containerd二进制安装
文章目录
- 安装版本(截止2024年9月10日)
- 方式1:yum安装(不推荐)
- 设置主机名
- 设置IP
- 获取阿里YUM源
- 查询containerd
- 安装
- 验证与启动服务
- 测试命令
- 方式2:二进制安装(推荐)
- 安装之前先了解containerd、cni、runc三者的关系
- 设置主机名
- 设置IP
- 下载文件
- containerd安装
- 创建containerd服务
- 将官方配置文件写入
- 设置开机自启
- runc安装
- cni安装
- 旧版本配置config.toml
- 生成默认配置
- 修改
- 高版本hostpath问题
- 生成默认配置文件
- 创建镜像源配置文件
- 设置配置文件位置
- 重启启动
- 测试
- 成功
安装版本(截止2024年9月10日)
containerd 1.7.22
runc 1.1.12
cni 1.5.1
方式1:yum安装(不推荐)
设置主机名
hostnamectl set-hostname node1
设置IP
vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
重点设置以下几项
BOOTPROTO="static"
IPADDR=192.168.3.31
NETMASK=255.255.255.0
GATEWAY=192.168.3.1
DNS1=223.5.5.5
获取阿里YUM源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
查询containerd
yum list | grep containerd
安装
yum install -y containerd.io
验证与启动服务
rpm -qa | grep containerd
systemctl enable containerd
systemctl start containerd
systemctl status containerd
测试命令
ctr version
方式2:二进制安装(推荐)
安装之前先了解containerd、cni、runc三者的关系
containerd 作为容器运行时,负责管理容器的生命周期和资源分配。它调用 RunC 来创建和运行容器,并通过调用 CNI 插件为容器配置网络。
设置主机名
hostnamectl set-hostname node1
设置IP
vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
重点设置以下几项
BOOTPROTO="static"
IPADDR=192.168.3.31
NETMASK=255.255.255.0
GATEWAY=192.168.3.1
DNS1=223.5.5.5
下载文件
containerd 1.7.22
runc 1.1.12
cni 1.5.1
containerd安装
$ tar Cxzvf /usr/local containerd-1.7.22-linux-amd64.tar.gz
bin/
bin/containerd-shim-runc-v2
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress
创建containerd服务
mkdir -p /usr/local/lib/systemd/system/
touch /usr/local/lib/systemd/system/containerd.service
vim /usr/local/lib/systemd/system/containerd.service
将官方配置文件写入
官方配置文件
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerdType=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999[Install]
WantedBy=multi-user.target
设置开机自启
systemctl daemon-reload
systemctl enable --now containerd
runc安装
# runc安装
install -m 755 runc.amd64 /usr/local/sbin/runc
cni安装
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.5.1.tgz
旧版本配置config.toml
生成默认配置
mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml
修改
"https://xxxxxx.mirror.aliyuncs.com"自己登录阿里云换成自己的链接
# 原来是这样registry.k8s.io/pause:3.8
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.8"
# 原来是false
SystemdCgroup = true# 镜像配置
[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://xxxxxxxxx.mirror.aliyuncs.com"][plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]endpoint = ["registry.aliyuncs.com/google_containers"]
或者是这样
[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://xxxxxxxxx.mirror.aliyuncs.com","registry.aliyuncs.com/google_containers"]
高版本hostpath问题
WARN[0000] DEPRECATION: The `mirrors` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.1. Use `config_path` instead.
官方原文
原文解决方案链接
生成默认配置文件
mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml
创建镜像源配置文件
mkdir -p /etc/containerd/certs.d/docker.io/
mkdir -p /etc/containerd/certs.d/k8s.gcr.io/
cat<<EOF > /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://docker.io"[host."https://xxxxxxxxx.mirror.aliyuncs.com"]capabilities = ["pull", "resolve"]
EOFcat<<EOF > /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://docker.io"[host."registry.aliyuncs.com/google_containers"]capabilities = ["pull", "resolve"]
EOF
设置配置文件位置
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
重启启动
systemctl restart containerd
systemctl status containerd
测试
# docker.io
ctr images pull docker.io/library/ubuntu:latest
ctr images del docker.io/library/ubuntu:latest# k8s的镜像仓库叫k8s.gcr.io,没配镜像就要指定registry.cn-hangzhou.aliyuncs.com/google_containers
ctr images pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
ctr images del registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
成功
[root@node3 containerd]# ctr images pull docker.io/library/ubuntu:latest
docker.io/library/ubuntu:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:8a37d68f4f73ebf3d4efafbcf66379bf3728902a8038616808f04e34a9ab63ee: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:d35dfc2fe3ef66bcc085ca00d3152b482e6cafb23cdda1864154caf3b19094ba: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:31e907dcc94a592a57796786399eb004dcbba714389fa615f5efa05a91316356: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:edbfe74c41f8a3501ce542e137cf28ea04dd03e6df8c9d66519b6ad761c2598a: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 9.9 s total: 28.3 M (2.9 MiB/s)
unpacking linux/amd64 sha256:8a37d68f4f73ebf3d4efafbcf66379bf3728902a8038616808f04e34a9ab63ee...
done: 672.496318ms