Containerd有两种安装包∶
1>. 第一种是containerd-xxx,这种包用于单机测试没问题,不包runC,需要提前安装。
2>. 第二种是cri-containerd-cni-xxx,包含runC和k8s里的所需要的相关文件。k8s集群里需要用到此包,呈然包含runC,但是依赖系统中的seccomp(安全计算模式,是一种限制容器调用系统资源的模式。)
一. 安装cri-containerd:
1. 下载软件包:
[root@node2 ~]# wget -c https://github.com/containerd/containerd/releases/
download/v1.6.6/cri-containerd-1.6.6-linux-amd64.tar.gz
2. 解压软件包:
[root@node2 ~]# tar xf cri-containerd-1.6.6-linux-amd64.tar.gz
3. 复制cotainerd运行时至文件系统:
[root@node2 ~]# cp usr/local/bin/* /usr/local/bin/
4. 添加cotainerd.service至服务脚本:
[root@node2 ~]# cp etc/systemd/system/containerd.service /usr/lib/systemd/system/
5. 生成配置文件:
[root@node2 ~]# mkdir /etc/containerd
[root@node2 ~]# containerd config default > /etc/containerd/config.toml
6. 启动服务:
[root@node2 ~]# systemctl start containerd
##查看containerd服务状态
[root@node2 ~]# systemctl status containerd
7. 验证ctr版本:
二. 安装runC:
1. 去网址上下载runc软件包:https://github.com/opencontainers/runc/releases。
2. 复制runc:
[root@node2 ~]# mv runc.amd64 /usr/sbin/runc
3. 添加执行权限:
[root@node2 ~]# chmod +x /usr/sbin/runc
4. 查看runc版本:
三. 修改containerd配置文件:
1. 结合runc使用systemd cgroup驱动,在" /etc/containerd/config.toml "中设置,进行两处修改。
[root@node2 ~]# vim /etc/containerd/config.toml
........
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true ## 将该参数的值改为true
........
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
##添加两行参数,使用阿里云的镜像加速器
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."aliyuncs.com"]
endpoint = ["https://t2alg15i.mirror.aliyuncs.com"]
2. 再次重启containerd:
[root@node2 ~]# systemctl restart containerd
3. 运行命令并验证:containerd 相比于docker,多了namespace概念,每个image和container都会在各自的namespaq下可见,目前k8s会使用k8s.io作为命名空间∶ctr ns Is 可以查看命名空间。
ctr是containerd提供的命令行工具,更多命令说明请执行∶ctr-h。
[root@node2 ~]# ctr -h
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.6.6
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version