containerd安装部署
containerd 官方安装文档 | containerd
nerdctl 官方安装包 | nerdctl
一、安装二进制包
两种安装方式:
1. 单独安装(推荐):
containerd 的官方二进制版本适用于amd64
(也称为x86_64
)和arm64
(也称为aarch64
)架构。
步骤 1:安装 containerd
containerd-<VERSION>-<OS>-<ARCH>.tar.gz
从github.com/containerd/…下载档案,验证其 sha256sum,并将其解压到/usr/local
:
$ tar Cxzvf /usr/local containerd-1.6.2-linux-amd64.tar.gz
bin/
bin/containerd-shim-runc-v2
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress
该containerd
二进制文件是针对基于 glibc 的 Linux 发行版(例如 Ubuntu 和 Rocky Linux)动态构建的。此二进制文件可能无法在基于 musl 的发行版(例如 Alpine Linux)上运行。此类发行版的用户可能必须从源代码或第三方软件包安装 containerd。
常见问题解答:对于 Kubernetes,我也需要下载吗
cri-containerd-(cni-)<VERSION>-<OS-<ARCH>.tar.gz
?答案:不是。
由于 Kubernetes CRI 功能已经包含在内
containerd-<VERSION>-<OS>-<ARCH>.tar.gz
,因此您无需下载cri-containerd-....
档案即可使用 CRI。这些
cri-containerd-...
档案已被弃用,不适用于旧的 Linux 发行版,并将在 containerd 2.0 中删除。
systemd
如果你打算通过 systemd 启动 containerd,你还应该containerd.service
从 raw.githubusercontent.com/containerd/…下载单元文件到/etc/systemd/system/containerd.service
,并运行以下命令:
systemctl daemon-reload
systemctl enable --now containerd
第 2 步:安装 runc
runc.<ARCH>
从github.com/opencontain…下载二进制文件,验证其 sha256sum,并将其安装为/usr/local/sbin/runc
。
$ install -m 755 runc.amd64 /usr/local/sbin/runc
二进制文件是静态构建的,应该可以在任何 Linux 发行版上运行。
步骤 3:安装 CNI 插件(不要更改/opt/cni/bin的位置)
cni-plugins-<OS>-<ARCH>-<VERSION>.tgz
从github.com/containerne…下载档案,验证其 sha256sum,然后将其解压到/opt/cni/bin
:
$ mkdir -p /opt/cni/bin
$ tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
./
./macvlan
./static
./vlan
./portmap
./host-local
./vrf
./bridge
./tuning
./firewall
./host-device
./sbr
./loopback
./dhcp
./ptp
./ipvlan
./bandwidth
二进制文件是静态构建的,应该可以在任何 Linux 发行版上运行。
步骤4: 安装nerdctl
github.com/containerd/… 从这个页面进行下载,然后将其解压到 /usr/local/bin
tar Cxzvvf /usr/local/bin nerdctl-1.7.6-linux-amd64.tar.gz
-rwxr-xr-x root/root 25116672 2024-04-30 06:21 nerdctl
-rwxr-xr-x root/root 21916 2024-04-30 06:20 containerd-rootless-setuptool.sh
-rwxr-xr-x root/root 7187 2024-04-30 06:20 containerd-rootless.sh
步骤5: 更改containerd配置
生成配置文件
containerd config default > /etc/containerd/config.toml
更改镜像配置目录
vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
2. 全部安装
步骤1: 下载安装包
打开链接 github.com/containerd/…,下载带有full的包.
下载
curl -LO https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-full-1.7.6-linux-amd64.tar.gz
步骤2: 解压压缩包
tar Cxzvvf /usr/local nerdctl-full-1.7.6-linux-amd64.tar.gz
drwxr-xr-x 0/0 0 2024-04-30 06:28 bin/
-rwxr-xr-x 0/0 27644700 2015-10-21 00:00 bin/buildctl
-rwxr-xr-x 0/0 23724032 2022-09-05 09:52 bin/buildg
-rwxr-xr-x 0/0 53374823 2015-10-21 00:00 bin/buildkitd
-rwxr-xr-x 0/0 7277848 2024-04-30 06:26 bin/bypass4netns
-rwxr-xr-x 0/0 5308416 2024-04-30 06:26 bin/bypass4netnsd
-rwxr-xr-x 0/0 38946168 2024-04-30 06:27 bin/containerd
-rwxr-xr-x 0/0 9474048 2023-11-02 17:34 bin/containerd-fuse-overlayfs-grpc
-rwxr-xr-x 0/0 21916 2024-04-30 06:26 bin/containerd-rootless-setuptool.sh
-rwxr-xr-x 0/0 7187 2024-04-30 06:26 bin/containerd-rootless.sh
-rwxr-xr-x 0/0 12161024 2024-04-30 06:28 bin/containerd-shim-runc-v2
-rwxr-xr-x 0/0 45903872 2023-10-31 08:57 bin/containerd-stargz-grpc
-rwxr-xr-x 0/0 20630617 2024-04-30 06:28 bin/ctd-decoder
-rwxr-xr-x 0/0 18870272 2024-04-30 06:27 bin/ctr
-rwxr-xr-x 0/0 29671743 2024-04-30 06:28 bin/ctr-enc
-rwxr-xr-x 0/0 19931136 2023-10-31 08:58 bin/ctr-remote
-rwxr-xr-x 0/0 1785448 2024-04-30 06:28 bin/fuse-overlayfs
-rwxr-xr-x 0/0 65589641 2024-04-30 06:27 bin/ipfs
-rwxr-xr-x 0/0 25088000 2024-04-30 06:26 bin/nerdctl
-rwxr-xr-x 0/0 10666181 2024-03-05 22:20 bin/rootlessctl
-rwxr-xr-x 0/0 12358373 2024-03-05 22:20 bin/rootlesskit
-rwxr-xr-x 0/0 15074072 2024-04-30 06:26 bin/runc
-rwxr-xr-x 0/0 2346328 2024-04-30 06:28 bin/slirp4netns
-rwxr-xr-x 0/0 870496 2024-04-30 06:28 bin/tini
drwxr-xr-x 0/0 0 2024-04-30 06:28 lib/
drwxr-xr-x 0/0 0 2024-04-30 06:28 lib/systemd/
drwxr-xr-x 0/0 0 2024-04-30 06:28 lib/systemd/system/
-rw-r--r-- 0/0 1475 2024-04-30 06:28 lib/systemd/system/buildkit.service
-rw-r--r-- 0/0 1414 2024-04-30 06:25 lib/systemd/system/containerd.service
-rw-r--r-- 0/0 312 2024-04-30 06:28 lib/systemd/system/stargz-snapshotter.service
drwxr-xr-x 0/0 0 2024-04-30 06:28 libexec/
drwxr-xr-x 0/0 0 2024-04-30 06:28 libexec/cni/
-rw-r--r-- 0/0 11357 2024-03-12 10:56 libexec/cni/LICENSE
-rw-r--r-- 0/0 2343 2024-03-12 10:56 libexec/cni/README.md
-rwxr-xr-x 0/0 4119661 2024-03-12 10:56 libexec/cni/bandwidth
-rwxr-xr-x 0/0 4662227 2024-03-12 10:56 libexec/cni/bridge
-rwxr-xr-x 0/0 11065251 2024-03-12 10:56 libexec/cni/dhcp
-rwxr-xr-x 0/0 4306546 2024-03-12 10:56 libexec/cni/dummy
-rwxr-xr-x 0/0 4751593 2024-03-12 10:56 libexec/cni/firewall
-rwxr-xr-x 0/0 4198427 2024-03-12 10:56 libexec/cni/host-device
-rwxr-xr-x 0/0 3560496 2024-03-12 10:56 libexec/cni/host-local
-rwxr-xr-x 0/0 4324636 2024-03-12 10:56 libexec/cni/ipvlan
-rwxr-xr-x 0/0 3651038 2024-03-12 10:56 libexec/cni/loopback
-rwxr-xr-x 0/0 4355073 2024-03-12 10:56 libexec/cni/macvlan
-rwxr-xr-x 0/0 4095898 2024-03-12 10:56 libexec/cni/portmap
-rwxr-xr-x 0/0 4476535 2024-03-12 10:56 libexec/cni/ptp
-rwxr-xr-x 0/0 3861176 2024-03-12 10:56 libexec/cni/sbr
-rwxr-xr-x 0/0 3120090 2024-03-12 10:56 libexec/cni/static
-rwxr-xr-x 0/0 4381887 2024-03-12 10:56 libexec/cni/tap
-rwxr-xr-x 0/0 3743844 2024-03-12 10:56 libexec/cni/tuning
-rwxr-xr-x 0/0 4319235 2024-03-12 10:56 libexec/cni/vlan
-rwxr-xr-x 0/0 4008392 2024-03-12 10:56 libexec/cni/vrf
drwxr-xr-x 0/0 0 2024-04-30 06:26 share/
drwxr-xr-x 0/0 0 2024-04-30 06:26 share/doc/
drwxr-xr-x 0/0 0 2024-04-30 06:26 share/doc/nerdctl/
-rw-r--r-- 0/0 12480 2024-04-30 06:20 share/doc/nerdctl/README.md
drwxr-xr-x 0/0 0 2024-04-30 06:20 share/doc/nerdctl/docs/
-rw-r--r-- 0/0 3953 2024-04-30 06:20 share/doc/nerdctl/docs/build.md
-rw-r--r-- 0/0 2570 2024-04-30 06:20 share/doc/nerdctl/docs/builder-debug.md
-rw-r--r-- 0/0 3996 2024-04-30 06:20 share/doc/nerdctl/docs/cni.md
-rw-r--r-- 0/0 74383 2024-04-30 06:20 share/doc/nerdctl/docs/command-reference.md
-rw-r--r-- 0/0 1814 2024-04-30 06:20 share/doc/nerdctl/docs/compose.md
-rw-r--r-- 0/0 5329 2024-04-30 06:20 share/doc/nerdctl/docs/config.md
-rw-r--r-- 0/0 9128 2024-04-30 06:20 share/doc/nerdctl/docs/cosign.md
-rw-r--r-- 0/0 5660 2024-04-30 06:20 share/doc/nerdctl/docs/cvmfs.md
-rw-r--r-- 0/0 2435 2024-04-30 06:20 share/doc/nerdctl/docs/dir.md
-rw-r--r-- 0/0 906 2024-04-30 06:20 share/doc/nerdctl/docs/experimental.md
-rw-r--r-- 0/0 14217 2024-04-30 06:20 share/doc/nerdctl/docs/faq.md
-rw-r--r-- 0/0 884 2024-04-30 06:20 share/doc/nerdctl/docs/freebsd.md
-rw-r--r-- 0/0 3228 2024-04-30 06:20 share/doc/nerdctl/docs/gpu.md
-rw-r--r-- 0/0 14463 2024-04-30 06:20 share/doc/nerdctl/docs/ipfs.md
-rw-r--r-- 0/0 1748 2024-04-30 06:20 share/doc/nerdctl/docs/multi-platform.md
-rw-r--r-- 0/0 2960 2024-04-30 06:20 share/doc/nerdctl/docs/notation.md
-rw-r--r-- 0/0 2596 2024-04-30 06:20 share/doc/nerdctl/docs/nydus.md
-rw-r--r-- 0/0 3277 2024-04-30 06:20 share/doc/nerdctl/docs/ocicrypt.md
-rw-r--r-- 0/0 1876 2024-04-30 06:20 share/doc/nerdctl/docs/overlaybd.md
-rw-r--r-- 0/0 15657 2024-04-30 06:20 share/doc/nerdctl/docs/registry.md
-rw-r--r-- 0/0 5088 2024-04-30 06:20 share/doc/nerdctl/docs/rootless.md
-rw-r--r-- 0/0 2015 2024-04-30 06:20 share/doc/nerdctl/docs/soci.md
-rw-r--r-- 0/0 10312 2024-04-30 06:20 share/doc/nerdctl/docs/stargz.md
drwxr-xr-x 0/0 0 2024-04-30 06:28 share/doc/nerdctl-full/
-rw-r--r-- 0/0 1154 2024-04-30 06:28 share/doc/nerdctl-full/README.md
-rw-r--r-- 0/0 6578 2024-04-30 06:28 share/doc/nerdctl-full/SHA256SUMS
包含的所有包如下:
# nerdctl (full distribution)
- nerdctl: v1.7.6
- containerd: v1.7.16
- runc: v1.1.12
- CNI plugins: v1.4.1
- BuildKit: v0.12.5
- Stargz Snapshotter: v0.15.1
- imgcrypt: v1.1.10
- RootlessKit: v2.0.2
- slirp4netns: v1.2.3
- bypass4netns: v0.4.0
- fuse-overlayfs: v1.13
- containerd-fuse-overlayfs: v1.0.8
- Kubo (IPFS): v0.27.0
- Tini: v0.19.0
- buildg: v0.4.1
## License
- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/v1.2.3/COPYING)
- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/containers/fuse-overlayfs/blob/v1.13/COPYING)
- bin/ipfs: [Combination of MIT-only license and dual MIT/Apache-2.0 license](https://github.com/ipfs/kubo/blob/v0.27.0/LICENSE)
- bin/{runc,bypass4netns,bypass4netnsd}: Apache License 2.0, statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE), source code available at https://github.com/seccomp/libseccomp/)
- bin/tini: [MIT License](https://github.com/krallin/tini/blob/v0.19.0/LICENSE)
- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)
步骤3: 配置 systemd
如果你打算通过 systemd 启动 containerd,你还应该containerd.service
从 raw.githubusercontent.com/containerd/…下载单元文件到/etc/systemd/system/containerd.service
,并运行以下命令:
systemctl daemon-reload
systemctl enable --now containerd
步骤4: 更改containerd配置
生成配置文件
containerd config default > /etc/containerd/config.toml
更改cni目录位置
vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/usr/local/libexec/cni"
conf_dir = "/etc/cni/net.d"
conf_template = ""
ip_pref = ""
max_conf_num = 1
setup_serially = false
更改镜像配置目录
vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
二、配置加速镜像
镜像加速地址 | registry
1. config_path 了解
上面我们将文件路径改为 config_path = "/etc/containerd/certs.d"
,所以镜像的配置应该配置到该目录下.该目录的结构应该如下:
$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
└── docker.io
└── hosts.toml
$ cat /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://docker.io"
[host."https://registry-1.docker.io"]
capabilities = ["pull", "resolve"]
目录名为镜像仓库地址,hosts.toml中可以指定对应的加速地址.
2.使用镜像加速
编写一个shell脚本
root@master1:/opt/k8s-init# cat registrys.sh
#!/bin/bash
dirs=(docker.io gcr.io ghcr.io k8s.gcr.io registry.k8s.io quay.io)
registrys=(docker.m.daocloud.io gcr.m.daocloud.io ghcr.m.daocloud.io k8s-gcr.m.daocloud.io k8s.m.daocloud.io quay.m.daocloud.io)
if [ ! -d "/etc/containerd/certs.d" ]; then
mkdir -p /etc/containerd/certs.d
fi
for ((i=0; i<${#dirs[@]}; i++)); do
if [ ! -d "/etc/containerd/certs.d/${dirs[i]}" ]; then
mkdir -p /etc/containerd/certs.d/${dirs[i]}
fi
host="[host.\"https://${registrys[i]}\"]\n capabilities = [\"pull\", \"resolve\"]"
echo -e $host > /etc/containerd/certs.d/${dirs[i]}/hosts.toml
done
执行脚本
bash registrys.sh
查看 /etc/containerd/certs.d
的目录结构.
tree /etc/containerd/certs.d/
/etc/containerd/certs.d/
├── docker.io
│ └── hosts.toml
├── gcr.io
│ └── hosts.toml
├── ghcr.io
│ └── hosts.toml
├── k8s.gcr.io
│ └── hosts.toml
├── quay.io
│ └── hosts.toml
└── registry.k8s.io
└── hosts.toml
三、进行测试
运行nginx容器
nerdctl --debug=true run -d --name nginx -p 80:80 nginx:alpine
查看容器
nerdctl ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fce1a2183dd7 docker.io/library/nginx:alpine "/docker-entrypoint.…" 37 minutes ago Up 0.0.0.0:80->80/tcp nginx
访问页面
停止容器
nerdctl rm -f nginx