containerd的安装和使用
containerd的安装和使用
1、containerd介绍
containerd 是从 docker 项目中剥离出来的一个容器运行时、几乎囊括了容器管理的所有功能,并且 containerd
内置了 CRI 插件,k8s 的 kubelet 组件可以直接调用 containerd,相较于 docker 容器运行时要精简很多。
containerd 是一个工业级标准的容器运行时,它强调简单性、健壮性和可移植性。containerd 可以在宿主机中管
理完整的容器生命周期,包括容器镜像的传输和存储、容器的执行和管理、存储和网络等。
CRI (Container Runtime Interface,开放工业标准)对容器运行时规范设定的标准定义了容器运行时状态的描述,
以及运行时需要提供的容器管理功能,只要符合 CRI 接口的容器运行时均可被 k8s 调用,为了兼容 CRI 规范,
docker 项目自身也做了架构调整,自 1.11.0 版本起,docker 引擎由一个单一组件,被拆分为四个项目分别是:
1、docker-daemon;2、containerd;3、containerd-shim;4、runc
containerd 是从 Docker 中分离出来的一个项目,可以作为一个底层容器运行时,现在它成了 Kubernete 容器运
行时更好的选择。不仅仅是 Docker,还有很多云平台也支持 containerd 作为底层容器运行时。
k8s 发布CRI (Container Runtime Interface),统一了容器运行时接口,凡是支持 CRI 的容器运行时,皆可作为
k8s 的底层容器运行时。
几个概念:
-
RunC:可以理解为OCI的一个实现,用来创建一个符合规范的容器
-
Containerd:就是一个标准的容器运行时。
-
OCI:开放容器标准,镜像规范(定义了镜像的主要格式和内容)、运行时规范
-
CRI:容器运行时接口,由 google 和 RedHat 主导推出的一组与容器运行时交互的接口,只要能实现这个标准
接口的容器运行时就可以对接 Kubernetes 平台。
k8s 为什么要放弃使用 Docker 作为容器运行时,而使用containerd呢?
如果你使用 Docker 作为 k8s 容器运行时的话,kubelet 需要先要通过 dockershim 去调用 Docker,再通过
Docker 去调用 containerd。如果你使用 containerd 作为 k8s 容器运行时的话,由于 containerd 内置了 CRI 插
件,kubelet 可以直接调用 containerd。使用 containerd 不仅性能提高了(调用链变短了),而且资源占用也会变
小(Docker不是一个纯粹的容器运行时,具有大量其他功能)。
2、containerd安装
安装包下载地址:https://github.com/containerd/containerd/releases
2.1 系统信息
$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
2.2 下载
# 下载安装包
[root@master ~]# wget https://github.com/containerd/containerd/releases/download/v1.7.1/containerd-1.7.1-linux-amd64.tar.gz
2.3 解压
[root@master ~]# tar -xvf containerd-1.7.1-linux-amd64.tar.gz
2.4 拷贝
[root@master ~]# cp bin/* /usr/local/bin/
2.5 查看版本
[root@master ~]# containerd -v
containerd github.com/containerd/containerd v1.7.1 1677a17964311325ed1c31e2c0a3589ce6d5c30d
能够正常显示版本信息,说明安装成功。
2.6 生成containerd配置
containerd 默认配置文件在 /etc/containerd 目录下,名称为 config.toml。
可以通过如下命令生成默认配置:
[root@master ~]# mkdir -p /etc/containerd
[root@master ~]# containerd config default > /etc/containerd/config.toml
2.7 修改配置文件
# 1
# 阿里云镜像
sandbox_image = "registry.k8s.io/pause:3.8"
改为
sandbox_image = "registry.aliyuncs.com/k8sxio/pause:3.8"
# 2
SystemdCgroup = false
修改为
SystemdCgroup = true
# 3
# 配置镜像加速
# 上下级配置,缩进两个空格
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://bqr1dr1n.mirror.aliyuncs.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://registry.aliyuncs.com/k8sxio"]
2.8 服务文件
[root@master ~]# cat > /lib/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
2.9 启动服务并设置为开机启动
[root@master ~]# systemctl restart containerd && systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
2.10 查看启动情况
[root@master ~]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2023-07-22 18:37:23 CST; 24s ago
Docs: https://containerd.io
Main PID: 10145 (containerd)
CGroup: /system.slice/containerd.service
└─10145 /usr/local/bin/containerd
3、部署runc
docker 引擎是自带 runc 的,containerd 是需要自己部署 runc,到githup官网下载。
[root@master ~]# wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64 -O /usr/bin/runc
[root@master ~]# chmod a+x /usr/bin/runc
[root@master ~]# runc -v
runc version 1.1.3
commit: v1.1.3-0-g6724737f
spec: 1.0.2-dev
go: go1.17.10
libseccomp: 2.5.4
ctr 命令功能太少,因此 containerd 支持客户端工具扩展,推荐使用 nerdctl。
nerdctl,使用效果与docker命令的语法一致。
4、部署nerdctl客户端工具
[root@master ~]# wget https://github.com/containerd/nerdctl/releases/download/v0.18.0/nerdctl-0.18.0-linux-amd64.tar.gz
[root@master ~]# tar xvf nerdctl-0.18.0-linux-amd64.tar.gz
[root@master ~]# cp nerdctl /usr/local/bin/
[root@master ~]# nerdctl -v
nerdctl version 0.18.0
# 验证nerdctl命令
[root@master ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
5、镜像操作
Containerd 默认提供 CLI 命令行工具 ctr,ctr 命名提供基本的镜像和容器操作功能,可以通过如下查看命令帮
助:
[root@master ~]# ctr
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.7.1
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin Provides information about containerd plugins
version Print the client and server versions
containers, c, container Manage containers
content Manage content
events, event Display containerd events
images, image, i Manage images
leases Manage leases
namespaces, namespace, ns Manage namespaces
pprof Provide golang pprof outputs for containerd
run Run a container
snapshots, snapshot Manage snapshots
tasks, t, task Manage tasks
install Install a new package
oci OCI tools
sandboxes, sandbox, sb, s Manage sandboxes
info Print the server info
shim Interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug Enable debug output in logs
--address value, -a value Address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value Total timeout for ctr commands (default: 0s)
--connect-timeout value Timeout for connecting to containerd (default: 0s)
--namespace value, -n value Namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
5.1 查看命名空间
$ ctr namespace ls
[root@master ~]# ctr namespace ls
NAME LABELS
default
5.2 拉取镜像
# image和i等价
$ ctr image/i pull docker.io/library/busybox:latest
[root@master ~]# ctr image pull docker.io/library/busybox:latest
docker.io/library/busybox:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:023917ec6a886d0e8e15f28fb543515a5fcd8d938edb091e8147db4efed388ee: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3f4d90098f5b5a6f6a76e9d217da85aa39b2081e30fa1f7d287138d6e7bf0ad7: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:a416a98b71e224a31ee99cff8e16063554498227d2b696152a9c3e0aa65e5824: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 16.7s total: 2.0 Mi (122.9 KiB/s)
unpacking linux/amd64 sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79...
done: 103.791318ms
$ ctr -n=default image pull --all-platforms docker.io/library/nginx:1.18.0
$ ctr -n=default image pull --platform linux/amd64 docker.io/library/nginx:1.18.0
# -n: 指定命名空间,镜像下载到什么命名空间,后续就只能在这个命名空间下找到该镜像
# -all-platforms: 提取所有平台镜像
# -platform: 提取指定平台镜像
[root@master ~]# ctr -n=default image pull --platform linux/amd64 docker.io/library/nginx:1.18.0
docker.io/library/nginx:1.18.0: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:9b0fc8e09ae1abb0144ce57018fc1e13d23abd108540f135dc83c0ed661081cf: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:03f221d9cf00a7077231c6dcac3c95182727c7e7fd44fd2b2e882a01dcda2d70: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:c2c45d506085d300b72a6d4b10e3dce104228080a2cf095fc38333afe237e2be: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f7ec5a41d630a33a2d1db59b95d89d93de7ae5a619a3a8571b78457e48266eba: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:1576642c97761adf346890bf67c43473217160a9a203ef47d0bc6020af652798: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c12a848bad84d57e3f5faafab5880484434aee3bf8bdde4d519753b7c81254fd: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:0b20d28b5eb3007f70c43cdd8efcdb04016aa193192e5911cda5b7590ffaa635: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 124.3s total: 51.1 M (421.3 KiB/s)
unpacking linux/amd64 sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0...
done: 2.765843156s
需要注意的是,拉取镜像时要加上 docker.io/liarary
如:ctr image pull docker.io/library/image:tag
5.3 列出本地镜像
$ ctr image ls
# 或者
$ ctr image list
[root@master ~]# ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/busybox:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79 2.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/riscv64,linux/s390x -
docker.io/library/nginx:1.18.0 application/vnd.docker.distribution.manifest.list.v2+json sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0 51.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x
[root@master ~]# ctr image list
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/busybox:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79 2.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/riscv64,linux/s390x -
docker.io/library/nginx:1.18.0 application/vnd.docker.distribution.manifest.list.v2+json sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0 51.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x
# -q只列出镜像名
$ ctr image ls -q
# 或者
$ ctr image list -q
[root@master ~]# ctr image ls -q
docker.io/library/busybox:latest
docker.io/library/nginx:1.18.0
[root@master ~]# ctr image list -q
docker.io/library/busybox:latest
docker.io/library/nginx:1.18.0
# 查看命名空间下的镜像
# 指定空间
$ ctr -n namespace image list
$ ctr -n default images ls
# 或者
$ ctr -n default images list
[root@master ~]# ctr -n default images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/busybox:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79 2.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/riscv64,linux/s390x -
docker.io/library/nginx:1.18.0 application/vnd.docker.distribution.manifest.list.v2+json sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0 51.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
[root@master ~]# ctr -n default images list
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/busybox:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79 2.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/riscv64,linux/s390x -
docker.io/library/nginx:1.18.0 application/vnd.docker.distribution.manifest.list.v2+json sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0 51.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x
5.4 检查镜像
$ ctr image check
[root@master ~]# ctr image check
REF TYPE DIGEST STATUS SIZE UNPACKED
docker.io/library/busybox:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79 complete (2/2) 2.1 MiB/2.1 MiB true
docker.io/library/nginx:1.18.0 application/vnd.docker.distribution.manifest.list.v2+json sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0 complete (6/6) 51.1 MiB/51.1 MiB true
5.5 打标签
# ctr image tag 源镜像:源标签 目标镜像:目标标签
# 源镜像:源标签需要存在
$ ctr image tag docker.io/library/nginx:1.18.0 my/nginx:1.18.0
[root@master ~]# ctr image tag docker.io/library/nginx:1.18.0 my/nginx:1.18.0
my/nginx:1.18.0
[root@master ~]# ctr images ls -q
docker.io/library/busybox:latest
docker.io/library/nginx:1.18.0
my/nginx:1.18.0
# 加入命令空间
$ ctr -n k8s.io image tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
# 注意若新镜像reference已存在,需要先删除新reference或者如下方式强制替换
$ ctr -n k8s.io image tag --force registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
5.6 删除镜像
$ ctr image rm 镜像
# 或者
$ ctr image remove 镜像
$ ctr image remove my/nginx:1.18.0
[root@master ~]# ctr image remove my/nginx:1.18.0
my/nginx:1.18.0
[root@master ~]# ctr images ls --q
docker.io/library/busybox:latest
docker.io/library/nginx:1.18.0
5.7 导入/导出镜像
$ ctr image import image.tar.gz
$ ctr image import nginxv1.tar.gz
$ ctr image export image.tar.gz 镜像
$ ctr image export nginxv1.tar.gz docker.io/library/nginx:1.18.0
# 导出
$ ctr image export mynginx.tar.gz docker.io/library/nginx:1.18.0
[root@master ~]# ctr image export mynginx.tar.gz docker.io/library/nginx:1.18.0
[root@master ~]# ls | grep mynginx
mynginx.tar.gz
# 导入
$ ctr image import mynginx.tar.gz
[root@master ~]# ctr image rm docker.io/library/nginx:1.18.0
docker.io/library/nginx:1.18.0
[root@master ~]# ctr image import mynginx.tar.gz --platform linux/amd64
unpacking docker.io/library/nginx:1.18.0 (sha256:e90ac5331fe095cea01b121a3627174b2e33e06e83720e9a934c7b8ccc9c55a0)...done
[root@master ~]# ctr image ls -q
docker.io/library/busybox:latest
docker.io/library/nginx:1.18.0
5.8 挂载镜像
将 nginx:1.18.0 镜像挂载到 /opt/my 下
$ ctr image mount docker.io/library/nginx:1.18.0 /opt/my
[root@master ~]# mkdir /opt/my
[root@master ~]# ctr image mount docker.io/library/nginx:1.18.0 /opt/my
sha256:43d6c481a041dbcc1d8ea9c565b1b692bcb28da3414683c316703c669c012ebc
/opt/my
[root@master ~]# ls /opt/my/
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
5.9 卸载镜像
$ umount /opt/my
[root@master ~]# umount /opt/my
[root@master ~]# ls /opt/my/
5.10 推送镜像
# 将镜像推送到远程仓库
$ ctr -n default image push docker.io/library/busybox:latest
# 如果报错
ctr: content digest sha256:b4b2e7e35845acd1e5433f4237cd50ecda47d789a9660e893adac145d1548e07: not found
# 解决
# 需要重新拉取镜像使用--all-platforms参数
$ ctr -n default image pull --platform docker.io/library/busybox:latest
# 如果有问题参考
# https://blog.csdn.net/weixin_43616190/article/details/126415601
# https://blog.csdn.net/yangqihai510/article/details/130100437
5.11 离线导入docker镜像
# 离线导入docker镜像,在其它docker上导出,containerd镜像导入
$ docker save -o rabbitmq_latest.tar rabbitmq:latest
$ ctr images import rabbitmq_latest.tar
6、容器操作
[root@master ~]# ctr container
NAME:
ctr containers - Manage containers
USAGE:
ctr containers command [command options] [arguments...]
COMMANDS:
create Create container
delete, del, remove, rm Delete one or more existing containers
info Get info about a container
list, ls List containers
label Set and clear labels for a container
checkpoint Checkpoint a container
restore Restore a container from checkpoint
OPTIONS:
--help, -h show help
- 静态容器:只创建容器并不运行容器内程序。
- 动态容器:创建容器并运行容器内程序。
6.1 创建静态容器
创建容器镜像必须在本地存在,否则无法创建。
# c和container等价
$ ctr c/container create docker.io/library/nginx:1.18.0 my-nginx
$ ctr c/container create docker.io/library/busybox:latest my-busybox
[root@master ~]# ctr container create docker.io/library/nginx:1.18.0 my-nginx
[root@master ~]# ctr container create docker.io/library/busybox:latest my-busybox
6.2 查看容器
$ ctr container ls
# 或者
$ ctr container list
[root@master ~]# ctr container ls
CONTAINER IMAGE RUNTIME
my-busybox docker.io/library/busybox:latest io.containerd.runc.v2
my-nginx docker.io/library/nginx:1.18.0 io.containerd.runc.v2
[root@master ~]# ctr container list
CONTAINER IMAGE RUNTIME
my-busybox docker.io/library/busybox:latest io.containerd.runc.v2
my-nginx docker.io/library/nginx:1.18.0 io.containerd.runc.v2
[root@master ~]# ctr container list -q
my-busybox
my-nginx
[root@master ~]# ctr container ls -q
my-busybox
my-nginx
6.3 启动静态容器(启动任务)
# 静态容器启动后会成为动态容器
# task和t等价
# -d后台运行,类似docker run -d
$ ctr task/t start -d my-busybox
$ ctr task/t start -d my-nginx
[root@master ~]# ctr task start -d my-busybox
[root@master ~]# ctr task start -d my-nginx
# 其它参数
[root@master ~]# ctr t start -h
NAME:
ctr tasks start - Start a container that has been created
USAGE:
ctr tasks start [command options] CONTAINER
OPTIONS:
--no-pivot Disable use of pivot-root (linux only)
--null-io Send all IO to /dev/null
--log-uri value Log uri
--fifo-dir value Directory used for storing IO FIFOs
--pid-file value File path to write the task's pid
--detach, -d Detach from the task after it has started execution
6.4 查看任务
# task表示容器内运行的进程信息
$ ctr task ls
# 或者
$ ctr task list
[root@master ~]# ctr task ls
TASK PID STATUS
my-nginx 48981 RUNNING
my-busybox 49757 RUNNING
[root@master ~]# ctr task list
TASK PID STATUS
my-nginx 48981 RUNNING
my-busybox 49757 RUNNING
[root@master ~]# ctr task list -q
my-nginx
my-busybox
[root@master ~]# ctr task ls -q
my-nginx
my-busybox
# 命令空间
[root@master ~]# ctr -n default task list
TASK PID STATUS
my-nginx 48981 RUNNING
my-busybox 49757 RUNNING
6.5 查看容器详细信息
$ ctr container info my-nginx
$ ctr container info my-busybox
[root@master ~]# ctr container info my-nginx | head -20
{
"ID": "my-nginx",
"Labels": {
"io.containerd.image.config.stop-signal": "SIGQUIT",
"maintainer": "NGINX Docker Maintainers \u003c[email protected]\u003e"
},
"Image": "docker.io/library/nginx:1.18.0",
"Runtime": {
"Name": "io.containerd.runc.v2",
"Options": {
"type_url": "containerd.runc.v1.Options"
}
},
"SnapshotKey": "my-nginx",
"Snapshotter": "overlayfs",
"CreatedAt": "2023-07-22T12:31:38.260915721Z",
"UpdatedAt": "2023-07-22T12:31:38.260915721Z",
"Extensions": {},
"SandboxID": "",
"Spec": {
......
[root@master ~]# ctr container info my-busybox | head -20
{
"ID": "my-busybox",
"Labels": {
"io.containerd.image.config.stop-signal": "SIGTERM"
},
"Image": "docker.io/library/busybox:latest",
"Runtime": {
"Name": "io.containerd.runc.v2",
"Options": {
"type_url": "containerd.runc.v1.Options"
}
},
"SnapshotKey": "my-busybox",
"Snapshotter": "overlayfs",
"CreatedAt": "2023-07-22T12:35:38.271982112Z",
"UpdatedAt": "2023-07-22T12:35:38.271982112Z",
"Extensions": {},
"SandboxID": "",
"Spec": {
"ociVersion": "1.1.0-rc.1",
......
6.6 进入任务容器
# --exec-id参数这个id可以随便写只要唯一就行
$ ctr task exec -exec-id 1 -t my-busybox sh
[root@master ~]# ctr task exec -exec-id 1 -t my-busybox sh
/ #
/ # ls
bin dev etc home lib lib64 proc root run sys tmp usr var
/ # exit
6.7 暂停容器(任务)
$ ctr task pause my-busybox
[root@master ~]# ctr task pause my-busybox
[root@master ~]# ctr task list
TASK PID STATUS
my-nginx 48981 RUNNING
my-busybox 49757 PAUSED
6.8 恢复容器(任务)
$ ctr task resume my-busybox
[root@master ~]# ctr task resume my-busybox
[root@master ~]# ctr task list
TASK PID STATUS
my-nginx 48981 RUNNING
my-busybox 49757 RUNNING
6.9 终止容器(任务)
$ ctr task kill my-nginx
[root@master ~]# ctr task kill my-nginx
[root@master ~]# ctr task ls
TASK PID STATUS
my-nginx 48981 STOPPED
my-busybox 49757 RUNNING
6.10 删除容器
$ ctr container rm my-nginx
[root@master ~]# ctr container rm my-nginx
[root@master ~]# ctr container list
CONTAINER IMAGE RUNTIME
my-busybox docker.io/library/busybox:latest io.containerd.runc.v2
6.11 查看容器内进程
$ ctr task ps my-busybox
[root@master ~]# ctr task ps my-busybox
PID INFO
49757 -
6.12 获取容器资源使用情况
[root@master ~]# ctr task metrics my-busybox
ID TIMESTAMP
my-busybox seconds:1690030610 nanos:990202065
METRIC VALUE
memory.usage_in_bytes 151552
memory.limit_in_bytes 9223372036854771712
memory.stat.cache 4096
cpuacct.usage 115987455
cpuacct.usage_percpu [10962488 38389161 41221211 25414595]
pids.current 1
pids.limit 0
6.13 运行一个任务
$ ctr run -t -d docker.io/library/busybox:latest busybox
[root@master ~]# ctr run -t -d docker.io/library/busybox:latest busybox
[root@master ~]# ctr task ls
TASK PID STATUS
busybox 70751 RUNNING
my-nginx 65143 RUNNING
7、名称空间
containerd 和 kubernetes 一样,也有 namespace 的概念,容器默认运行在 default 名称空间下。
需要注意的是:
使用 docker 运行的容器运行在 mody 名称空间下,我们上面也简单介绍了docker的架构图,其实 docker 最终也
是调用的 containerd,所以在使用 ctr 查看容器或者镜像时需要使用 -n 参数指定 mody 名称空间。kuernetes 结
合 containerd 运行的容器及下载的镜像默认在 k8s.io 名称空间下。
# 创建名称空间
$ ctr ns create dev
[root@master ~]# ctr ns create dev
# 列出名称空间
$ ctr ns ls
[root@master ~]# ctr ns ls
NAME LABELS
default
dev
k8s.io
# 删除名称空间
$ ctr ns remove/rm dev
[root@master ~]# ctr ns remove dev
dev
[root@master ~]# ctr ns ls
NAME LABELS
default
k8s.io
8、ctr和docker命令比较
| Containerd命令 | Docker命令 | 描述 |
|---|---|---|
| ctr task ls | docker ps | 查看运行容器 |
| ctr image ls | docker images | 获取image信息 |
| ctr image pull pause | docker pull pause | pull该pause镜像 |
| ctr image push pause-test | docker push pause-test | push该pause镜像 |
| ctr image import pause.tar | docker load 镜像 | 导入本地镜像 |
| ctr run -d pause-test pause | docker run -d --name=pause pause-test | 运行容器 |
| ctr image tag pause pause-test | docker tag pause pause-test | tag该pause镜像 |