Plugin。每一个小方框都表示一个细分的插件,例如 Metadata Plugin 依赖 Containers Plugin、Content Plugin 等。
1.2.2 常用插件
- Content Plugin : 提供对镜像中可寻址内容的访问,所有不可变的内容都被存储在这里。
- Snapshot Plugin : 用来管理容器镜像的文件系统快照。镜像中的每一个 layer 都会被解压成文件系统快照,类似于 Docker 中的
graphdriver。 - Metrics : 暴露各个组件的监控指标。
1.2.3 架构缩略图
Containerd 被分为三个大块:Storage、Metadata 和 Runtime
1.2.4 与其它容器运行时工具性能对比
这是使用 bucketbench 对 Docker、crio 和 Containerd 的性能测试结果,包括启动、停止和删除容器,以比较它们所耗的时间:
结论: Containerd 在各个方面都表现良好,总体性能优于 Docker 和 crio 。
二、Containerd安装
课程操作系统环境为centos7u6
2.1 YUM方式安装
2.1.1 获取YUM源
获取阿里云YUM源
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看YUM源中Containerd软件
# yum list | grep containerd
containerd.io.x86_64 1.4.12-3.1.el7 docker-ce-stable
2.1.2 使用yum命令安装
安装Containerd.io软件,即可安装Containerd
# yum -y install containerd.io
2.1.3 验证安装及启动服务
使用rpm -qa命令查看是否安装
# rpm -qa | grep containerd
containerd.io-1.4.12-3.1.el7.x86_64
设置containerd服务启动及开机自启动
# systemctl enable containerd
# systemctl start containerd
查看containerd服务启动状态
# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2022-02-18 11:38:30 CST; 9s ago 此行第二列及第三列表示其正在运行状态
Docs: https://containerd.io
Process: 59437 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 59439 (containerd)
Tasks: 7
Memory: 19.5M
CGroup: /system.slice/containerd.service
└─59439 /usr/bin/containerd
......
2.1.4 验证可用性
安装Containerd时ctr命令亦可使用,ctr命令主要用于管理容器及容器镜像等。
使用ctr命令查看Containerd客户端及服务端相关信息。
# ctr version
Client:
Version: 1.4.12
Revision: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
Go version: go1.16.10
Server:
Version: 1.4.12
Revision: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
UUID: 3c4b142d-d91d-44a5-aae2-9673785d4b2c
2.2 二进制方式安装
Containerd有两种安装包:
- 第一种是
containerd-xxx,这种包用于单机测试没问题,不包含runC,需要提前安装。 - 第二种是
cri-containerd-cni-xxxx,包含runc和k8s里的所需要的相关文件。k8s集群里需要用到此包。虽然包含runC,但是依赖系统中的seccomp(安全计算模式,是一种限制容器调用系统资源的模式。)
2.2.1 获取安装包
下载Containerd安装包
# wget https://github.com/containerd/containerd/releases/download/v1.6.0/cri-containerd-cni-1.6.0-linux-amd64.tar.gz
2.2.2 安装并测试可用性
2.2.2.1 安装containerd
查看已获取的安装包
# ls
cri-containerd-cni-1.6.0-linux-amd64.tar.gz
解压已下载的软件包
# tar xf cri-containerd-cni-1.6.0-linux-amd64.tar.gz
查看解压后目录
# ls
etc opt usr
查看etc目录,主要为containerd服务管理配置文件及cni虚拟网卡配置文件
# ls etc
cni crictl.yaml systemd
# ls etc/systemd/
system
# ls etc/systemd/system/
containerd.service
查看opt目录,主要为gce环境中使用containerd配置文件及cni插件
# ls opt
cni containerd
# ls opt/containerd/
cluster
# ls opt/containerd/cluster/
gce version
# ls opt/containerd/cluster/gce
cloud-init cni.template configure.sh env
查看usr目录,主要为containerd运行时文件,包含runc
# ls usr
local
# ls usr/local/
bin sbin
# ls usr/local/bin
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
# ls usr/local/sbin
runc
2.2.2.2 查看containerd安装位置
查看containerd.service文件,了解containerd文件安装位置
# cat etc/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd 查看此位置,把containerd二进制文件放置于此处即可完成安装。
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
2.2.2.3 复制containerd运行时文件至系统
查看宿主机/usr/local/bin目录,里面没有任何内容。
# ls /usr/local/bin/
查看解压后usr/local/bin目录,里面包含containerd运行时文件
# ls usr/
local
# ls usr/local/
bin sbin
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
复制containerd文件至/usr/local/bin目录中,本次可仅复制containerd一个文件也可复制全部文件。
# cp usr/local/bin/containerd /usr/local/bin/
# ls /usr/local/bin/
containerd
2.2.2.4 添加containerd.service文件至系统
查看解压后的etc/system目录
# ls etc
cni crictl.yaml systemd
# ls etc/systemd/
system
# ls etc/systemd/system/
containerd.service
复制containerd服务管理配置文件至/usr/lib/systemd/system/目录中
# cp etc/systemd/system/containerd.service /usr/lib/systemd/system/containerd.service
查看复制后结果
# ls /usr/lib/systemd/system/containerd.service
/usr/lib/systemd/system/containerd.service
2.2.2.5 查看containerd使用帮助
# containerd --help
NAME:
containerd -
__ _ __
_________ ____ / /_____ _(_)___ ___ _________/ /
/ ___/ __ \/ __ \/ __/ __ `/ / __ \/ _ \/ ___/ __ /
/ /__/ /_/ / / / / /_/ /_/ / / / / / __/ / / /_/ /
\___/\____/_/ /_/\__/\__,_/_/_/ /_/\___/_/ \__,_/
high performance container runtime
USAGE:
containerd [global options] command [command options] [arguments...]
VERSION:
v1.6.0
DESCRIPTION:
containerd is a high performance container runtime whose daemon can be started
by using this command. If none of the *config*, *publish*, or *help* commands
are specified, the default action of the **containerd** command is to start the
containerd daemon in the foreground.
A default configuration is used if no TOML configuration is specified or located
at the default file location. The *containerd config* command can be used to
generate the default configuration for containerd. The output of that command
can be used and modified as necessary as a custom configuration.
COMMANDS:
config information on the containerd config
publish binary to publish events to containerd
oci-hook provides a base for OCI runtime hooks to allow arguments to be injected.
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--config value, -c value path to the configuration file (default: "/etc/containerd/config.toml")
--log-level value, -l value set the logging level [trace, debug, info, warn, error, fatal, panic]
--address value, -a value address for containerd's GRPC server
--root value containerd root directory
--state value containerd state directory
--help, -h show help
--version, -v print the version
2.2.2.6 生成containerd模块配置文件
2.2.2.6.1 生成默认模块配置文件
Containerd 的默认配置文件为 /etc/containerd/config.toml,可以使用containerd config default > /etc/containerd/config.toml命令创建一份模块配置文件
创建配置文件目录
# mkdir /etc/containerd
生成配置文件
# containerd config default > /etc/containerd/config.toml
查看配置文件
# cat /etc/containerd/config.toml
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2
[cgroup]
path = ""
[debug]
address = ""
format = ""
gid = 0
level = ""
uid = 0
[grpc]
address = "/run/containerd/containerd.sock"
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
tcp_address = ""
tcp_tls_ca = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
[metrics]
address = ""
grpc_histogram = false
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
deletion_threshold = 0
mutation_threshold = 100
pause_threshold = 0.02
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
device_ownership_from_security_context = false
disable_apparmor = false
disable_cgroup = false
disable_hugetlb_controller = true
disable_proc_mount = false
disable_tcp_service = true
enable_selinux = false
enable_tls_streaming = false
enable_unprivileged_icmp = false
enable_unprivileged_ports = false
ignore_image_defined_volumes = false
max_concurrent_downloads = 3
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "k8s.gcr.io/pause:3.6" 由于网络原因,此处被替换
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
systemd_cgroup = false
tolerate_missing_hugetlb_controller = true
unset_seccomp_profile = ""
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
ip_pref = ""
max_conf_num = 1
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
disable_snapshot_annotations = true
discard_unpacked_layers = false
ignore_rdt_not_enabled_errors = false
no_pivot = false
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = false
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = "node"
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.internal.v1.tracing"]
sampling_ratio = 1.0
service_name = "containerd"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.runtime.v1.linux"]
no_shim = false
runtime = "runc"
runtime_root = ""
shim = "containerd-shim"
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
sched_core = false
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.service.v1.tasks-service"]
rdt_config_file = ""
[plugins."io.containerd.snapshotter.v1.aufs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.btrfs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.devmapper"]
async_remove = false
base_image_size = ""
discard_blocks = false
fs_options = ""
fs_type = ""
pool_name = ""
root_path = ""
[plugins."io.containerd.snapshotter.v1.native"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.overlayfs"]
root_path = ""
upperdir_label = false
[plugins."io.containerd.snapshotter.v1.zfs"]
root_path = ""
[plugins."io.containerd.tracing.processor.v1.otlp"]
endpoint = ""
insecure = false
protocol = ""
[proxy_plugins]
[stream_processors]
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar"
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar+gzip"
[timeouts]
"io.containerd.timeout.bolt.open" = "0s"
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[ttrpc]
address = ""
gid = 0
uid = 0
2.2.2.6.2 替换默认配置文件
但上述配置文件后期改动的地方较多,这里直接换成可单机使用也可k8s环境使用的配置文件并配置好镜像加速器。
# vim /etc/containerd/config.toml
# cat /etc/containerd/config.toml
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = -999
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[plugins]
[plugins.cgroups]
no_prometheus = false
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_selinux = false
sandbox_image = "easzlab/pause-amd64:3.2"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
[plugins.cri.containerd]
snapshotter = "overlayfs"
no_pivot = false
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.cni]
bin_dir = "/opt/kube/bin"
conf_dir = "/etc/cni/net.d"
conf_template = "/etc/cni/net.d/10-default.conf"
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
]
[plugins.cri.registry.mirrors."gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."k8s.gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn/google-containers/"
]
[plugins.cri.registry.mirrors."quay.io"]
endpoint = [
"https://quay.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."harbor.kubemsb.com"] 此处添加了本地容器镜像仓库 Harbor,做为本地容器镜像仓库。
endpoint = [
"http://harbor.kubemsb.com"
]
[plugins.cri.x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins.diff-service]
default = ["walking"]
[plugins.linux]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins.opt]
path = "/opt/containerd"
[plugins.restart]
interval = "10s"
[plugins.scheduler]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
2.2.2.7 启动containerd服务并设置开机自启动
# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
# systemctl start containerd
# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2022-02-18 13:02:37 CST; 7s ago
Docs: https://containerd.io
Process: 60383 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 60384 (containerd)
Tasks: 8
Memory: 20.0M
CGroup: /system.slice/containerd.service
└─60384 /usr/local/bin/containerd
......
2.2.2.8 复制ctr命令至系统
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
# cp usr/local/bin/ctr /usr/bin/
2.2.2.9 查看已安装containerd服务版本
# ctr version
Client:
Version: v1.6.0
Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6e
Go version: go1.17.2
Server:
Version: v1.6.0
Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6e
UUID: c1972cbe-884a-41b0-867f-f8a58c168e6d
2.2.2.10 安装runC
由于二进制包中提供的runC默认需要系统中安装seccomp支持,需要单独安装,且不同版本runC对seccomp版本要求一致,所以建议单独下载runC 二进制包进行安装,里面包含了seccomp模块支持。
2.2.2.10.1 获取runC
使用wget下载
# wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
2.2.2.10.2 安装runC并验证安装结果
查看已下载文件
# ls
runc.amd64
安装runC
# mv runc.amd64 /usr/sbin/runc
为runC添加可执行权限
# chmod +x /usr/sbin/runc
使用runc命令验证是否安装成功
# runc -v
runc version 1.1.0
commit: v1.1.0-0-g067aaf85
spec: 1.0.2-dev
go: go1.17.6
libseccomp: 2.5.3
三、Containerd容器镜像管理
3.1 Containerd容器镜像管理命令
- docker使用docker images命令管理镜像
- 单机containerd使用ctr images命令管理镜像,containerd本身的CLI
- k8s中containerd使用crictl images命令管理镜像,Kubernetes社区的专用CLI工具
获取命令帮助
# ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.6.0
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
获取命令帮助
# ctr images
NAME:
ctr images - manage images
USAGE:
ctr images command [command options] [arguments...]
COMMANDS:
check check existing images to ensure all content is available locally
export export images
import import images
list, ls list images known to containerd
mount mount an image to a target path
unmount unmount the image from the target
pull pull an image from a remote
push push an image to a remote
delete, del, remove, rm remove one or more images by reference
tag tag an image
label set and clear labels for an image
convert convert an image
OPTIONS:
--help, -h show help
3.2 查看镜像
# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
3.3 下载镜像
containerd支持oci标准的镜像,所以可以直接使用docker官方或dockerfile构建的镜像
# ctr images pull --all-platforms docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:050385609d832fae11b007fbbfba77d0bba12bf72bc0dca0ac03e09b1998580f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f2303c6c88653b9a6739d50f611c170b9d97d161c6432409c680f6b46a5f112f: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:bef258acf10dc257d641c47c3a600c92f87be4b4ce4a5e4752b3eade7533dcd9: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:8d6ba530f6489d12676d7f61628427d067243ba4a3a512c3e28813b977cb3b0e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:5288d7ad7a7f84bdd19c1e8f0abb8684b5338f3da86fe9ae1d7f0e9bc2de6595: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:39e51c61c033442d00c40a30b2a9ed01f40205875fbd8664c50b4dc3e99ad5cf: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ee6f71c6f4a82b2afd01f92bdf6be0079364d03020e8a2c569062e1c06d3822b: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 11.0s total: 8.7 Mi (809.5 KiB/s)
unpacking linux/amd64 sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3...
done: 1.860946163s
说明:
这里ctr命令pull镜像时,不能直接把镜像名字写成`nginx:alpine`
查看已下载容器镜像
# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
| REF | TYPE | DIGEST |
|---|---|---|
| docker.io/library/nginx:alpine | application/vnd.docker.distribution.manifest.list.v2+json | sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 |
| SIZE | PLATFORMS | LABELS |
|---|---|---|
| 9.7 MiB | linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x | - |
指定平台下载容器镜像
# ctr images pull --platform linux/amd64 docker.io/library/nginx:alpine
3.4 镜像挂载
方便查看镜像中包含的内容。
把已下载的容器镜像挂载至当前文件系统
# ctr images mount docker.io/library/nginx:alpine /mnt
sha256:af2fcce448e2e4451a5f4796a9bf9cb5c9b5f88e0d6d10029cada42fb9d268ac
/mnt
[root@localhost ~]# ls /mnt
bin dev docker-entrypoint.d docker-entrypoint.sh etc home lib media mnt opt proc root run sbin srv sys tmp usr var
卸载
# umount /mnt
3.5 镜像导出
把容器镜像导出
# ctr i export --all-platforms nginx.img docker.io/library/nginx:alpine
说明
--all-platforms,导出所有平台镜像,本版本为1.6版本,1.4版本不需要添加此选项。
查看已导出容器镜像
# ls
nginx.img
# ls -lh
总用量 196M
-rw-r--r-- 1 root root 73M 2月 18 14:48 nginx.img
3.6 镜像删除
删除指定容器镜像
# ctr image rm docker.io/library/nginx:alpine
docker.io/library/nginx:alpine
再次查看容器镜像
[root@192 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
3.7 镜像导入
导入容器镜像
# ctr images import nginx.img
unpacking docker.io/library/nginx:alpine (sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3)...done
3.8 修改镜像tag
# ctr images tag docker.io/library/nginx:alpine nginx:alpine
nginx:alpine
说明:
把docker.io/library/nginx:alpine 修改为 nginx:alpine
查看修改后的容器镜像
# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
修改后对容器镜像做检查比对
# ctr images check
REF TYPE DIGEST STATUS SIZE UNPACKED
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 complete (7/7) 9.7 MiB/9.7 MiB true
nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:da9c94bec1da829ebd52431a84502ec471c8e548ffb2cedbf36260fd9bd1d4d3 complete (7/7) 9.7 MiB/9.7 MiB true
四、Containerd容器管理
4.1 获取命令帮助
4.1.1 获取ctr命令帮助
[root@localhost ~]# ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.6.0
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
4.1.2 获取创建静态容器命令帮助
# ctr container --help
NAME:
ctr containers - manage containers
USAGE:
ctr containers command [command options] [arguments...]
COMMANDS:
create create container
delete, del, remove, rm delete one or more existing containers
info get info about a container
list, ls list containers
label set and clear labels for a container
checkpoint checkpoint a container
restore restore a container from checkpoint
OPTIONS:
--help, -h show help
说明:
使用`ctr container create `命令创建容器后,容器并没有处于运行状态,其只是一个静态的容器。这个 container 对象只是包含了运行一个容器所需的资源及配置的数据结构,例如: namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程(本案例为nginx)还没有启动。需要使用`ctr tasks`命令才能获取一个动态容器。
4.1.3 获取动态容器命令帮助
# ctr run --help
NAME:
ctr run - run a container
USAGE:
ctr run [command options] [flags] Image|RootFS ID [COMMAND] [ARG...]
OPTIONS:
--rm remove the container after running
--null-io send all IO to /dev/null
--log-uri value log uri
--detach, -d detach from the task after it has started execution
--fifo-dir value directory used for storing IO FIFOs
--cgroup value cgroup path (To disable use of cgroup, set to "" explicitly)
--platform value run image for specific platform
--cni enable cni networking for the container
--runc-binary value specify runc-compatible binary
--runc-root value specify runc-compatible root
--runc-systemd-cgroup start runc with systemd cgroup manager
--uidmap container-uid:host-uid:length run inside a user namespace with the specified UID mapping range; specified with the format container-uid:host-uid:length
--gidmap container-gid:host-gid:length run inside a user namespace with the specified GID mapping range; specified with the format container-gid:host-gid:length
--remap-labels provide the user namespace ID remapping to the snapshotter via label options; requires snapshotter support
--cpus value set the CFS cpu quota (default: 0)
--cpu-shares value set the cpu shares (default: 1024)
--snapshotter value snapshotter name. Empty value stands for the default value. [$CONTAINERD_SNAPSHOTTER]
--snapshotter-label value labels added to the new snapshot for this container.
--config value, -c value path to the runtime-specific spec config file
--cwd value specify the working directory of the process
--env value specify additional container environment variables (e.g. FOO=bar)
--env-file value specify additional container environment variables in a file(e.g. FOO=bar, one per line)
--label value specify additional labels (e.g. foo=bar)
--mount value specify additional container mount (e.g. type=bind,src=/tmp,dst=/host,options=rbind:ro)
--net-host enable host networking for the container
--privileged run privileged container
--read-only set the containers filesystem as readonly
--runtime value runtime name (default: "io.containerd.runc.v2")
--runtime-config-path value optional runtime config path
--tty, -t allocate a TTY for the container
--with-ns value specify existing Linux namespaces to join at container runtime (format ':' )
--pid-file value file path to write the task's pid
--gpus value add gpus to the container
--allow-new-privs turn off OCI spec's NoNewPrivileges feature flag
--memory-limit value memory limit (in bytes) for the container (default: 0)
--device value file path to a device to add to the container; or a path to a directory tree of devices to add to the container
--cap-add value add Linux capabilities (Set capabilities with 'CAP_' prefix)
--cap-drop value drop Linux capabilities (Set capabilities with 'CAP_' prefix)
--seccomp enable the default seccomp profile
--seccomp-profile value file path to custom seccomp profile. seccomp must be set to true, before using seccomp-profile
--apparmor-default-profile value enable AppArmor with the default profile with the specified name, e.g. "cri-containerd.apparmor.d"
--apparmor-profile value enable AppArmor with an existing custom profile
--rdt-class value name of the RDT class to associate the container with. Specifies a Class of Service (CLOS) for cache and memory bandwidth management.
--rootfs use custom rootfs that is not managed by containerd snapshotter
--no-pivot disable use of pivot-root (linux only)
--cpu-quota value Limit CPU CFS quota (default: -1)
--cpu-period value Limit CPU CFS period (default: 0)
--rootfs-propagation value set the propagation of the container rootfs
说明:
使用`ctr run`命令可以创建一个静态容器并使其运行。一步到位运行容器。
4.2 查看容器
container表示静态容器,可用c缩写代表container
# ctr container ls
CONTAINER IMAGE RUNTIME
或
# ctr c ls
CONTAINER IMAGE RUNTIME
4.3 查看任务
task表示容器里跑的进程, 可用t缩写代表task
# ctr task ls
TASK PID STATUS
或
# ctr t ls
TASK PID STATUS
4.4 创建静态容器
# ctr c create docker.io/library/nginx:alpine nginx1
# ctr container ls
CONTAINER IMAGE RUNTIME
nginx1 docker.io/library/nginx:alpine io.containerd.runc.v2
查看容器详细信息
# ctr container info nginx1
4.5 静态容器启动为动态容器
复制containerd连接runC垫片工具至系统
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
[root@localhost ~]# cp usr/local/bin/containerd-shim-runc-v2 /usr/bin/
启动task,即表时在容器中运行了进程,即为动态容器。
# ctr task start -d nginx1
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
说明:
-d表示daemon或者后台的意思,否则会卡住终端
查看容器所在宿主机进程,是以宿主机进程的方式存在的。
# ctr task ls
TASK PID STATUS
nginx1 3395 RUNNING
查看容器的进程(都是物理机的进程)
# ctr task ps nginx1
PID INFO
3395 -
3434 -
物理机查看到相应的进程
# ps -ef | grep 3395
root 3395 3375 0 19:16 ? 00:00:00 nginx: master process nginx -g daemon off;
101 3434 3395 0 19:16 ? 00:00:00 nginx: worker process
4.6 进入容器操作
# ctr task exec --exec-id 1 nginx1 /bin/sh
ifconfig 查看网卡信息
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
curl 127.0.0.1 访问本地提供的web服务
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<!DOCTYPE html>
Welcome to nginx<span class="token operator">!</span><<span class="token operator">/</span>title>
<style>
html <span class="token punctuation">{</span> color<span class="token operator">-</span>scheme: light dark<span class="token punctuation">;</span> <span class="token punctuation">}</span>
body <span class="token punctuation">{</span> width: 35em<span class="token punctuation">;</span> margin: 0 auto<span class="token punctuation">;</span>
font<span class="token operator">-</span>family: Tahoma<span class="token punctuation">,</span> Verdana<span class="token punctuation">,</span> Arial<span class="token punctuation">,</span> sans<span class="token operator">-</span>serif<span class="token punctuation">;</span> <span class="token punctuation">}</span>
<<span class="token operator">/</span>style>
<<span class="token operator">/</span>head>
<body>
<h1>Welcome to nginx<span class="token operator">!</span><<span class="token operator">/</span>h1>
<p><span class="token keyword">If</span> you see this page<span class="token punctuation">,</span> the nginx web server is successfully installed and
working<span class="token punctuation">.</span> Further configuration is required<span class="token punctuation">.</span><<span class="token operator">/</span>p>
<p><span class="token keyword">For</span> online documentation and support please refer to
<a href=<span class="token string">"http://nginx.org/"</span>>nginx<span class="token punctuation">.</span>org<<span class="token operator">/</span>a><span class="token punctuation">.</span><br<span class="token operator">/</span>>
Commercial support is available at
<a href=<span class="token string">"http://nginx.com/"</span>>nginx<span class="token punctuation">.</span>com<<span class="token operator">/</span>a><span class="token punctuation">.</span><<span class="token operator">/</span>p>
<p><em>Thank you <span class="token keyword">for</span> <span class="token keyword">using</span> nginx<span class="token punctuation">.</span><<span class="token operator">/</span>em><<span class="token operator">/</span>p>
<<span class="token operator">/</span>body>
<<span class="token operator">/</span>html>
100 615 100 615 0 0 429k 0 <span class="token operator">--</span>:<span class="token operator">--</span>:<span class="token operator">--</span> <span class="token operator">--</span>:<span class="token operator">--</span>:<span class="token operator">--</span> <span class="token operator">--</span>:<span class="token operator">--</span>:<span class="token operator">--</span> 600k
</code></pre>
<pre><code class="prism language-powershell">说明:
为exec进程设定一个id,可以随意输入,只要保证唯一即可,也可使用<span class="token variable">$RANDOM</span>变量。
</code></pre>
<h2>4.7 直接运行一个动态容器</h2>
<pre><code class="prism language-powershell"><span class="token comment"># ctr run -d --net-host docker.io/library/nginx:alpine nginx2</span>
<span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>sh: <span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>d<span class="token operator">/</span> is not empty<span class="token punctuation">,</span> will attempt to perform configuration
<span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>sh: Looking <span class="token keyword">for</span> shell scripts in <span class="token operator">/</span>docker<span class="token operator">-</span>entrypoint<span class="token punctuation">.</span>d<span class="token operator">/</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
<span class="token operator">*</span> <span class="token operator">-</span>d 代表dameon,后台运行
<span class="token operator">*</span> <span class="token operator">--</span>net<span class="token operator">-</span>host 代表容器的IP就是宿主机的IP<span class="token punctuation">(</span>相当于docker里的host类型网络<span class="token punctuation">)</span>
</code></pre>
<pre><code class="prism language-powershell">查看已运行容器
<span class="token comment"># ctr container ls</span>
CONTAINER IMAGE RUNTIME
nginx2 docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:alpine io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<pre><code class="prism language-powershell">查看已运行容器中运行的进程<span class="token punctuation">,</span>既tasks
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 RUNNING
</code></pre>
<pre><code class="prism language-powershell">进入容器
<span class="token comment"># ctr task exec --exec-id 1 -t nginx2 /bin/sh</span>
</code></pre>
<pre><code class="prism language-powershell"><span class="token operator">/</span> <span class="token comment"># ifconfig </span>
ens33 Link encap:Ethernet HWaddr 00:0C:29:B1:B6:1D
inet addr:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 Bcast:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>255 Mask:255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>0
inet6 addr: fe80::2b33:40ed:9311:8812<span class="token operator">/</span>64 Scope:Link
inet6 addr: fe80::adf4:a8bc:a1c:a9f7<span class="token operator">/</span>64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55360 errors:0 dropped:0 overruns:0 frame:0
TX packets:30526 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:53511295 <span class="token punctuation">(</span>51<span class="token punctuation">.</span>0 MiB<span class="token punctuation">)</span> TX bytes:2735050 <span class="token punctuation">(</span>2<span class="token punctuation">.</span>6 MiB<span class="token punctuation">)</span>
lo Link encap:Local Loopback
inet addr:127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1 Mask:255<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0
inet6 addr: ::1<span class="token operator">/</span>128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:68 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5916 <span class="token punctuation">(</span>5<span class="token punctuation">.</span>7 KiB<span class="token punctuation">)</span> TX bytes:5916 <span class="token punctuation">(</span>5<span class="token punctuation">.</span>7 KiB<span class="token punctuation">)</span>
virbr0 Link encap:Ethernet HWaddr 52:54:00:E9:51:82
inet addr:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>1 Bcast:192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>255 Mask:255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255<span class="token punctuation">.</span>0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 <span class="token punctuation">(</span>0<span class="token punctuation">.</span>0 B<span class="token punctuation">)</span> TX bytes:0 <span class="token punctuation">(</span>0<span class="token punctuation">.</span>0 B<span class="token punctuation">)</span>
</code></pre>
<pre><code class="prism language-powershell">为容器中运行的网站添加网站文件
<span class="token operator">/</span> <span class="token comment"># echo "nginx2" > /usr/share/nginx/html/index.html</span>
<span class="token operator">/</span> <span class="token comment"># exit</span>
</code></pre>
<pre><code class="prism language-powershell">在宿主机上访问网站
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># curl 192.168.10.164</span>
nginx2
</code></pre>
<h2>4.8 暂停容器</h2>
<pre><code class="prism language-powershell">查看容器状态
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 RUNNING
</code></pre>
<pre><code class="prism language-powershell">暂停容器
<span class="token comment"># ctr tasks pause nginx2</span>
</code></pre>
<pre><code class="prism language-powershell">再次查看容器状态,看到其状态为PAUSED,表示停止。
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 PAUSED
</code></pre>
<pre><code class="prism language-powershell"><span class="token namespace">[root@localhost ~]</span><span class="token comment"># curl http://192.168.10.164</span>
在宿主机访问,发现不可以访问到网站
</code></pre>
<h2>4.9 恢复容器</h2>
<pre><code class="prism language-powershell">使用resume命令恢复容器
<span class="token comment"># ctr tasks resume nginx2</span>
</code></pre>
<pre><code class="prism language-powershell">查看恢复后状态
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx2 4061 RUNNING
</code></pre>
<pre><code class="prism language-powershell">在宿主机上访问容器中提供的服务
<span class="token comment"># curl http://192.168.10.164</span>
nginx2
</code></pre>
<h2>4.10 停止容器</h2>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks --help</span>
NAME:
ctr tasks <span class="token operator">-</span> manage tasks
USAGE:
ctr tasks command <span class="token namespace">[command options]</span> <span class="token namespace">[arguments...]</span>
COMMANDS:
attach attach to the IO of a running container
checkpoint checkpoint a container
delete<span class="token punctuation">,</span> <span class="token function">del</span><span class="token punctuation">,</span> remove<span class="token punctuation">,</span> <span class="token function">rm</span> delete one or more tasks
exec execute additional processes in an existing container
list<span class="token punctuation">,</span> <span class="token function">ls</span> list tasks
<span class="token function">kill</span> signal a container <span class="token punctuation">(</span>default: SIGTERM<span class="token punctuation">)</span>
pause pause an existing container
<span class="token function">ps</span> list processes <span class="token keyword">for</span> container
resume resume a paused container
<span class="token function">start</span> <span class="token function">start</span> a container that has been created
metrics<span class="token punctuation">,</span> metric get a single <span class="token keyword">data</span> point of metrics <span class="token keyword">for</span> a task with the built<span class="token operator">-in</span> Linux runtime
OPTIONS:
<span class="token operator">--</span>help<span class="token punctuation">,</span> <span class="token operator">-</span>h show help
</code></pre>
<pre><code class="prism language-powershell">使用<span class="token function">kill</span>命令停止容器中运行的进程,既为停止容器
<span class="token comment"># ctr tasks kill nginx2</span>
</code></pre>
<pre><code class="prism language-powershell">查看容器停止后状态,STATUS为STOPPED
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
nginx1 3395 RUNNING
nginx2 4061 STOPPED
</code></pre>
<h2>4.11 删除容器</h2>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks delete nginx2</span>
必须先停止tasks或先删除task,再删除容器
</code></pre>
<pre><code class="prism language-powershell">查看静态容器,确认其还存在于系统中
<span class="token comment"># ctr container ls</span>
CONTAINER IMAGE RUNTIME
nginx2 docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:alpine io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<pre><code class="prism language-powershell">删除容器
<span class="token comment"># ctr container delete nginx2</span>
</code></pre>
<h1>五、Containerd使用私有容器镜像仓库 Harbor</h1>
<h2>5.1 Harbor准备</h2>
<p><a href="http://img.e-com-net.com/image/info8/ab8ff6d6406447f48616f53bc920a257.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/ab8ff6d6406447f48616f53bc920a257.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第14张图片" width="650" height="264" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/b6cc2cabde8d4ff58dd0ed11b7d02541.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/b6cc2cabde8d4ff58dd0ed11b7d02541.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第15张图片" width="650" height="278" style="border:1px solid black;"></a></p>
<h2>5.2 配置Containerd使用Harbor仓库</h2>
<h3>5.2.1 Harbor主机名解析</h3>
<blockquote>
<p>在所有安装containerd宿主机上添加此配置信息。</p>
</blockquote>
<pre><code class="prism language-powershell"><span class="token comment"># vim /etc/hosts</span>
<span class="token comment"># cat /etc/hosts</span>
127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1 localhost localhost<span class="token punctuation">.</span>localdomain localhost4 localhost4<span class="token punctuation">.</span>localdomain4
::1 localhost localhost<span class="token punctuation">.</span>localdomain localhost6 localhost6<span class="token punctuation">.</span>localdomain6
192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165 harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com
</code></pre>
<pre><code class="prism language-powershell">说明
<span class="token operator">*</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165是harbor的IP
<span class="token operator">*</span> harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com建议用FQDN形式,如果用类似harbor这种短名,后面下载镜像会出问题
</code></pre>
<h3>5.2.2 修改Containerd配置文件</h3>
<pre><code class="prism language-powershell">此配置文件已提前替换过,仅修改本地容器镜像仓库地址即可。
<span class="token comment"># vim /etc/containerd/config.toml</span>
<span class="token comment"># cat /etc/containerd/config.toml</span>
root = <span class="token string">"/var/lib/containerd"</span>
state = <span class="token string">"/run/containerd"</span>
oom_score = <span class="token operator">-</span>999
<span class="token namespace">[grpc]</span>
address = <span class="token string">"/run/containerd/containerd.sock"</span>
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
<span class="token namespace">[debug]</span>
address = <span class="token string">""</span>
uid = 0
gid = 0
level = <span class="token string">""</span>
<span class="token namespace">[metrics]</span>
address = <span class="token string">""</span>
grpc_histogram = false
<span class="token namespace">[cgroup]</span>
path = <span class="token string">""</span>
<span class="token namespace">[plugins]</span>
<span class="token namespace">[plugins.cgroups]</span>
no_prometheus = false
<span class="token namespace">[plugins.cri]</span>
stream_server_address = <span class="token string">"127.0.0.1"</span>
stream_server_port = <span class="token string">"0"</span>
enable_selinux = false
sandbox_image = <span class="token string">"easzlab/pause-amd64:3.2"</span>
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
<span class="token namespace">[plugins.cri.containerd]</span>
snapshotter = <span class="token string">"overlayfs"</span>
no_pivot = false
<span class="token namespace">[plugins.cri.containerd.default_runtime]</span>
runtime_type = <span class="token string">"io.containerd.runtime.v1.linux"</span>
runtime_engine = <span class="token string">""</span>
runtime_root = <span class="token string">""</span>
<span class="token namespace">[plugins.cri.containerd.untrusted_workload_runtime]</span>
runtime_type = <span class="token string">""</span>
runtime_engine = <span class="token string">""</span>
runtime_root = <span class="token string">""</span>
<span class="token namespace">[plugins.cri.cni]</span>
bin_dir = <span class="token string">"/opt/kube/bin"</span>
conf_dir = <span class="token string">"/etc/cni/net.d"</span>
conf_template = <span class="token string">"/etc/cni/net.d/10-default.conf"</span>
<span class="token namespace">[plugins.cri.registry]</span>
<span class="token namespace">[plugins.cri.registry.mirrors]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"docker.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://docker.mirrors.ustc.edu.cn"</span><span class="token punctuation">,</span>
<span class="token string">"http://hub-mirror.c.163.com"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"gcr.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://gcr.mirrors.ustc.edu.cn"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"k8s.gcr.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://gcr.mirrors.ustc.edu.cn/google-containers/"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"quay.io"</span><span class="token punctuation">]</span>
endpoint = <span class="token punctuation">[</span>
<span class="token string">"https://quay.mirrors.ustc.edu.cn"</span>
<span class="token punctuation">]</span>
<span class="token punctuation">[</span>plugins<span class="token punctuation">.</span>cri<span class="token punctuation">.</span>registry<span class="token punctuation">.</span>mirrors<span class="token punctuation">.</span><span class="token string">"harbor.kubemsb.com"</span><span class="token punctuation">]</span> 在此处添加<span class="token punctuation">,</span>在镜像加速器下面添加这一段
endpoint = <span class="token punctuation">[</span>
<span class="token string">"http://harbor.kubemsb.com"</span>
<span class="token punctuation">]</span>
<span class="token namespace">[plugins.cri.x509_key_pair_streaming]</span>
tls_cert_file = <span class="token string">""</span>
tls_key_file = <span class="token string">""</span>
<span class="token namespace">[plugins.diff-service]</span>
default = <span class="token punctuation">[</span><span class="token string">"walking"</span><span class="token punctuation">]</span>
<span class="token namespace">[plugins.linux]</span>
shim = <span class="token string">"containerd-shim"</span>
runtime = <span class="token string">"runc"</span>
runtime_root = <span class="token string">""</span>
no_shim = false
shim_debug = false
<span class="token namespace">[plugins.opt]</span>
path = <span class="token string">"/opt/containerd"</span>
<span class="token namespace">[plugins.restart]</span>
interval = <span class="token string">"10s"</span>
<span class="token namespace">[plugins.scheduler]</span>
pause_threshold = 0<span class="token punctuation">.</span>02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = <span class="token string">"0s"</span>
startup_delay = <span class="token string">"100ms"</span>
</code></pre>
<pre><code class="prism language-powershell">重启containerd,以便于重新加载配置文件。
<span class="token comment"># systemctl restart containerd</span>
</code></pre>
<h3>5.2.3 ctr下载镜像</h3>
<pre><code class="prism language-powershell">下载容器镜像
<span class="token comment"># ctr images pull --platform linux/amd64 docker.io/library/nginx:latest</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
<span class="token operator">*</span> <span class="token operator">--</span>platform linux<span class="token operator">/</span>amd64 指定系统平台,也可以使用<span class="token operator">--</span>all<span class="token operator">-</span>platforms指定所有平台镜像。
</code></pre>
<pre><code class="prism language-powershell">输出:
docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest: resolved <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
index<span class="token operator">-</span>sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
manifest<span class="token operator">-</span>sha256:bb129a712c2431ecce4af8dde831e980373b26368233ef0f3b2bae9e9ec515ee: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:b559bad762bec166fd028483dd2a03f086d363ee827d8c98b7268112c508665a: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
config<span class="token operator">-</span>sha256:c316d5a335a5cf324b0dc83b3da82d7608724769f6454f6d9a621f3ec2534a5a: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:5eb5b503b37671af16371272f9c5313a3e82f1d0756e14506704489ad9900803: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:1ae07ab881bd848493ad54c2ba32017f94d1d8dbfd0ba41b618f17e80f834a0f: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:78091884b7bea0fa918527207924e9993bcc21bf7f1c9687da40042ceca31ac9: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:091c283c6a66ad0edd2ab84cb10edacc00a1a7bc5277f5365c0d5c5457a75aff: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
layer<span class="token operator">-</span>sha256:55de5851019b8f65ed6e28120c6300e35e556689d021e4b3411c7f4e90a9704b: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
elapsed: 20<span class="token punctuation">.</span>0s total: 53<span class="token punctuation">.</span>2 M <span class="token punctuation">(</span>2<span class="token punctuation">.</span>7 MiB<span class="token operator">/</span>s<span class="token punctuation">)</span>
unpacking linux<span class="token operator">/</span>amd64 sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
done: 3<span class="token punctuation">.</span>028652226s
</code></pre>
<pre><code class="prism language-powershell">查看已下载容器镜像
<span class="token comment"># ctr images ls</span>
REF <span class="token function">TYPE</span> DIGEST SIZE PLATFORMS LABELS
docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest application<span class="token operator">/</span>vnd<span class="token punctuation">.</span>docker<span class="token punctuation">.</span>distribution<span class="token punctuation">.</span>manifest<span class="token punctuation">.</span>list<span class="token punctuation">.</span>v2<span class="token operator">+</span>json sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767 54<span class="token punctuation">.</span>1 MiB linux<span class="token operator">/</span>386<span class="token punctuation">,</span>linux<span class="token operator">/</span>amd64<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v5<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v7<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm64<span class="token operator">/</span>v8<span class="token punctuation">,</span>linux<span class="token operator">/</span>mips64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>ppc64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>s390x <span class="token operator">-</span>
</code></pre>
<h3>5.2.4 ctr上传镜像</h3>
<blockquote>
<p>上传到Harbor library公有项目</p>
</blockquote>
<pre><code class="prism language-powershell">重新生成新的tag
<span class="token comment"># ctr images tag docker.io/library/nginx:latest harbor.kubemsb.com/library/nginx:latest</span>
harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest
</code></pre>
<pre><code class="prism language-powershell">查看已生成容器镜像
<span class="token comment"># ctr images ls</span>
REF <span class="token function">TYPE</span> DIGEST SIZE PLATFORMS LABELS
docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest application<span class="token operator">/</span>vnd<span class="token punctuation">.</span>docker<span class="token punctuation">.</span>distribution<span class="token punctuation">.</span>manifest<span class="token punctuation">.</span>list<span class="token punctuation">.</span>v2<span class="token operator">+</span>json sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767 54<span class="token punctuation">.</span>1 MiB linux<span class="token operator">/</span>386<span class="token punctuation">,</span>linux<span class="token operator">/</span>amd64<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v5<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v7<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm64<span class="token operator">/</span>v8<span class="token punctuation">,</span>linux<span class="token operator">/</span>mips64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>ppc64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>s390x <span class="token operator">-</span>
harbor<span class="token punctuation">.</span>kubemsb<span class="token punctuation">.</span>com<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest application<span class="token operator">/</span>vnd<span class="token punctuation">.</span>docker<span class="token punctuation">.</span>distribution<span class="token punctuation">.</span>manifest<span class="token punctuation">.</span>list<span class="token punctuation">.</span>v2<span class="token operator">+</span>json sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767 54<span class="token punctuation">.</span>1 MiB linux<span class="token operator">/</span>386<span class="token punctuation">,</span>linux<span class="token operator">/</span>amd64<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v5<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm<span class="token operator">/</span>v7<span class="token punctuation">,</span>linux<span class="token operator">/</span>arm64<span class="token operator">/</span>v8<span class="token punctuation">,</span>linux<span class="token operator">/</span>mips64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>ppc64le<span class="token punctuation">,</span>linux<span class="token operator">/</span>s390x <span class="token operator">-</span>
</code></pre>
<pre><code class="prism language-powershell">推送容器镜像至Harbor
<span class="token comment"># ctr images push --platform linux/amd64 --plain-http -u admin:Harbor12345 harbor.kubemsb.com/library/nginx:latest</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
<span class="token operator">*</span> 先tag再push
<span class="token operator">*</span> 因为我们harbor是http协议,不是https协议,所以需要加上`<span class="token operator">--</span>plain<span class="token operator">-</span>http`
<span class="token operator">*</span> `<span class="token operator">--</span>user admin:Harbor12345`指定harbor的用户名与密码
</code></pre>
<pre><code class="prism language-powershell">输出:
manifest<span class="token operator">-</span>sha256:0fd68ec4b64b8dbb2bef1f1a5de9d47b658afd3635dc9c45bf0cbeac46e72101: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
config<span class="token operator">-</span>sha256:dd025cdfe837e1c6395365870a491cf16bae668218edb07d85c626928a60e478: done <span class="token punctuation">|</span><span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span>+<span class="token operator">++</span><span class="token punctuation">|</span>
elapsed: 0<span class="token punctuation">.</span>5 s total: 9<span class="token punctuation">.</span>3 Ki <span class="token punctuation">(</span>18<span class="token punctuation">.</span>1 KiB<span class="token operator">/</span>s<span class="token punctuation">)</span>
</code></pre>
<p><a href="http://img.e-com-net.com/image/info8/500aafc831164b20827f977f999ebf5e.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/500aafc831164b20827f977f999ebf5e.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第16张图片" width="650" height="232" style="border:1px solid black;"></a></p>
<pre><code class="prism language-powershell">下载已上传容器镜像
<span class="token comment"># ctr images pull --plain-http harbor.kubemsb.com/library/nginx:latest</span>
</code></pre>
<h1>六、Containerd NameSpace管理</h1>
<blockquote>
<p>containerd中namespace的作用为:隔离运行的容器,可以实现运行多个容器。</p>
</blockquote>
<pre><code class="prism language-powershell">查看命令帮助
<span class="token comment"># ctr namespace --help</span>
NAME:
ctr namespaces <span class="token operator">-</span> manage namespaces
USAGE:
ctr namespaces command <span class="token namespace">[command options]</span> <span class="token namespace">[arguments...]</span>
COMMANDS:
create<span class="token punctuation">,</span> c create a new namespace
list<span class="token punctuation">,</span> <span class="token function">ls</span> list namespaces
remove<span class="token punctuation">,</span> <span class="token function">rm</span> remove one or more namespaces
label <span class="token function">set</span> and clear labels <span class="token keyword">for</span> a namespace
OPTIONS:
<span class="token operator">--</span>help<span class="token punctuation">,</span> <span class="token operator">-</span>h show help
</code></pre>
<pre><code class="prism language-powershell">列出已有namespace
<span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
</code></pre>
<pre><code class="prism language-powershell">创建namespace
<span class="token comment"># ctr namespace create kubemsb</span>
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
kubemsb 此命名空间为新添加的
</code></pre>
<pre><code class="prism language-powershell">删除namespace
<span class="token comment"># ctr namespace rm kubemsb</span>
kubemsb
再次查看是否删除
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
</code></pre>
<pre><code class="prism language-powershell">查看指定namespace中是否有用户进程在运行
<span class="token comment"># ctr -n kubemsb tasks ls</span>
TASK PID STATUS
</code></pre>
<pre><code class="prism language-powershell">在指定namespace中下载容器镜像
<span class="token comment"># ctr -n kubemsb images pull docker.io/library/nginx:latest</span>
</code></pre>
<pre><code class="prism language-powershell">在指定namespace中创建静态容器
<span class="token comment"># ctr -n kubemsb container create docker.io/library/nginx:latest nginxapp</span>
</code></pre>
<pre><code class="prism language-powershell">查看在指定namespace中创建的容器
<span class="token comment"># ctr -n kubemsb container ls</span>
CONTAINER IMAGE RUNTIME
nginxapp docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>nginx:latest io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<h1>七、Containerd Network管理</h1>
<blockquote>
<p>默认Containerd管理的容器仅有lo网络,无法访问容器之外的网络,可以为其添加网络插件,使用容器可以连接外网。CNI(Container Network Interface)</p>
</blockquote>
<h2>7.1 创建CNI网络</h2>
<table>
<thead>
<tr>
<th><em>containernetworking</em>/<em>cni</em></th>
<th> CNI v1.0.1</th>
</tr>
</thead>
<tbody>
<tr>
<td><em>containernetworking</em>/<em>plugins</em></td>
<td> CNI Plugins v1.0.1</td>
</tr>
</tbody>
</table>
<h3>7.1.1 获取CNI工具源码</h3>
<p><a href="http://img.e-com-net.com/image/info8/bf1f327731bb4d02ad612d8173dfd9b9.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/bf1f327731bb4d02ad612d8173dfd9b9.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第17张图片" width="650" height="391" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/1f471651e6024cbfa03f40095daa2030.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/1f471651e6024cbfa03f40095daa2030.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第18张图片" width="650" height="322" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/1d68fe7cd7d147a2a699db704b068d0b.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/1d68fe7cd7d147a2a699db704b068d0b.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第19张图片" width="650" height="381" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/1bc10f90722443c98b7cb61b08c968d2.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/1bc10f90722443c98b7cb61b08c968d2.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第20张图片" width="650" height="389" style="border:1px solid black;"></a></p>
<pre><code class="prism language-powershell">使用wget下载cni工具源码包
<span class="token comment"># wget https://github.com/containernetworking/cni/archive/refs/tags/v1.0.1.tar.gz</span>
</code></pre>
<pre><code class="prism language-powershell">查看已下载cni工具源码包
<span class="token comment"># ls</span>
v1<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token punctuation">.</span>tar<span class="token punctuation">.</span>gz
解压已下载cni工具源码包
<span class="token comment"># tar xf v1.0.1.tar.gz</span>
查看解压后已下载cni工具源码包
<span class="token comment"># ls</span>
cni<span class="token operator">-</span>1<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1
重命名已下载cni工具源码包目录
<span class="token comment"># mv cni-1.0.1 cni</span>
查看重新命名后目录
<span class="token comment"># ls</span>
cni
查看cni工具目录中包含的文件
<span class="token comment"># ls cni</span>
cnitool CONTRIBUTING<span class="token punctuation">.</span>md DCO go<span class="token punctuation">.</span>mod GOVERNANCE<span class="token punctuation">.</span>md LICENSE MAINTAINERS plugins RELEASING<span class="token punctuation">.</span>md scripts test<span class="token punctuation">.</span>sh
CODE<span class="token operator">-</span>OF<span class="token operator">-</span>CONDUCT<span class="token punctuation">.</span>md CONVENTIONS<span class="token punctuation">.</span>md Documentation go<span class="token punctuation">.</span>sum libcni logo<span class="token punctuation">.</span>png pkg README<span class="token punctuation">.</span>md ROADMAP<span class="token punctuation">.</span>md SPEC<span class="token punctuation">.</span>md
</code></pre>
<h3>7.1.2 获取CNI Plugins(CNI插件)</h3>
<p><a href="http://img.e-com-net.com/image/info8/e74f4e97982d4222876fbf67b93c2795.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/e74f4e97982d4222876fbf67b93c2795.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第21张图片" width="650" height="396" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/5c6814ba83c94727902e8a7a3aa23a22.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/5c6814ba83c94727902e8a7a3aa23a22.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第22张图片" width="650" height="277" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/3ec44f8efc7a4d279e1f65188653ce77.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/3ec44f8efc7a4d279e1f65188653ce77.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第23张图片" width="650" height="339" style="border:1px solid black;"></a><br> <a href="http://img.e-com-net.com/image/info8/21a862cc898c4e6ba120a4c11691b07c.jpg" target="_blank"><img src="http://img.e-com-net.com/image/info8/21a862cc898c4e6ba120a4c11691b07c.jpg" alt="【云原生】第十三篇--容器管理工具 Containerd_第24张图片" width="650" height="218" style="border:1px solid black;"></a></p>
<pre><code class="prism language-powershell">使用wget下载cni插件工具源码包
<span class="token comment"># wget https://github.com/containernetworking/plugins/releases/download/v1.0.1/cni-plugins-linux-amd64-v1.0.1.tgz</span>
</code></pre>
<pre><code class="prism language-powershell">查看已下载cni插件工具源码包
<span class="token comment"># ls</span>
cni<span class="token operator">-</span>plugins<span class="token operator">-</span>linux<span class="token operator">-</span>amd64<span class="token operator">-</span>v1<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token punctuation">.</span>tgz
cni
创建cni插件工具解压目录
<span class="token comment"># mkdir /home/cni-plugins</span>
解压cni插件工具至上述创建的目录中
<span class="token comment"># tar xf cni-plugins-linux-amd64-v1.0.1.tgz -C /home/cni-plugins</span>
查看解压后目录
<span class="token comment"># ls cni-plugins</span>
bandwidth bridge dhcp firewall host<span class="token operator">-</span>device host<span class="token operator">-</span>local ipvlan loopback macvlan portmap ptp sbr static tuning vlan vrf
</code></pre>
<h3>7.1.3 准备CNI网络配置文件</h3>
<blockquote>
<p>准备容器网络配置文件,用于为容器提供网关、IP地址等。</p>
</blockquote>
<pre><code class="prism language-powershell">创建名为mynet的网络,其中包含名为cni0的网桥
<span class="token comment"># vim /etc/cni/net.d/10-mynet.conf</span>
<span class="token comment"># cat /etc/cni/net.d/10-mynet.conf</span>
<span class="token punctuation">{</span>
<span class="token string">"cniVersion"</span>: <span class="token string">"1.0.0"</span><span class="token punctuation">,</span>
<span class="token string">"name"</span>: <span class="token string">"mynet"</span><span class="token punctuation">,</span>
<span class="token string">"type"</span>: <span class="token string">"bridge"</span><span class="token punctuation">,</span>
<span class="token string">"bridge"</span>: <span class="token string">"cni0"</span><span class="token punctuation">,</span>
<span class="token string">"isGateway"</span>: true<span class="token punctuation">,</span>
<span class="token string">"ipMasq"</span>: true<span class="token punctuation">,</span>
<span class="token string">"ipam"</span>: <span class="token punctuation">{</span>
<span class="token string">"type"</span>: <span class="token string">"host-local"</span><span class="token punctuation">,</span>
<span class="token string">"subnet"</span>: <span class="token string">"10.66.0.0/16"</span><span class="token punctuation">,</span>
<span class="token string">"routes"</span>: <span class="token punctuation">[</span>
<span class="token punctuation">{</span> <span class="token string">"dst"</span>: <span class="token string">"0.0.0.0/0"</span> <span class="token punctuation">}</span>
<span class="token punctuation">]</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre>
<pre><code class="prism language-powershell"><span class="token comment"># vim /etc/cni/net.d/99-loopback.conf</span>
<span class="token comment"># cat /etc/cni/net.d/99-loopback.conf</span>
<span class="token punctuation">{</span>
<span class="token string">"cniVerion"</span>: <span class="token string">"1.0.0"</span><span class="token punctuation">,</span>
<span class="token string">"name"</span>: <span class="token string">"lo"</span><span class="token punctuation">,</span>
<span class="token string">"type"</span>: <span class="token string">"loopback"</span>
<span class="token punctuation">}</span>
</code></pre>
<h3>7.1.4 生成CNI网络</h3>
<pre><code class="prism language-powershell">获取epel源
<span class="token comment"># wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo</span>
安装jq
<span class="token comment"># yum -y install jq</span>
</code></pre>
<pre><code class="prism language-powershell">进入cni工具目录
<span class="token comment"># cd cni</span>
<span class="token namespace">[root@localhost cni]</span><span class="token comment"># ls</span>
cnitool CONTRIBUTING<span class="token punctuation">.</span>md DCO go<span class="token punctuation">.</span>mod GOVERNANCE<span class="token punctuation">.</span>md LICENSE MAINTAINERS plugins RELEASING<span class="token punctuation">.</span>md scripts test<span class="token punctuation">.</span>sh
CODE<span class="token operator">-</span>OF<span class="token operator">-</span>CONDUCT<span class="token punctuation">.</span>md CONVENTIONS<span class="token punctuation">.</span>md Documentation go<span class="token punctuation">.</span>sum libcni logo<span class="token punctuation">.</span>png pkg README<span class="token punctuation">.</span>md ROADMAP<span class="token punctuation">.</span>md SPEC<span class="token punctuation">.</span>md
必须在scripts目录中执行,需要依赖exec<span class="token operator">-</span>plugins<span class="token punctuation">.</span>sh文件,再次进入scripts目录
<span class="token namespace">[root@localhost cni]</span><span class="token comment"># cd scripts/ </span>
查看执行脚本文件
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># ls</span>
docker<span class="token operator">-</span>run<span class="token punctuation">.</span>sh exec<span class="token operator">-</span>plugins<span class="token punctuation">.</span>sh priv<span class="token operator">-</span>net<span class="token operator">-</span>run<span class="token punctuation">.</span>sh release<span class="token punctuation">.</span>sh
执行脚本文件,基于<span class="token operator">/</span>etc<span class="token operator">/</span>cni<span class="token operator">/</span>net<span class="token punctuation">.</span>d<span class="token operator">/</span>目录中的<span class="token operator">*</span><span class="token punctuation">.</span>conf配置文件生成容器网络
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># CNI_PATH=/home/cni-plugins ./priv-net-run.sh echo "Hello World"</span>
Hello World
</code></pre>
<pre><code class="prism language-powershell">在宿主机上查看是否生成容器网络名为cni0的网桥
<span class="token comment"># ip a s</span>
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
5: cni0: <NO<span class="token operator">-</span>CARRIER<span class="token punctuation">,</span>BROADCAST<span class="token punctuation">,</span>MULTICAST<span class="token punctuation">,</span>UP> mtu 1500 qdisc noqueue state DOWN <span class="token function">group</span> default qlen 1000
link<span class="token operator">/</span>ether 36:af:7a:4a:d6:12 brd ff:ff:ff:ff:ff:ff
inet 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token operator">/</span>16 brd 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255 scope global cni0
valid_lft forever preferred_lft forever
inet6 fe80::34af:7aff:fe4a:d612<span class="token operator">/</span>64 scope link
valid_lft forever preferred_lft forever
</code></pre>
<pre><code class="prism language-powershell">在宿主机上查看其路由表情况
<span class="token comment"># ip route</span>
default via 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2 dev ens33 proto dhcp metric 100
10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token operator">/</span>16 dev cni0 proto kernel scope link src 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1
192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>0<span class="token operator">/</span>24 dev ens33 proto kernel scope link src 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 metric 100
192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>0<span class="token operator">/</span>24 dev virbr0 proto kernel scope link src 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>122<span class="token punctuation">.</span>1
</code></pre>
<h2>7.2 为Containerd容器配置网络功能</h2>
<h3>7.2.1 创建一个容器</h3>
<pre><code class="prism language-powershell"><span class="token comment"># ctr images ls</span>
REF <span class="token function">TYPE</span> DIGEST SIZE PLATFORMS LABELS
<span class="token comment"># ctr images pull docker.io/library/busybox:latest</span>
<span class="token comment"># ctr run -d docker.io/library/busybox:latest busybox</span>
<span class="token comment"># ctr container ls</span>
CONTAINER IMAGE RUNTIME
busybox docker<span class="token punctuation">.</span>io<span class="token operator">/</span>library<span class="token operator">/</span>busybox:latest io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
<span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
busybox 8377 RUNNING
</code></pre>
<h3>7.2.2 进入容器查看其网络情况</h3>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox sh</span>
<span class="token operator">/</span> <span class="token comment"># ip a s</span>
1: lo: <LOOPBACK<span class="token punctuation">,</span>UP<span class="token punctuation">,</span>LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link<span class="token operator">/</span>loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token operator">/</span>8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1<span class="token operator">/</span>128 scope host
valid_lft forever preferred_lft forever
</code></pre>
<h3>7.2.3 获取容器进程ID及其网络命名空间</h3>
<pre><code class="prism language-powershell">在宿主机中完成指定容器进程ID获取
<span class="token comment"># pid=$(ctr tasks ls | grep busybox | awk '{print $2}')</span>
<span class="token comment"># echo $pid</span>
8377
</code></pre>
<pre><code class="prism language-powershell">在宿主机中完成指定容器网络命名空间路径获取
<span class="token comment"># netnspath=/proc/$pid/ns/net</span>
<span class="token comment"># echo $netnspath</span>
<span class="token operator">/</span>proc<span class="token operator">/</span>8377<span class="token operator">/</span>ns<span class="token operator">/</span>net
</code></pre>
<h3>7.2.4 为指定容器添加网络配置</h3>
<pre><code class="prism language-powershell">确认执行脚本文件时所在的目录
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># pwd</span>
<span class="token operator">/</span>home<span class="token operator">/</span>cni<span class="token operator">/</span>scripts
</code></pre>
<pre><code class="prism language-powershell">执行脚本文件为容器添加网络配置
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># CNI_PATH=/home/cni-plugins ./exec-plugins.sh add $pid $netnspath</span>
</code></pre>
<pre><code class="prism language-powershell">进入容器确认是否添加网卡信息
<span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox sh</span>
<span class="token operator">/</span> <span class="token comment"># ip a s</span>
1: lo: <LOOPBACK<span class="token punctuation">,</span>UP<span class="token punctuation">,</span>LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link<span class="token operator">/</span>loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127<span class="token punctuation">.</span>0<span class="token punctuation">.</span>0<span class="token punctuation">.</span>1<span class="token operator">/</span>8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1<span class="token operator">/</span>128 scope host
valid_lft forever preferred_lft forever
2: eth0@if7: <BROADCAST<span class="token punctuation">,</span>MULTICAST<span class="token punctuation">,</span>UP<span class="token punctuation">,</span>LOWER_UP<span class="token punctuation">,</span>M<span class="token operator">-</span>DOWN> mtu 1500 qdisc noqueue
link<span class="token operator">/</span>ether a2:35:b7:e0:60:0a brd ff:ff:ff:ff:ff:ff
inet 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>0<span class="token punctuation">.</span>3<span class="token operator">/</span>16 brd 10<span class="token punctuation">.</span>66<span class="token punctuation">.</span>255<span class="token punctuation">.</span>255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::a035:b7ff:fee0:600a<span class="token operator">/</span>64 scope link
valid_lft forever preferred_lft forever
在容器中ping容器宿主机IP地址
<span class="token operator">/</span> <span class="token comment"># ping -c 2 192.168.10.164</span>
PING 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 <span class="token punctuation">(</span>192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164<span class="token punctuation">)</span>: 56 <span class="token keyword">data</span> bytes
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164: seq=0 ttl=64 time=0<span class="token punctuation">.</span>132 ms
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164: seq=1 ttl=64 time=0<span class="token punctuation">.</span>044 ms
<span class="token operator">--</span><span class="token operator">-</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>164 ping statistics <span class="token operator">--</span><span class="token operator">-</span>
2 packets transmitted<span class="token punctuation">,</span> 2 packets received<span class="token punctuation">,</span> 0<span class="token operator">%</span> packet loss
round<span class="token operator">-</span>trip min<span class="token operator">/</span>avg<span class="token operator">/</span>max = 0<span class="token punctuation">.</span>044<span class="token operator">/</span>0<span class="token punctuation">.</span>088<span class="token operator">/</span>0<span class="token punctuation">.</span>132 ms
在容器中ping宿主机所在网络的网关IP地址
<span class="token operator">/</span> <span class="token comment"># ping -c 2 192.168.10.2</span>
PING 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2 <span class="token punctuation">(</span>192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2<span class="token punctuation">)</span>: 56 <span class="token keyword">data</span> bytes
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2: seq=0 ttl=127 time=0<span class="token punctuation">.</span>338 ms
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2: seq=1 ttl=127 time=0<span class="token punctuation">.</span>280 ms
<span class="token operator">--</span><span class="token operator">-</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>2 ping statistics <span class="token operator">--</span><span class="token operator">-</span>
2 packets transmitted<span class="token punctuation">,</span> 2 packets received<span class="token punctuation">,</span> 0<span class="token operator">%</span> packet loss
round<span class="token operator">-</span>trip min<span class="token operator">/</span>avg<span class="token operator">/</span>max = 0<span class="token punctuation">.</span>280<span class="token operator">/</span>0<span class="token punctuation">.</span>309<span class="token operator">/</span>0<span class="token punctuation">.</span>338 ms
在容器中ping宿主机所在网络中的其它主机IP地址
<span class="token operator">/</span> <span class="token comment"># ping -c 2 192.168.10.165</span>
PING 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165 <span class="token punctuation">(</span>192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165<span class="token punctuation">)</span>: 56 <span class="token keyword">data</span> bytes
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165: seq=0 ttl=63 time=0<span class="token punctuation">.</span>422 ms
64 bytes <span class="token keyword">from</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165: seq=1 ttl=63 time=0<span class="token punctuation">.</span>908 ms
<span class="token operator">--</span><span class="token operator">-</span> 192<span class="token punctuation">.</span>168<span class="token punctuation">.</span>10<span class="token punctuation">.</span>165 ping statistics <span class="token operator">--</span><span class="token operator">-</span>
2 packets transmitted<span class="token punctuation">,</span> 2 packets received<span class="token punctuation">,</span> 0<span class="token operator">%</span> packet loss
round<span class="token operator">-</span>trip min<span class="token operator">/</span>avg<span class="token operator">/</span>max = 0<span class="token punctuation">.</span>422<span class="token operator">/</span>0<span class="token punctuation">.</span>665<span class="token operator">/</span>0<span class="token punctuation">.</span>908 ms
</code></pre>
<pre><code class="prism language-powershell">在容器中开启httpd服务
<span class="token operator">/</span> <span class="token comment"># echo "containerd net web test" > /tmp/index.html</span>
<span class="token operator">/</span> <span class="token comment"># httpd -h /tmp</span>
<span class="token operator">/</span> <span class="token comment"># wget -O - -q 127.0.0.1</span>
containerd net web test
<span class="token operator">/</span> <span class="token comment"># exit</span>
</code></pre>
<pre><code class="prism language-powershell">在宿主机访问容器提供的httpd服务
<span class="token namespace">[root@localhost scripts]</span><span class="token comment"># curl http://10.66.0.3</span>
containerd net web test
</code></pre>
<h1>八、Containerd容器数据持久化存储</h1>
<blockquote>
<p>实现把宿主机目录挂载至Containerd容器中,实现容器数据持久化存储</p>
</blockquote>
<pre><code class="prism language-powershell"><span class="token comment"># ctr container create docker.io/library/busybox:latest busybox3 --mount type=bind,src=/tmp,dst=/hostdir,options=rbind:rw</span>
</code></pre>
<pre><code class="prism language-powershell">说明:
创建一个静态容器,实现宿主机目录与容器挂载
src=<span class="token operator">/</span>tmp 为宿主机目录
dst=<span class="token operator">/</span>hostdir 为容器中目录
</code></pre>
<pre><code class="prism language-powershell">运行用户进程
<span class="token comment"># ctr tasks start -d busybox3 bash</span>
</code></pre>
<pre><code class="prism language-powershell">进入容器,查看是否挂载成功
<span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox3 sh</span>
<span class="token operator">/</span> <span class="token comment"># ls /hostdir</span>
VMwareDnD
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>bolt<span class="token punctuation">.</span>service<span class="token operator">-</span>MWV1Ju
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>chronyd<span class="token punctuation">.</span>service<span class="token operator">-</span>6B6j8p
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>colord<span class="token punctuation">.</span>service<span class="token operator">-</span>6fI31A
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>cups<span class="token punctuation">.</span>service<span class="token operator">-</span>tuK4zI
systemd<span class="token operator">-</span>private<span class="token operator">-</span>cf1fe70805214c80867e7eb62dff5be7<span class="token operator">-</span>rtkit<span class="token operator">-</span>daemon<span class="token punctuation">.</span>service<span class="token operator">-</span>vhP67o
tracker<span class="token operator">-</span>extract<span class="token operator">-</span>files<span class="token punctuation">.</span>0
vmware<span class="token operator">-</span>root_703<span class="token operator">-</span>3988031936
vmware<span class="token operator">-</span>root_704<span class="token operator">-</span>2990744159
vmware<span class="token operator">-</span>root_713<span class="token operator">-</span>4290166671
向容器中挂载目录中添加文件
<span class="token operator">/</span> <span class="token comment"># echo "hello world" > /hostdir/test.txt</span>
退出容器
<span class="token operator">/</span> <span class="token comment"># exit</span>
在宿主机上查看被容器挂载的目录中是否添加了新的文件,已添加表明被容器挂载成功,并可以读写此目录中内容。
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># cat /tmp/test.txt</span>
hello world
</code></pre>
<h1>九、与其它Containerd容器共享命名空间</h1>
<blockquote>
<p>当需要与其它Containerd管理的容器共享命名空间时,可使用如下方法。</p>
</blockquote>
<pre><code class="prism language-powershell"><span class="token comment"># ctr tasks ls</span>
TASK PID STATUS
busybox3 13778 RUNNING
busybox 8377 RUNNING
busybox1 12469 RUNNING
</code></pre>
<pre><code class="prism language-powershell"><span class="token comment"># ctr container create --with-ns "pid:/proc/13778/ns/pid" docker.io/library/busybox:latest busybox4</span>
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr tasks start -d busybox4 bash</span>
<span class="token namespace">[root@localhost ~]</span><span class="token comment"># ctr tasks exec --exec-id $RANDOM -t busybox3 sh</span>
<span class="token operator">/</span> <span class="token comment"># ps aux</span>
PID USER TIME COMMAND
1 root 0:00 sh
20 root 0:00 sh
26 root 0:00 sh
32 root 0:00 <span class="token function">ps</span> aux
</code></pre>
<h1>十、Docker集成Containerd实现容器管理</h1>
<p>目前Containerd主要任务还在于解决容器运行时的问题,对于其周边生态还不完善,所以可以借助Docker结合Containerd来实现Docker完整的功能应用。</p>
<pre><code class="prism language-powershell">准备Docker安装YUM源
<span class="token comment"># wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo</span>
</code></pre>
<pre><code class="prism language-powershell">安装Docker<span class="token operator">-</span>ce
<span class="token comment"># yum -y install docker-ce</span>
</code></pre>
<pre><code class="prism language-powershell">修改Docker服务文件,以便使用已安装的containerd。
<span class="token comment"># vim /etc/systemd/system/multi-user.target.wants/docker.service</span>
修改前:
<span class="token namespace">[Service]</span>
<span class="token function">Type</span>=notify
<span class="token comment"># the default is not to use systemd for cgroups because the delegate issues still</span>
<span class="token comment"># exists and systemd currently does not support the cgroup feature set required</span>
<span class="token comment"># for containers run by docker</span>
ExecStart=<span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>dockerd <span class="token operator">-</span>H fd:<span class="token operator">/</span><span class="token operator">/</span> <span class="token operator">--</span>containerd=<span class="token operator">/</span>run<span class="token operator">/</span>containerd<span class="token operator">/</span>containerd<span class="token punctuation">.</span>sock 此处
ExecReload=<span class="token operator">/</span>bin<span class="token operator">/</span><span class="token function">kill</span> <span class="token operator">-</span>s HUP <span class="token variable">$MAINPID</span>
修改后:
<span class="token namespace">[Service]</span>
<span class="token function">Type</span>=notify
<span class="token comment"># the default is not to use systemd for cgroups because the delegate issues still</span>
<span class="token comment"># exists and systemd currently does not support the cgroup feature set required</span>
<span class="token comment"># for containers run by docker</span>
ExecStart=<span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>dockerd <span class="token operator">--</span>containerd <span class="token operator">/</span>run<span class="token operator">/</span>containerd<span class="token operator">/</span>containerd<span class="token punctuation">.</span>sock <span class="token operator">--</span>debug 此处
ExecReload=<span class="token operator">/</span>bin<span class="token operator">/</span><span class="token function">kill</span> <span class="token operator">-</span>s HUP <span class="token variable">$MAINPID</span>
TimeoutSec=0
RestartSec=2
Restart=always
</code></pre>
<pre><code class="prism language-powershell">设置docker daemon启动并设置其开机自启动
<span class="token comment"># systemctl daemon-reload</span>
<span class="token comment"># systemctl enable docker</span>
Created symlink <span class="token keyword">from</span> <span class="token operator">/</span>etc<span class="token operator">/</span>systemd<span class="token operator">/</span>system<span class="token operator">/</span>multi<span class="token operator">-</span>user<span class="token punctuation">.</span>target<span class="token punctuation">.</span>wants<span class="token operator">/</span>docker<span class="token punctuation">.</span>service to <span class="token operator">/</span>usr<span class="token operator">/</span>lib<span class="token operator">/</span>systemd<span class="token operator">/</span>system<span class="token operator">/</span>docker<span class="token punctuation">.</span>service<span class="token punctuation">.</span>
<span class="token comment"># systemctl start docker</span>
</code></pre>
<pre><code class="prism language-powershell">查看其启动后进程
<span class="token comment"># ps aux | grep docker</span>
root 16270 0<span class="token punctuation">.</span>0 3<span class="token punctuation">.</span>1 1155116 63320 ? Ssl 12:09 0:00 <span class="token operator">/</span>usr<span class="token operator">/</span>bin<span class="token operator">/</span>dockerd <span class="token operator">--</span>containerd <span class="token operator">/</span>run<span class="token operator">/</span>containerd<span class="token operator">/</span>containerd<span class="token punctuation">.</span>sock <span class="token operator">--</span>debug
</code></pre>
<pre><code class="prism language-powershell">使用docker运行容器
<span class="token comment"># docker run -d nginx:latest</span>
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
219a9c6727bcd162d0a4868746c513a277276a110f47e15368b4229988003c13
</code></pre>
<pre><code class="prism language-powershell">使用docker <span class="token function">ps</span>命令查看正在运行的容器
<span class="token comment"># docker ps</span>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
219a9c6727bc nginx:latest <span class="token string">"/docker-entrypoint.…"</span> 14 seconds ago Up 13 seconds 80<span class="token operator">/</span>tcp happy_tu
</code></pre>
<pre><code class="prism language-powershell">使用ctr查看是否添加一个新的namespace,本案例中发现添加一个moby命名空间,即为docker使用的命名空间。
<span class="token comment"># ctr namespace ls</span>
NAME LABELS
default
k8s<span class="token punctuation">.</span>io
kubemsb
moby
</code></pre>
<pre><code class="prism language-powershell">查看moby命名空间,发现使用docker run运行的容器包含在其中。
<span class="token comment"># ctr -n moby container ls</span>
CONTAINER IMAGE RUNTIME
219a9c6727bcd162d0a4868746c513a277276a110f47e15368b4229988003c13 <span class="token operator">-</span> io<span class="token punctuation">.</span>containerd<span class="token punctuation">.</span>runc<span class="token punctuation">.</span>v2
</code></pre>
<pre><code class="prism language-powershell">使用ctr能够查看到一个正在运行的容器,既表示docker run运行的容器是被containerd管理的。
<span class="token comment"># ctr -n moby tasks ls</span>
TASK PID STATUS
219a9c6727bcd162d0a4868746c513a277276a110f47e15368b4229988003c13 16719 RUNNING
</code></pre>
<pre><code class="prism language-powershell">使用docker stop停止且使用docker <span class="token function">rm</span>删除容器后再观察,发现容器被删除。
<span class="token comment"># docker stop 219;docker rm 219</span>
219
219
<span class="token comment"># ctr -n moby container ls</span>
CONTAINER IMAGE RUNTIME
<span class="token comment"># ctr -n moby tasks ls</span>
TASK PID STATUS
</code></pre>
</div>
</div>
</div>
</div>
</div>
<!--PC和WAP自适应版-->
<div id="SOHUCS" sid="1643500808177770496"></div>
<script type="text/javascript" src="/views/front/js/chanyan.js"></script>
<!-- 文章页-底部 动态广告位 -->
<div class="youdao-fixed-ad" id="detail_ad_bottom"></div>
</div>
<div class="col-md-3">
<div class="row" id="ad">
<!-- 文章页-右侧1 动态广告位 -->
<div id="right-1" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
<div class="youdao-fixed-ad" id="detail_ad_1"> </div>
</div>
<!-- 文章页-右侧2 动态广告位 -->
<div id="right-2" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
<div class="youdao-fixed-ad" id="detail_ad_2"></div>
</div>
<!-- 文章页-右侧3 动态广告位 -->
<div id="right-3" class="col-lg-12 col-md-12 col-sm-4 col-xs-4 ad">
<div class="youdao-fixed-ad" id="detail_ad_3"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="container">
<h4 class="pt20 mb15 mt0 border-top">你可能感兴趣的:(云原生,云原生,docker,kubernetes)</h4>
<div id="paradigm-article-related">
<div class="recommend-post mb30">
<ul class="widget-links">
<li><a href="/article/1835269935358636032.htm"
title="Docker学习十一:Kubernetes概述" target="_blank">Docker学习十一:Kubernetes概述</a>
<span class="text-muted">爱打羽球的程序猿</span>
<a class="tag" taget="_blank" href="/search/Docker%E5%AD%A6%E4%B9%A0%E7%B3%BB%E5%88%97/1.htm">Docker学习系列</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AD%A6%E4%B9%A0/1.htm">学习</a>
<div>一、Kubernetes简介2006年,Google提出了云计算的概念,当时的云计算领域还是以虚拟机为代表的云平台。2013年,Docker横空出世,Docker提出了镜像、仓库等核心概念,规范了服务的交付标准,使得复杂服务的落地变得更加简单,之后Docker又定义了OCI标准,Docker在容器领域称为事实的标准。但是,Docker诞生只是帮助定义了开发和交付标准,如果想要在生产环境中大批量的使</div>
</li>
<li><a href="/article/1835269304761806848.htm"
title="Cloud Native Weekly | 华为云抢先发布Redis5.0,红帽宣布收购混合云提供商" target="_blank">Cloud Native Weekly | 华为云抢先发布Redis5.0,红帽宣布收购混合云提供商</a>
<span class="text-muted">weixin_34302561</span>
<a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E5%BA%93/1.htm">数据库</a><a class="tag" taget="_blank" href="/search/devops/1.htm">devops</a><a class="tag" taget="_blank" href="/search/%E5%A4%A7%E6%95%B0%E6%8D%AE/1.htm">大数据</a>
<div>1——华为云抢先发布Redis5.02——DigitalOceanK8s服务正式上线3——红帽宣布收购混合云提供商NooBaa4——微软发布多项AzureKubernetes服务更新1华为云抢先发布Redis5.012月17日,华为云在DCS2.0的基础上,快人一步,抢先推出了新的Redis5.0产品,这是一个崭新的突破。目前国内在缓存领域的发展普遍停留在Redis4.0阶段,华为云率先发布了Re</div>
</li>
<li><a href="/article/1835267918531751936.htm"
title="安装 `privoxy` 将 Socks5 转换为 HTTP 代理" target="_blank">安装 `privoxy` 将 Socks5 转换为 HTTP 代理</a>
<span class="text-muted">MonkeyKing.sun</span>
<a class="tag" taget="_blank" href="/search/%E7%BD%91%E7%BB%9C/1.htm">网络</a>
<div>(base)shgbitai@shgbitai-C9X299-PGF:~/tools$curl-xhttp://127.0.0.1:1080https://registry-1.docker.io/v2/curl:(56)ProxyCONNECTaborted(base)shgbitai@shgbitai-C9X299-PGF:~/tools$curl-xhttps://127.0.0.1:108</div>
</li>
<li><a href="/article/1835267665455837184.htm"
title="Halo 开发者指南——容器私有化部署" target="_blank">Halo 开发者指南——容器私有化部署</a>
<span class="text-muted">SHENHUANJIE</span>
<a class="tag" taget="_blank" href="/search/Docker/1.htm">Docker</a><a class="tag" taget="_blank" href="/search/Halo/1.htm">Halo</a><a class="tag" taget="_blank" href="/search/%E5%8D%8E%E4%B8%BA%E4%BA%91/1.htm">华为云</a><a class="tag" taget="_blank" href="/search/SWR/1.htm">SWR</a><a class="tag" taget="_blank" href="/search/Registry/1.htm">Registry</a>
<div>华为云SWR私有化部署镜像构建dockerbuild-thalo-dev/halo:2.20.0.上传镜像镜像标签sudodockertag{镜像名称}:{版本名称}swr.cn-south-1.myhuaweicloud.com/{组织名称}/{镜像名称}:{版本名称}sudodockertaghalo-dev/halo:2.20.0swr.cn-south-1.myhuaweicloud.co</div>
</li>
<li><a href="/article/1835262244313722880.htm"
title="SpringBoot整合ES搜索引擎 实现网站热搜词及热度计算" target="_blank">SpringBoot整合ES搜索引擎 实现网站热搜词及热度计算</a>
<span class="text-muted">码踏云端</span>
<a class="tag" taget="_blank" href="/search/springboot/1.htm">springboot</a><a class="tag" taget="_blank" href="/search/Elasticsearch/1.htm">Elasticsearch</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/boot/1.htm">boot</a><a class="tag" taget="_blank" href="/search/elasticsearch/1.htm">elasticsearch</a><a class="tag" taget="_blank" href="/search/%E5%90%8E%E7%AB%AF/1.htm">后端</a><a class="tag" taget="_blank" href="/search/%E7%83%AD%E6%90%9C%E8%AF%8D/1.htm">热搜词</a><a class="tag" taget="_blank" href="/search/%E7%83%AD%E5%BA%A6%E8%AE%A1%E7%AE%97/1.htm">热度计算</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
<div>博主简介:历代文学网(PC端可以访问:https://literature.sinhy.com/#/literature?__c=1000,移动端可微信小程序搜索“历代文学”)总架构师,15年工作经验,精通Java编程,高并发设计,Springboot和微服务,熟悉Linux,ESXI虚拟化以及云原生Docker和K8s,热衷于探索科技的边界,并将理论知识转化为实际应用。保持对新技术的好奇心,乐于</div>
</li>
<li><a href="/article/1835259716809355264.htm"
title="小白 | 华为云docker设置镜像加速器" target="_blank">小白 | 华为云docker设置镜像加速器</a>
<span class="text-muted">伏一</span>
<a class="tag" taget="_blank" href="/search/%E5%B7%A5%E5%85%B7%E5%AE%89%E8%A3%85/1.htm">工具安装</a><a class="tag" taget="_blank" href="/search/%E5%8D%8E%E4%B8%BA%E4%BA%91/1.htm">华为云</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>一、操作场景通过dockerpull命令下载镜像中心的公有镜像时,往往会因为网络原因而需要很长时间,甚至可能因超时而下载失败。为此,容器镜像服务提供了镜像下载加速功能,帮助您获得更快的下载体验。二、约束与限制构建镜像的客户端所安装的容器引擎(Docker)版本必须为1.11.2及以上。“华北-乌兰察布一”、“亚太-雅加达”、“拉美-墨西哥城一”、“拉美-墨西哥城二”和“拉美-圣保罗一”区域不支持该</div>
</li>
<li><a href="/article/1835245099416645632.htm"
title="docker改容器IP的两种方法" target="_blank">docker改容器IP的两种方法</a>
<span class="text-muted">redmond88</span>
<a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/tcp%2Fip/1.htm">tcp/ip</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>最简单实用的方法:docker默认的内网网段为172.17.0.0/16,如果公司内网网段也是172.17.x.x的话,就会发生路由冲突。解决办法改路由比较办法,可以一开始就将docker配置的bip改成169.254.0.1/24,可以避免冲突。在daemon配置文件里加个"bip":“169.254.0.1/24”,重启docker就可以了1234[root@st-dev6~]#vim/etc</div>
</li>
<li><a href="/article/1835209173944594432.htm"
title="(k8s)Kubernetes 从0到1容器编排之旅" target="_blank">(k8s)Kubernetes 从0到1容器编排之旅</a>
<span class="text-muted">道不贱卖,法不轻传</span>
<a class="tag" taget="_blank" href="/search/kubernets/1.htm">kubernets</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
<div>一、引言在当今数字化的浪潮中,Kubernetes如同一艘强大的航船,引领着容器化应用的部署与管理。它以其卓越的灵活性、可扩展性和可靠性,成为众多企业和开发者的首选。然而,要真正发挥Kubernetes的强大威力,仅仅掌握基本操作是远远不够的。本文将带你深入探索Kubernetes使用过程中的奇技妙法,为你开启一段优雅的容器编排之旅。二、高级资源管理之精妙艺术1.资源配额与限制:雕琢资源之美•Ku</div>
</li>
<li><a href="/article/1835199093819928576.htm"
title="docker 安装、运行nginx shell脚本" target="_blank">docker 安装、运行nginx shell脚本</a>
<span class="text-muted">三希</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/nginx/1.htm">nginx</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>以下是一个简单的用于安装和运行DockerNginx的shell脚本:bash#!/bin/bash#安装Docker(如果还未安装)#请根据实际情况调整安装命令#拉取Nginx镜像dockerpullnginx#运行Nginx容器dockerrun-d--namemynginx-p80:80nginx</div>
</li>
<li><a href="/article/1835189633021997056.htm"
title="docker项目切换(nginx)、重启shell 脚本" target="_blank">docker项目切换(nginx)、重启shell 脚本</a>
<span class="text-muted">懒惰的小蜗牛</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/nginx/1.htm">nginx</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>docker项目切换、重启脚本背景具体操作nginx配置配置文件1配置文件2编写nginx替换脚本(用来执行端口替换)编写启动脚本dockerfile文件正常编写给脚本授权执行./start脚本背景项目部署docker中,更新项目时,需要将原原来的容器停止,再启动新的容器,这样会有一个空窗期,导致不可用解决方案:映射不同的端口并启动新的容器,将nginx转发到新容器,停止旧容器具体操作说明ngin</div>
</li>
<li><a href="/article/1835187991388188672.htm"
title="FastCGI结合docker下的Nginx执行shell脚本" target="_blank">FastCGI结合docker下的Nginx执行shell脚本</a>
<span class="text-muted">南波波</span>
<a class="tag" taget="_blank" href="/search/nginx/1.htm">nginx</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a>
<div>1使用docker下载Nginx下面展示一些内联代码片。a.#dockerpullnginx#dockerrun--namerunoob-php-nginx-p8088:80-d\-v~/nginx/www:/usr/share/nginx/html:ro\-v~/nginx/conf/conf.d:/etc/nginx/conf.d:ro\nginxb.在~/nginx/conf/conf.d创</div>
</li>
<li><a href="/article/1835159463812755456.htm"
title="【docker npm】npm 私库" target="_blank">【docker npm】npm 私库</a>
<span class="text-muted">琴 韵</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/npm/1.htm">npm</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>1.部署环境window11x64DockerDesktop4.34.1(166053)DockerEnginev27.2.01.1.Docker镜像源1.1.1.DockerEngine配置{"builder":{"features":{"buildkit":true},"gc":{"defaultKeepStorage":"32GB","enabled":true}},"experimenta</div>
</li>
<li><a href="/article/1835131862654218240.htm"
title="Docker安装Kafka和Kafka-Manager" target="_blank">Docker安装Kafka和Kafka-Manager</a>
<span class="text-muted">阿靖哦</span>
<div>本文介绍如何通过Docker安装kafka与kafka界面管理界面一、拉取zookeeper由于kafka需要依赖于zookeeper,因此这里先运行zookeeper1、拉取镜像dockerpullwurstmeister/zookeeper2、启动dockerrun-d--namezookeeper-p2181:2181-eTZ="Asia/Shanghai"--restartalwayswu</div>
</li>
<li><a href="/article/1835130592988065792.htm"
title="主流行架构" target="_blank">主流行架构</a>
<span class="text-muted">rainbowcheng</span>
<a class="tag" taget="_blank" href="/search/%E6%9E%B6%E6%9E%84/1.htm">架构</a><a class="tag" taget="_blank" href="/search/%E6%9E%B6%E6%9E%84/1.htm">架构</a>
<div>nexus,gitlab,svn,jenkins,sonar,docker,apollo,catteambition,axure,蓝湖,禅道,WCP;redis,kafka,es,zookeeper,dubbo,shardingjdbc,mysql,InfluxDB,Telegraf,Grafana,Nginx,xxl-job,Neo4j,NebulaGraph是一个高性能的,NOSQL图形数据库</div>
</li>
<li><a href="/article/1835075002773368832.htm"
title="单节点canal的介绍和搭建(对接mysql和rocketMQ)" target="_blank">单节点canal的介绍和搭建(对接mysql和rocketMQ)</a>
<span class="text-muted">汀风</span>
<a class="tag" taget="_blank" href="/search/%E4%B8%AD%E9%97%B4%E4%BB%B6/1.htm">中间件</a><a class="tag" taget="_blank" href="/search/%E9%98%BF%E9%87%8C%E4%BA%91/1.htm">阿里云</a><a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
<div>单节点canal-server+canal-admin的介绍和搭建(对接mysql和rocketMQ)一、简介1、Canal1、工作原理2、MySQL主从复制实现3、canal架构4、binarylog1、新增binlog2、更新binglog3、增加字段bin-log4、删除字段bin-log5、修改字段bin-log二、使用2.1安装1、本地安装2、docker安装canal-admincan</div>
</li>
<li><a href="/article/1835070967521570816.htm"
title="【大模型】triton inference server" target="_blank">【大模型】triton inference server</a>
<span class="text-muted">idiotyi</span>
<a class="tag" taget="_blank" href="/search/%E5%A4%A7%E6%A8%A1%E5%9E%8B/1.htm">大模型</a><a class="tag" taget="_blank" href="/search/%E8%87%AA%E7%84%B6%E8%AF%AD%E8%A8%80%E5%A4%84%E7%90%86/1.htm">自然语言处理</a><a class="tag" taget="_blank" href="/search/%E8%AF%AD%E8%A8%80%E6%A8%A1%E5%9E%8B/1.htm">语言模型</a><a class="tag" taget="_blank" href="/search/%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD/1.htm">人工智能</a>
<div>前言:tritoninferenceserver常用于大模型部署,可以采用http或GRPC调用,支持大部分的backend,单GPU、多GPU都可以支持,CPU也支持。本文主要是使用tritoninferenceserver部署大模型的简单流程示例。目录1.整体流程2.搭建本地仓库3.服务端代码4.启动服务5.客户端调用1.整体流程搭建模型仓库模型配置服务端调用代码docker启动服务客户端调用</div>
</li>
<li><a href="/article/1835061888858288128.htm"
title="【K8S】kubernetes集群架构与组件" target="_blank">【K8S】kubernetes集群架构与组件</a>
<span class="text-muted">奇奇怪怪^</span>
<a class="tag" taget="_blank" href="/search/%E4%BA%91/1.htm">云</a><a class="tag" taget="_blank" href="/search/Linux/1.htm">Linux</a><a class="tag" taget="_blank" href="/search/IT/1.htm">IT</a><a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4/1.htm">运维</a><a class="tag" taget="_blank" href="/search/%E6%9C%8D%E5%8A%A1%E5%99%A8/1.htm">服务器</a><a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a>
<div>文章目录【K8S】kubernetes集群架构与组件kubernetes组件**master组件**node组件整体流程POD终止过程【K8S】kubernetes集群架构与组件kubernetes组件K8S是属于主从设备模型(Master-slave架构),即有Master节点负责集群的调度、管理和运维,Slave节点是集群中的运算工作负载节点在K8S中,主节点一般被称为Master节点,而从节</div>
</li>
<li><a href="/article/1835058988631289856.htm"
title="K8S学习笔记02——K8S组件" target="_blank">K8S学习笔记02——K8S组件</a>
<span class="text-muted">沉淅尘</span>
<a class="tag" taget="_blank" href="/search/%23/1.htm">#</a><a class="tag" taget="_blank" href="/search/Docker/1.htm">Docker</a><a class="tag" taget="_blank" href="/search/%23/1.htm">#</a><a class="tag" taget="_blank" href="/search/K8S/1.htm">K8S</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a>
<div>Kubernetes组件一、控制平面组件(ControlPlaneComponents)(1)kube-apiserver(2)etcd(3)kube-scheduler(4)kube-controller-manager(5)cloud-controller-manager二、Node组件1.kubelet2.kube-proxy3.容器运行时(ContainerRuntime)三、插件(Add</div>
</li>
<li><a href="/article/1835054063679533056.htm"
title="Kubernetes——组件" target="_blank">Kubernetes——组件</a>
<span class="text-muted">窒息う</span>
<a class="tag" taget="_blank" href="/search/Kubernetes/1.htm">Kubernetes</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>文章目录K8S的优势核心架构角色与功能集群图例K8S的优势能管理大量跨主机容器快速部署应用快速扩展应用无缝对接新的应用节省资源,优化硬件资源的使用核心架构master(管理节点)node(计算节点)images(镜像节点)角色与功能Master功能提供集群的控制对集群进行全局决策检测和响应集群事件Master节点核心组件APIServer是整个系统的对外接口,提供客户端和其他组件调用后端元数据存储</div>
</li>
<li><a href="/article/1835050027517571072.htm"
title="基于Prometheus和Grafana的现代服务器监控体系构建" target="_blank">基于Prometheus和Grafana的现代服务器监控体系构建</a>
<span class="text-muted">golove666</span>
<a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4/1.htm">运维</a><a class="tag" taget="_blank" href="/search/prometheus/1.htm">prometheus</a><a class="tag" taget="_blank" href="/search/grafana/1.htm">grafana</a><a class="tag" taget="_blank" href="/search/%E6%9C%8D%E5%8A%A1%E5%99%A8/1.htm">服务器</a>
<div>构建一个基于Prometheus和Grafana的现代服务器监控体系涉及多个步骤。以下是大体的流程和步骤说明:1.Prometheus监控系统Prometheus是一个开源的系统监控和报警工具,专门设计用于抓取时间序列数据。1.1Prometheus的安装Docker安装Prometheusdockerrun-d--name=prometheus-p9090:9090prom/prometheus</div>
</li>
<li><a href="/article/1835046751275413504.htm"
title="Kubernetes组件" target="_blank">Kubernetes组件</a>
<span class="text-muted">汉只只</span>
<a class="tag" taget="_blank" href="/search/%E7%BD%91%E7%BB%9C/1.htm">网络</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/%E5%A4%A7%E6%95%B0%E6%8D%AE/1.htm">大数据</a><a class="tag" taget="_blank" href="/search/%E5%88%86%E5%B8%83%E5%BC%8F/1.htm">分布式</a><a class="tag" taget="_blank" href="/search/hadoop/1.htm">hadoop</a>
<div>Kubernetes核心组件Kubernetes定义了一组构建块,它们可以共同提供部署、维护和扩展应用程序的机制。组成Kubernetes的组件设计为松耦合和可扩展的,这样可以满足多种不同的工作负载。可扩展性在很大程度上由KubernetesAPI提供——它被作为扩展的内部组件以及Kubernetes上运行的容器等使用。Kubernetes主要由以下几个核心组件组成:etcd保存了整个集群的状态;</div>
</li>
<li><a href="/article/1835040202163318784.htm"
title="首次全面解析云原生成熟度模型:解决企业「诊断难、规划难、选型难」问题" target="_blank">首次全面解析云原生成熟度模型:解决企业「诊断难、规划难、选型难」问题</a>
<span class="text-muted">阿里云云栖号</span>
<a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E8%AE%A1%E7%AE%97/1.htm">云计算</a><a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4/1.htm">运维</a><a class="tag" taget="_blank" href="/search/%E9%98%BF%E9%87%8C%E4%BA%91/1.htm">阿里云</a>
<div>从“上云”到“云上”原生,云原生提供了最优用云路径,云原生的技术价值已被广泛认可。当前行业用户全面转型云原生已是大势所趋,用户侧云原生平台建设和应用云原生化改造进程正在加速。然而,云原生复杂的技术栈和传统IT的历史包袱给用户带来了巨大挑战,针对平台建设和应用改造的能力要求缺少统一规范成为企业转型的最大障碍。在用户侧,企业执行层面存在“三难”问题,即诊断难、规划难、选型难,需求和供给不能精准对应,缺</div>
</li>
<li><a href="/article/1835036167091875840.htm"
title="手把手教你企业微信SCRM源码下载和私有化部署教程" target="_blank">手把手教你企业微信SCRM源码下载和私有化部署教程</a>
<span class="text-muted">MoChat-1号</span>
<a class="tag" taget="_blank" href="/search/php/1.htm">php</a><a class="tag" taget="_blank" href="/search/%E5%BE%AE%E4%BF%A1/1.htm">微信</a><a class="tag" taget="_blank" href="/search/%E5%BE%AE%E4%BF%A1%E5%85%AC%E4%BC%97%E5%B9%B3%E5%8F%B0/1.htm">微信公众平台</a><a class="tag" taget="_blank" href="/search/%E5%BE%AE%E4%BF%A1%E5%BC%80%E6%94%BE%E5%B9%B3%E5%8F%B0/1.htm">微信开放平台</a>
<div>服务器要求MoChat对系统环境有一些要求,仅可运行于Linux和Mac环境下,但由于Docker虚拟化技术的发展,在Windows下也可以通过DockerforWindows来作为运行环境,通常来说Mac环境下,我们更推荐本地环境部署,以避免Docker共享磁盘缓慢导致MoChat启动速度慢的问题。提示MoChat基于Docker-compose方式的安装视频https://www.bilibi</div>
</li>
<li><a href="/article/1835034781197365248.htm"
title="【Linux 从基础到进阶】Kubernetes 集群搭建与管理" target="_blank">【Linux 从基础到进阶】Kubernetes 集群搭建与管理</a>
<span class="text-muted">爱技术的小伙子</span>
<a class="tag" taget="_blank" href="/search/Linux%E4%BB%8E%E5%9F%BA%E7%A1%80%E5%88%B0%E8%BF%9B%E9%98%B6/1.htm">Linux从基础到进阶</a><a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4/1.htm">运维</a>
<div>Kubernetes集群搭建与管理Kubernetes(简称K8s)是一个用于自动化部署、扩展和管理容器化应用程序的开源平台。它提供了容器编排功能,能够管理大量的容器实例,并支持应用的自动扩展、高可用性和自愈能力。本文将详细介绍如何在CentOS和Ubuntu系统上安装和配置Kubernetes集群,并讲解Kubernetes的基本概念和管理操作。1.Kubernetes基础概念在了解如何搭建Ku</div>
</li>
<li><a href="/article/1835004014241083392.htm"
title="Docker 常用命令" target="_blank">Docker 常用命令</a>
<span class="text-muted">C语言扫地僧</span>
<a class="tag" taget="_blank" href="/search/Linux%E4%B8%93%E6%A0%8F/1.htm">Linux专栏</a><a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a>
<div>1Docker镜像命令1.1dockerimages#语法dockerimages[OPTIONS][REPOSITORY[:TAG]]#别名dockerimagels,dockerimagelist功能列出本地镜像。关键参数-a:列出本地所有的镜像(含中间映像层,默认情况下,过滤掉中间映像层);--digests:显示镜像的摘要信息;-f:显示满足条件的镜像;--format:指定返回值的模板文</div>
</li>
<li><a href="/article/1834999728476090368.htm"
title="【Kubernetes】常见面试题汇总(十三)" target="_blank">【Kubernetes】常见面试题汇总(十三)</a>
<span class="text-muted">summer.335</span>
<a class="tag" taget="_blank" href="/search/Kubernetes/1.htm">Kubernetes</a><a class="tag" taget="_blank" href="/search/kubernetes/1.htm">kubernetes</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E4%BA%91%E5%8E%9F%E7%94%9F/1.htm">云原生</a>
<div>目录39.简述KubernetesScheduler使用哪两种算法将Pod绑定到worker节点?40.简述Kuberneteskubelet的作用?41.简述Kuberneteskubelet监控Worker节点资源是使用什么组件来实现的?39.简述KubernetesScheduler使用哪两种算法将Pod绑定到worker节点?KubernetesScheduler根据如下两种调度算法将Po</div>
</li>
<li><a href="/article/1834987624352280576.htm"
title="Docker 安装配置和基本命令详解以及案例示范" target="_blank">Docker 安装配置和基本命令详解以及案例示范</a>
<span class="text-muted">J老熊</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4/1.htm">运维</a><a class="tag" taget="_blank" href="/search/%E9%9D%A2%E8%AF%95/1.htm">面试</a><a class="tag" taget="_blank" href="/search/linux/1.htm">linux</a>
<div>1.引言容器化技术的快速发展给软件开发和运维带来了革命性的变化,Docker作为这一领域的领军者,已经成为软件开发和部署流程中的重要工具。Docker的轻量化、快速启动和高效资源利用让开发者能够在不同的环境中实现一致的开发体验。本篇文章将详细讲解如何在CentOS系统中安装Docker,如何配置阿里云镜像加速,Docker的基本命令和语法,以及通过实际的电商交易系统案例来演示如何在Docker环境</div>
</li>
<li><a href="/article/1834983967036633088.htm"
title="docker镜像的批量备份和加载" target="_blank">docker镜像的批量备份和加载</a>
<span class="text-muted">小卡车555</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a>
<div>随着微服务的不断发展,docker在微服务的部署中也占着不可缺少的角色,有这样一种场景,需要将服务器上的若干个最新的镜像打成tar.gz做一个备份或者异地部署。针对此问题尝试写了如下shell脚本#vimsaveImages.sh脚本内容如下:#当前需要打包的版本号version=xxx.0.0.1-RELEASE#仓库rep=defaultRep#名称name=defaultNameforiin</div>
</li>
<li><a href="/article/1834930632522821632.htm"
title="docker Pulling fs layer 含义" target="_blank">docker Pulling fs layer 含义</a>
<span class="text-muted">潇锐killer</span>
<a class="tag" taget="_blank" href="/search/eureka/1.htm">eureka</a><a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/cloud/1.htm">cloud</a>
<div>在使用Docker时,当你执行dockerpull命令来获取一个新的镜像,控制台输出中可能会出现"Pullingfslayer"的信息。这是Docker拉取镜像过程中的一个步骤,下面是对这一过程的解释:Docker镜像是由一系列的层(layers)组成的。每个层代表了镜像构建过程中的一个步骤,比如安装一个软件包或复制一些文件。这种层式结构使得Docker镜像既轻便又高效,因为它允许多个镜像共享相同</div>
</li>
<li><a href="/article/1834921299995095040.htm"
title="Docker-compose minio集群部署" target="_blank">Docker-compose minio集群部署</a>
<span class="text-muted">有点菜的运维</span>
<a class="tag" taget="_blank" href="/search/docker/1.htm">docker</a><a class="tag" taget="_blank" href="/search/%E5%AE%B9%E5%99%A8/1.htm">容器</a><a class="tag" taget="_blank" href="/search/%E8%BF%90%E7%BB%B4/1.htm">运维</a>
<div>一、虚机准备192.168.40.174192.168.40.174192.168.40.176二、下载docker-compose离线安装docker及docker-compose_docker-compose离线安装-CSDN博客三、docker-compose.yml文件按docker-compose文件启动,minio的api端口为9000,控制台端口为9001174version:"3"</div>
</li>
<li><a href="/article/111.htm"
title="JAVA基础" target="_blank">JAVA基础</a>
<span class="text-muted">灵静志远</span>
<a class="tag" taget="_blank" href="/search/%E4%BD%8D%E8%BF%90%E7%AE%97/1.htm">位运算</a><a class="tag" taget="_blank" href="/search/%E5%8A%A0%E8%BD%BD/1.htm">加载</a><a class="tag" taget="_blank" href="/search/Date/1.htm">Date</a><a class="tag" taget="_blank" href="/search/%E5%AD%97%E7%AC%A6%E4%B8%B2%E6%B1%A0/1.htm">字符串池</a><a class="tag" taget="_blank" href="/search/%E8%A6%86%E7%9B%96/1.htm">覆盖</a>
<div>一、类的初始化顺序
1 (静态变量,静态代码块)-->(变量,初始化块)--> 构造器
同一括号里的,根据它们在程序中的顺序来决定。上面所述是同一类中。如果是继承的情况,那就在父类到子类交替初始化。
二、String
1 String a = "abc";
JAVA虚拟机首先在字符串池中查找是否已经存在了值为"abc"的对象,根</div>
</li>
<li><a href="/article/238.htm"
title="keepalived实现redis主从高可用" target="_blank">keepalived实现redis主从高可用</a>
<span class="text-muted">bylijinnan</span>
<a class="tag" taget="_blank" href="/search/redis/1.htm">redis</a>
<div>方案说明
两台机器(称为A和B),以统一的VIP对外提供服务
1.正常情况下,A和B都启动,B会把A的数据同步过来(B is slave of A)
2.当A挂了后,VIP漂移到B;B的keepalived 通知redis 执行:slaveof no one,由B提供服务
3.当A起来后,VIP不切换,仍在B上面;而A的keepalived 通知redis 执行slaveof B,开始</div>
</li>
<li><a href="/article/365.htm"
title="java文件操作大全" target="_blank">java文件操作大全</a>
<span class="text-muted">0624chenhong</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a>
<div>最近在博客园看到一篇比较全面的文件操作文章,转过来留着。
http://www.cnblogs.com/zhuocheng/archive/2011/12/12/2285290.html
转自http://blog.sina.com.cn/s/blog_4a9f789a0100ik3p.html
一.获得控制台用户输入的信息
&nbs</div>
</li>
<li><a href="/article/492.htm"
title="android学习任务" target="_blank">android学习任务</a>
<span class="text-muted">不懂事的小屁孩</span>
<a class="tag" taget="_blank" href="/search/%E5%B7%A5%E4%BD%9C/1.htm">工作</a>
<div>任务
完成情况 搞清楚带箭头的pupupwindows和不带的使用 已完成 熟练使用pupupwindows和alertdialog,并搞清楚两者的区别 已完成 熟练使用android的线程handler,并敲示例代码 进行中 了解游戏2048的流程,并完成其代码工作 进行中-差几个actionbar 研究一下android的动画效果,写一个实例 已完成 复习fragem</div>
</li>
<li><a href="/article/619.htm"
title="zoom.js" target="_blank">zoom.js</a>
<span class="text-muted">换个号韩国红果果</span>
<a class="tag" taget="_blank" href="/search/oom/1.htm">oom</a>
<div>它的基于bootstrap 的
https://raw.github.com/twbs/bootstrap/master/js/transition.js transition.js模块引用顺序
<link rel="stylesheet" href="style/zoom.css">
<script src=&q</div>
</li>
<li><a href="/article/746.htm"
title="详解Oracle云操作系统Solaris 11.2" target="_blank">详解Oracle云操作系统Solaris 11.2</a>
<span class="text-muted">蓝儿唯美</span>
<a class="tag" taget="_blank" href="/search/Solaris/1.htm">Solaris</a>
<div>当Oracle发布Solaris 11时,它将自己的操作系统称为第一个面向云的操作系统。Oracle在发布Solaris 11.2时继续它以云为中心的基调。但是,这些说法没有告诉我们为什么Solaris是配得上云的。幸好,我们不需要等太久。Solaris11.2有4个重要的技术可以在一个有效的云实现中发挥重要作用:OpenStack、内核域、统一存档(UA)和弹性虚拟交换(EVS)。 </div>
</li>
<li><a href="/article/873.htm"
title="spring学习——springmvc(一)" target="_blank">spring学习——springmvc(一)</a>
<span class="text-muted">a-john</span>
<a class="tag" taget="_blank" href="/search/springMVC/1.htm">springMVC</a>
<div>Spring MVC基于模型-视图-控制器(Model-View-Controller,MVC)实现,能够帮助我们构建像Spring框架那样灵活和松耦合的Web应用程序。
1,跟踪Spring MVC的请求
请求的第一站是Spring的DispatcherServlet。与大多数基于Java的Web框架一样,Spring MVC所有的请求都会通过一个前端控制器Servlet。前</div>
</li>
<li><a href="/article/1000.htm"
title="hdu4342 History repeat itself-------多校联合五" target="_blank">hdu4342 History repeat itself-------多校联合五</a>
<span class="text-muted">aijuans</span>
<a class="tag" taget="_blank" href="/search/%E6%95%B0%E8%AE%BA/1.htm">数论</a>
<div>水题就不多说什么了。
#include<iostream>#include<cstdlib>#include<stdio.h>#define ll __int64using namespace std;int main(){ int t; ll n; scanf("%d",&t); while(t--) </div>
</li>
<li><a href="/article/1127.htm"
title="EJB和javabean的区别" target="_blank">EJB和javabean的区别</a>
<span class="text-muted">asia007</span>
<a class="tag" taget="_blank" href="/search/bean/1.htm">bean</a><a class="tag" taget="_blank" href="/search/ejb/1.htm">ejb</a>
<div>EJB不是一般的JavaBean,EJB是企业级JavaBean,EJB一共分为3种,实体Bean,消息Bean,会话Bean,书写EJB是需要遵循一定的规范的,具体规范你可以参考相关的资料.另外,要运行EJB,你需要相应的EJB容器,比如Weblogic,Jboss等,而JavaBean不需要,只需要安装Tomcat就可以了
1.EJB用于服务端应用开发, 而JavaBeans</div>
</li>
<li><a href="/article/1254.htm"
title="Struts的action和Result总结" target="_blank">Struts的action和Result总结</a>
<span class="text-muted">百合不是茶</span>
<a class="tag" taget="_blank" href="/search/struts/1.htm">struts</a><a class="tag" taget="_blank" href="/search/Action%E9%85%8D%E7%BD%AE/1.htm">Action配置</a><a class="tag" taget="_blank" href="/search/Result%E9%85%8D%E7%BD%AE/1.htm">Result配置</a>
<div>
一:Action的配置详解:
下面是一个Struts中一个空的Struts.xml的配置文件
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
&quo</div>
</li>
<li><a href="/article/1381.htm"
title="如何带好自已的团队" target="_blank">如何带好自已的团队</a>
<span class="text-muted">bijian1013</span>
<a class="tag" taget="_blank" href="/search/%E9%A1%B9%E7%9B%AE%E7%AE%A1%E7%90%86/1.htm">项目管理</a><a class="tag" taget="_blank" href="/search/%E5%9B%A2%E9%98%9F%E7%AE%A1%E7%90%86/1.htm">团队管理</a><a class="tag" taget="_blank" href="/search/%E5%9B%A2%E9%98%9F/1.htm">团队</a>
<div>在网上看到博客"
怎么才能让团队成员好好干活"的评论,觉得写的比较好。 原文如下: 我做团队管理有几年了吧,我和你分享一下我认为带好团队的几点:
1.诚信
对团队内成员,无论是技术研究、交流、问题探讨,要尽可能的保持一种诚信的态度,用心去做好,你的团队会感觉得到。 2.努力提</div>
</li>
<li><a href="/article/1508.htm"
title="Java代码混淆工具" target="_blank">Java代码混淆工具</a>
<span class="text-muted">sunjing</span>
<a class="tag" taget="_blank" href="/search/ProGuard/1.htm">ProGuard</a>
<div>Open Source Obfuscators
ProGuard
http://java-source.net/open-source/obfuscators/proguardProGuard is a free Java class file shrinker and obfuscator. It can detect and remove unused classes, fields, m</div>
</li>
<li><a href="/article/1635.htm"
title="【Redis三】基于Redis sentinel的自动failover主从复制" target="_blank">【Redis三】基于Redis sentinel的自动failover主从复制</a>
<span class="text-muted">bit1129</span>
<a class="tag" taget="_blank" href="/search/redis/1.htm">redis</a>
<div>在第二篇中使用2.8.17搭建了主从复制,但是它存在Master单点问题,为了解决这个问题,Redis从2.6开始引入sentinel,用于监控和管理Redis的主从复制环境,进行自动failover,即Master挂了后,sentinel自动从从服务器选出一个Master使主从复制集群仍然可以工作,如果Master醒来再次加入集群,只能以从服务器的形式工作。
什么是Sentine</div>
</li>
<li><a href="/article/1762.htm"
title="使用代理实现Hibernate Dao层自动事务" target="_blank">使用代理实现Hibernate Dao层自动事务</a>
<span class="text-muted">白糖_</span>
<a class="tag" taget="_blank" href="/search/DAO/1.htm">DAO</a><a class="tag" taget="_blank" href="/search/spring/1.htm">spring</a><a class="tag" taget="_blank" href="/search/AOP/1.htm">AOP</a><a class="tag" taget="_blank" href="/search/%E6%A1%86%E6%9E%B6/1.htm">框架</a><a class="tag" taget="_blank" href="/search/Hibernate/1.htm">Hibernate</a>
<div>都说spring利用AOP实现自动事务处理机制非常好,但在只有hibernate这个框架情况下,我们开启session、管理事务就往往很麻烦。
public void save(Object obj){
Session session = this.getSession();
Transaction tran = session.beginTransaction();
try </div>
</li>
<li><a href="/article/1889.htm"
title="maven3实战读书笔记" target="_blank">maven3实战读书笔记</a>
<span class="text-muted">braveCS</span>
<a class="tag" taget="_blank" href="/search/maven3/1.htm">maven3</a>
<div>Maven简介
是什么?
Is a software project management and comprehension tool.项目管理工具
是基于POM概念(工程对象模型)
[设计重复、编码重复、文档重复、构建重复,maven最大化消除了构建的重复]
[与XP:简单、交流与反馈;测试驱动开发、十分钟构建、持续集成、富有信息的工作区]
功能: </div>
</li>
<li><a href="/article/2016.htm"
title="编程之美-子数组的最大乘积" target="_blank">编程之美-子数组的最大乘积</a>
<span class="text-muted">bylijinnan</span>
<a class="tag" taget="_blank" href="/search/%E7%BC%96%E7%A8%8B%E4%B9%8B%E7%BE%8E/1.htm">编程之美</a>
<div>
public class MaxProduct {
/**
* 编程之美 子数组的最大乘积
* 题目: 给定一个长度为N的整数数组,只允许使用乘法,不能用除法,计算任意N-1个数的组合中乘积中最大的一组,并写出算法的时间复杂度。
* 以下程序对应书上两种方法,求得“乘积中最大的一组”的乘积——都是有溢出的可能的。
* 但按题目的意思,是要求得这个子数组,而不</div>
</li>
<li><a href="/article/2143.htm"
title="读书笔记-2" target="_blank">读书笔记-2</a>
<span class="text-muted">chengxuyuancsdn</span>
<a class="tag" taget="_blank" href="/search/%E8%AF%BB%E4%B9%A6%E7%AC%94%E8%AE%B0/1.htm">读书笔记</a>
<div>1、反射
2、oracle年-月-日 时-分-秒
3、oracle创建有参、无参函数
4、oracle行转列
5、Struts2拦截器
6、Filter过滤器(web.xml)
1、反射
(1)检查类的结构
在java.lang.reflect包里有3个类Field,Method,Constructor分别用于描述类的域、方法和构造器。
2、oracle年月日时分秒
s</div>
</li>
<li><a href="/article/2270.htm"
title="[求学与房地产]慎重选择IT培训学校" target="_blank">[求学与房地产]慎重选择IT培训学校</a>
<span class="text-muted">comsci</span>
<a class="tag" taget="_blank" href="/search/it/1.htm">it</a>
<div> 关于培训学校的教学和教师的问题,我们就不讨论了,我主要关心的是这个问题
培训学校的教学楼和宿舍的环境和稳定性问题
我们大家都知道,房子是一个比较昂贵的东西,特别是那种能够当教室的房子...
&nb</div>
</li>
<li><a href="/article/2397.htm"
title="RMAN配置中通道(CHANNEL)相关参数 PARALLELISM 、FILESPERSET的关系" target="_blank">RMAN配置中通道(CHANNEL)相关参数 PARALLELISM 、FILESPERSET的关系</a>
<span class="text-muted">daizj</span>
<a class="tag" taget="_blank" href="/search/oracle/1.htm">oracle</a><a class="tag" taget="_blank" href="/search/rman/1.htm">rman</a><a class="tag" taget="_blank" href="/search/filesperset/1.htm">filesperset</a><a class="tag" taget="_blank" href="/search/PARALLELISM/1.htm">PARALLELISM</a>
<div>RMAN配置中通道(CHANNEL)相关参数 PARALLELISM 、FILESPERSET的关系 转
PARALLELISM ---
我们还可以通过parallelism参数来指定同时"自动"创建多少个通道:
RMAN > configure device type disk parallelism 3 ;
表示启动三个通道,可以加快备份恢复的速度。 </div>
</li>
<li><a href="/article/2524.htm"
title="简单排序:冒泡排序" target="_blank">简单排序:冒泡排序</a>
<span class="text-muted">dieslrae</span>
<a class="tag" taget="_blank" href="/search/%E5%86%92%E6%B3%A1%E6%8E%92%E5%BA%8F/1.htm">冒泡排序</a>
<div>
public void bubbleSort(int[] array){
for(int i=1;i<array.length;i++){
for(int k=0;k<array.length-i;k++){
if(array[k] > array[k+1]){
</div>
</li>
<li><a href="/article/2651.htm"
title="初二上学期难记单词三" target="_blank">初二上学期难记单词三</a>
<span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/sciet/1.htm">sciet</a>
<div>concert 音乐会
tonight 今晚
famous 有名的;著名的
song 歌曲
thousand 千
accident 事故;灾难
careless 粗心的,大意的
break 折断;断裂;破碎
heart 心(脏)
happen 偶尔发生,碰巧
tourist 旅游者;观光者
science (自然)科学
marry 结婚
subject 题目;</div>
</li>
<li><a href="/article/2778.htm"
title="I.安装Memcahce 1. 安装依赖包libevent Memcache需要安装libevent,所以安装前可能需要执行 Shell代码 收藏代码" target="_blank">I.安装Memcahce 1. 安装依赖包libevent Memcache需要安装libevent,所以安装前可能需要执行 Shell代码 收藏代码</a>
<span class="text-muted">dcj3sjt126com</span>
<a class="tag" taget="_blank" href="/search/redis/1.htm">redis</a>
<div>wget http://download.redis.io/redis-stable.tar.gz
tar xvzf redis-stable.tar.gz
cd redis-stable
make
前面3步应该没有问题,主要的问题是执行make的时候,出现了异常。
异常一:
make[2]: cc: Command not found
异常原因:没有安装g</div>
</li>
<li><a href="/article/2905.htm"
title="并发容器" target="_blank">并发容器</a>
<span class="text-muted">shuizhaosi888</span>
<a class="tag" taget="_blank" href="/search/%E5%B9%B6%E5%8F%91%E5%AE%B9%E5%99%A8/1.htm">并发容器</a>
<div> 通过并发容器来改善同步容器的性能,同步容器将所有对容器状态的访问都串行化,来实现线程安全,这种方式严重降低并发性,当多个线程访问时,吞吐量严重降低。
并发容器ConcurrentHashMap
替代同步基于散列的Map,通过Lock控制。
&nb</div>
</li>
<li><a href="/article/3032.htm"
title="Spring Security(12)——Remember-Me功能" target="_blank">Spring Security(12)——Remember-Me功能</a>
<span class="text-muted">234390216</span>
<a class="tag" taget="_blank" href="/search/Spring+Security/1.htm">Spring Security</a><a class="tag" taget="_blank" href="/search/Remember+Me/1.htm">Remember Me</a><a class="tag" taget="_blank" href="/search/%E8%AE%B0%E4%BD%8F%E6%88%91/1.htm">记住我</a>
<div>Remember-Me功能
目录
1.1 概述
1.2 基于简单加密token的方法
1.3 基于持久化token的方法
1.4 Remember-Me相关接口和实现</div>
</li>
<li><a href="/article/3159.htm"
title="位运算" target="_blank">位运算</a>
<span class="text-muted">焦志广</span>
<a class="tag" taget="_blank" href="/search/%E4%BD%8D%E8%BF%90%E7%AE%97/1.htm">位运算</a>
<div>
一、位运算符C语言提供了六种位运算符:
& 按位与
| 按位或
^ 按位异或
~ 取反
<< 左移
>> 右移
1. 按位与运算 按位与运算符"&"是双目运算符。其功能是参与运算的两数各对应的二进位相与。只有对应的两个二进位均为1时,结果位才为1 ,否则为0。参与运算的数以补码方式出现。
例如:9&am</div>
</li>
<li><a href="/article/3286.htm"
title="nodejs 数据库连接 mongodb mysql" target="_blank">nodejs 数据库连接 mongodb mysql</a>
<span class="text-muted">liguangsong</span>
<a class="tag" taget="_blank" href="/search/mongodb/1.htm">mongodb</a><a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a><a class="tag" taget="_blank" href="/search/node/1.htm">node</a><a class="tag" taget="_blank" href="/search/%E6%95%B0%E6%8D%AE%E5%BA%93%E8%BF%9E%E6%8E%A5/1.htm">数据库连接</a>
<div>1.mysql 连接
package.json中dependencies加入
"mysql":"~2.7.0"
执行 npm install
在config 下创建文件 database.js
</div>
</li>
<li><a href="/article/3413.htm"
title="java动态编译" target="_blank">java动态编译</a>
<span class="text-muted">olive6615</span>
<a class="tag" taget="_blank" href="/search/java/1.htm">java</a><a class="tag" taget="_blank" href="/search/HotSpot/1.htm">HotSpot</a><a class="tag" taget="_blank" href="/search/jvm/1.htm">jvm</a><a class="tag" taget="_blank" href="/search/%E5%8A%A8%E6%80%81%E7%BC%96%E8%AF%91/1.htm">动态编译</a>
<div> 在HotSpot虚拟机中,有两个技术是至关重要的,即动态编译(Dynamic compilation)和Profiling。
HotSpot是如何动态编译Javad的bytecode呢?Java bytecode是以解释方式被load到虚拟机的。HotSpot里有一个运行监视器,即Profile Monitor,专门监视</div>
</li>
<li><a href="/article/3540.htm"
title="Storm0.9.5的集群部署配置优化" target="_blank">Storm0.9.5的集群部署配置优化</a>
<span class="text-muted">roadrunners</span>
<a class="tag" taget="_blank" href="/search/%E4%BC%98%E5%8C%96/1.htm">优化</a><a class="tag" taget="_blank" href="/search/storm.yaml/1.htm">storm.yaml</a>
<div>nimbus结点配置(storm.yaml)信息:
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional inf</div>
</li>
<li><a href="/article/3667.htm"
title="101个MySQL 的调节和优化的提示" target="_blank">101个MySQL 的调节和优化的提示</a>
<span class="text-muted">tomcat_oracle</span>
<a class="tag" taget="_blank" href="/search/mysql/1.htm">mysql</a>
<div> 1. 拥有足够的物理内存来把整个InnoDB文件加载到内存中——在内存中访问文件时的速度要比在硬盘中访问时快的多。 2. 不惜一切代价避免使用Swap交换分区 – 交换时是从硬盘读取的,它的速度很慢。 3. 使用电池供电的RAM(注:RAM即随机存储器)。 4. 使用高级的RAID(注:Redundant Arrays of Inexpensive Disks,即磁盘阵列</div>
</li>
<li><a href="/article/3794.htm"
title="zoj 3829 Known Notation(贪心)" target="_blank">zoj 3829 Known Notation(贪心)</a>
<span class="text-muted">阿尔萨斯</span>
<a class="tag" taget="_blank" href="/search/ZOJ/1.htm">ZOJ</a>
<div> 题目链接:zoj 3829 Known Notation
题目大意:给定一个不完整的后缀表达式,要求有2种不同操作,用尽量少的操作使得表达式完整。
解题思路:贪心,数字的个数要要保证比∗的个数多1,不够的话优先补在开头是最优的。然后遍历一遍字符串,碰到数字+1,碰到∗-1,保证数字的个数大于等1,如果不够减的话,可以和最后面的一个数字交换位置(用栈维护十分方便),因为添加和交换代价都是1</div>
</li>
</ul>
</div>
</div>
</div>
<div>
<div class="container">
<div class="indexes">
<strong>按字母分类:</strong>
<a href="/tags/A/1.htm" target="_blank">A</a><a href="/tags/B/1.htm" target="_blank">B</a><a href="/tags/C/1.htm" target="_blank">C</a><a
href="/tags/D/1.htm" target="_blank">D</a><a href="/tags/E/1.htm" target="_blank">E</a><a href="/tags/F/1.htm" target="_blank">F</a><a
href="/tags/G/1.htm" target="_blank">G</a><a href="/tags/H/1.htm" target="_blank">H</a><a href="/tags/I/1.htm" target="_blank">I</a><a
href="/tags/J/1.htm" target="_blank">J</a><a href="/tags/K/1.htm" target="_blank">K</a><a href="/tags/L/1.htm" target="_blank">L</a><a
href="/tags/M/1.htm" target="_blank">M</a><a href="/tags/N/1.htm" target="_blank">N</a><a href="/tags/O/1.htm" target="_blank">O</a><a
href="/tags/P/1.htm" target="_blank">P</a><a href="/tags/Q/1.htm" target="_blank">Q</a><a href="/tags/R/1.htm" target="_blank">R</a><a
href="/tags/S/1.htm" target="_blank">S</a><a href="/tags/T/1.htm" target="_blank">T</a><a href="/tags/U/1.htm" target="_blank">U</a><a
href="/tags/V/1.htm" target="_blank">V</a><a href="/tags/W/1.htm" target="_blank">W</a><a href="/tags/X/1.htm" target="_blank">X</a><a
href="/tags/Y/1.htm" target="_blank">Y</a><a href="/tags/Z/1.htm" target="_blank">Z</a><a href="/tags/0/1.htm" target="_blank">其他</a>
</div>
</div>
</div>
<footer id="footer" class="mb30 mt30">
<div class="container">
<div class="footBglm">
<a target="_blank" href="/">首页</a> -
<a target="_blank" href="/custom/about.htm">关于我们</a> -
<a target="_blank" href="/search/Java/1.htm">站内搜索</a> -
<a target="_blank" href="/sitemap.txt">Sitemap</a> -
<a target="_blank" href="/custom/delete.htm">侵权投诉</a>
</div>
<div class="copyright">版权所有 IT知识库 CopyRight © 2000-2050 E-COM-NET.COM , All Rights Reserved.
<!-- <a href="https://beian.miit.gov.cn/" rel="nofollow" target="_blank">京ICP备09083238号</a><br>-->
</div>
</div>
</footer>
<!-- 代码高亮 -->
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shCore.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shLegacy.js"></script>
<script type="text/javascript" src="/static/syntaxhighlighter/scripts/shAutoloader.js"></script>
<link type="text/css" rel="stylesheet" href="/static/syntaxhighlighter/styles/shCoreDefault.css"/>
<script type="text/javascript" src="/static/syntaxhighlighter/src/my_start_1.js"></script>
</body>
</html>