安装containerd引擎并配置镜像加速

从kubernetes1.24版本以后，kubernetes就不再原生支持docker了，而是直接接入containerd。containerd本身就是docker架构的一部分，后来被开源给了云原生计算基金会；我们安装docker时，会自动带上containerd。
1、环境要求
centos7默认的libseccomp的版本为2.3.1，不满足containerd的需求，需要下载2.4以上的版本即可，我这里部署2.5.1版本。

#  1、如果你不升级libseccomp的话，启动容器会报错
**Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/ed17cbdc31099314dc8fd609d52b0dfbd6fdf772b78aa26fbc9149ab089c6807/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown**
​
# 2、升级
rpm -e libseccomp-2.3.1-4.el7.x86_64 --nodeps
#wget http://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/libseccomp-2.5.1-1.el8.x86_64.rpm
wget https://mirrors.aliyun.com/centos/8/BaseOS/x86_64/os/Packages/libseccomp-2.5.1-1.el8.x86_64.rpm
rpm -ivh libseccomp-2.5.1-1.el8.x86_64.rpm  # 官网已经gg了，不更新了，请用阿里云
# centos8的包，centos7可以用。​

rpm -qa | grep libseccomp

2、安装方式1：基于阿里源安装（推荐）

# 1、清空残余
yum remove docker docker-ce containerd docker-common docker-selinux docker-engine -y 
 
# 2、准备repo
cd /etc/yum.repos.d/
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
​
# 3、安装
yum install containerd* -y

3、安装方式2：了解
去官网找最新的包（新版containerd 1.7.18包内缺少runc容器运行时，需要单独安，旧版1.6.4是包含runc的，不需要额外安装）

# 1、下载containerd：https://github.com/containerd/containerd/releases/
wget https://github.com/containerd/containerd/releases/download/v1.7.18/containerd-1.7.18-linux-amd64.tar.gz
# 国内下载地址：https://gitee.com/egonlin/containerd-1.7.18
​
# 注意新版1.7.18包内缺少runc容器运行时，需要单独安装
# wget https://github.com/containerd/containerd/releases/download/v1.6.4/cri-containerd-cni-1.6.4-linux-amd64.tar.gz
# 该版本中包含了 containerd以及cri runc等相关工具包
​
​
# 2、解压即可
tar zxvf containerd-1.7.18-linux-amd64.tar.gz -C /usr  # 命令都会解压到/usr/bin下，可以直接用都不用处理PATH变量
​
# 3、需要自己添加系统服务
cat > /usr/lib/systemd/system/containerd.service << "EOF"
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
​
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
​
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
​
[Install]
WantedBy=multi-user.target
​
EOF
​
# 4、systemctl daemon-reload
​
# 5、注意1.7.18包内缺少runc容器运行时，需要单独安装。

4、配置

# 1、配置(默认containerd没有生成配置文件)
mkdir -pv /etc/containerd 
containerd config default > /etc/containerd/config.toml  # 为containerd生成配置文件
​
# 2、替换默认pause镜像地址: 这一步非常非常非常非常重要
#  这一步非常非常非常非常重要，国内的镜像地址可能导致下载失败，最红kubeadm安装失败！！！！！！！！！！！！！！

grep sandbox_image /etc/containerd/config.toml
sed -i 's/registry.k8s.io/registry.cn-hangzhou.aliyuncs.com\/google_containers/' /etc/containerd/config.toml 
grep sandbox_image /etc/containerd/config.toml
# 请务必确认新地址是可用的：sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6"
 
# 3、配置systemd作为容器的cgroup driver
grep SystemdCgroup /etc/containerd/config.toml
sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/' /etc/containerd/config.toml
grep SystemdCgroup /etc/containerd/config.toml
​
​
# 4、配置加速器（必须配置，否则后续安装cni网络插件时无法从docker.io里下载镜像）
#参考：https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
#添加 config_path = "/etc/containerd/certs.d"
sed -i 's/config_path\ =.*/config_path = \"\/etc\/containerd\/certs.d\"/g' /etc/containerd/config.toml

mkdir -p /etc/containerd/certs.d/docker.io
[root@k8s-master-01 ~]# cat /etc/containerd/certs.d/docker.io/hosts.toml 
server = "https://docker.io"
[host."https://docker.1ms.run"]
capabilities = ["pull", "resolve"]
[host."https://lispy.org"]
capabilities = ["pull", "resolve"]
[host."https://docker-0.unsee.tech"]
capabilities = ["pull", "resolve"]
[host."https://docker.xuanyuan.me"]
capabilities = ["pull", "resolve"]
[host."https://dockerproxy.com"]
capabilities = ["pull", "resolve"]
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
[host."https://docker.agsv.top"]
capabilities = ["pull", "resolve"]
[host."https://registry.docker-cn.com"]
capabilities = ["pull", "resolve"]

# 5、配置containerd开机自启动
​
# 5.1 启动containerd服务并配置开机自启动
systemctl daemon-reload && systemctl restart containerd
systemctl enable --now containerd
 
# 5.2 查看containerd状态
systemctl status containerd
 
# 5.3 查看containerd的版本
ctr version