containerd 导入镜像

containerd 导入镜像

 containerd而非docker,需要离线导入镜像

 

解决原理
https://segmentfault.com/a/1190000019534913
ctr --namespace=k8s.io images ls
复制代码
获取到你需要的镜像名称和版本之后 (参见后面的排查技巧)

docker pull mirrorgooglecontainers/$imageName:$imageVersion
docker tag  mirrorgooglecontainers/$imageName:$imageVersion k8s.gcr.io/$imageName:$imageVersion
docker save k8s.gcr.io/$imageName:$imageVersion > $imageName.tar
microk8s.ctr -n k8s.io image import $imageName.tar
复制代码

 

 

复制代码
使用ctr命令导入镜像。
ctr image import app.tar  #导入本地镜像
ctr images list|grep app  #查看导入的镜像
crictl images list|grep app #此命令也可查看

命令介绍:
ctr:是containerd本身的CLI
crictl :是Kubernetes社区定义的专门CLI工具
复制代码

 

复制代码
Steps to reproduce:

 ctr images tag 192.168.56.1:8080/docker/alpine:latest 192.168.56.1:8080/docker/alpine:1.1
192.168.56.1:8080/docker/alpine:1.1

ctr images push 192.168.56.1:8080/docker/alpine:latest 192.168.56.1:8080/docker/alpine:1.1
index-sha256:c19173c5ada610a5989151111163d28a67368362762534d8a8121ce95cf2bd5a: waiting        |--------------------------------------|
elapsed: 0.1 s                                                                 total:   0.0 B (0.0 B/s)
ctr: content digest sha256:29a82d50bdb8dd7814009852c1773fb9bb300d2f655bd1cd9e764e7bb1412be3: not found
复制代码

 

 

复制代码
As you see this is quite powerful and you can do a lot with it.

Let’s start by pulling an image

# ctr image pull docker.io/library/hello-world

This would give you an error saying you missed an object, because Containerd requires you to specify the object like the command below:

# ctr image pull docker.io/library/hello-world:latest

You can replace object with whatever is available like ‘alpine’

Let’s try listing the image to confirm

# ctr image ls

This can be a bit unfriendly, so try the following command:

#ctr image ls -q

The above command will give only the image name and nothing else.

Now that we’ve got our image, we need to run a container.

#ctr container create docker.io/library/hello-world:latest demo

This would create a container with container id, ‘demo’, based on the image that we pulled.

There are a few things to notice here: The output is not redirected to the CLI by default. Unlike Docker, we need to use the full path with the object every time we use a container image. Also, the image needs to be pulled before being able to run a container.

We can list the containers created with the command below:

#ctr container list

You can see the demo container listed. You can even use -q to get just the container names.

Now to delete the image.

#ctr image remove docker.io/library/hello-world:latest

This would delete the image. What would happen to your container?

#ctr container list

Your container would still be running. This is because containerd works on references, and in this case, the image is no longer being referenced as an image but it is still being referenced by the container (as a snapshot), so it wouldn’t be deleted as long as it’s being referenced.

You’ll get a better picture when learning about snapshots, which would be a topic for another article.

For now, we’ll delete the image.

#ctr container remove demo

Please leave a comment with any suggestions.
复制代码

 

复制代码
常用技巧
containerd相关的CLI确实没有Docker CLI方便,比如笔者在使用containerd时碰到一个场景,期望实现对镜像重新tag的操作,这在Docker下非常容易做到,但是在containerd下非常麻烦。crictl中并不支持这种操作,社区中也有相关issue解释:

https://github.com/kubernetes- ... s/438

所以我们只能使用其他方式,通常我会这样做:
在一台机去上使用docker tag转换image
导出镜像,并拷贝到k3s机器上
docker tag busybox busyboxaaa
docker save -o busybox.tar busyboxaaa
scp busybox.tar ubuntu@172.31.24.12:~/
用ctr导入
ctr image import busybox.tar
复制代码

 

复制代码
root@ubuntu:~# docker pull coredns/coredns:coredns-arm64
coredns-arm64: Pulling from coredns/coredns
Digest: sha256:e98e05b50afc6606d3e0a66e264175910651746262e4a4823299ec6c827ef72a
Status: Image is up to date for coredns/coredns:coredns-arm64
docker.io/coredns/coredns:coredns-arm64
root@ubuntu:~# docker tag coredns/coredns:coredns-arm64 k8s.gcr.io/coredns:1.6.7
root@ubuntu:~# docker save -o coredns:coredns-arm64.tar  k8s.gcr.io/coredns:1.6.7 
root@ubuntu:~# ctr image import coredns:coredns-arm64.tar
unpacking k8s.gcr.io/coredns:1.6.7 (sha256:19910cb28a673d9ad642c3762b71fb5da6668537d9417d14d4d0cbf82569d7a8)...done
root@ubuntu:~# 
复制代码

 

 

复制代码
两者命令对比表:

id    containerd 命令    docker 命令    备注
1    ctr image ls    docker images    获取image信息
2    ctr image pull nginx    docker pull nginx    pull 一个nginx的image
3    ctr image tag nginx nginx-test    docker tag nginx nginx-test    tag 一个nginx的image
4    ctr image push nginx-test    docker push nginx-test    push nginx-test的image
5    ctr image pull nginx    docker pull nginx    pull 一个nginx的image
6    ctr image import nginx.tar    docker load<nginx.tar.gz    导入本地镜像ctr不支持压缩
7    ctr run -d --env 111 nginx-test nginx    docker run -d --name=nginx nginx-test    运行的一个容器
8    ctr task ls    docker ps    查看运行的容器
复制代码

 

https://github.com/kubernetes/kubeadm/issues/1885

复制代码
root@ubuntu:~# kubeadm init --kubernetes-version=v1.18.1  --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.10.16.82 --ignore-preflight-errors=all unix:///run/containerd/containerd.sock  --image-repository registry.aliyuncs.com/google_containers
unknown command "unix:///run/containerd/containerd.sock" for "kubeadm init"
To see the stack trace of this error execute with --v=5 or higher
root@ubuntu:~# kubeadm init --kubernetes-version=v1.18.1  --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.10.16.82 --ignore-preflight-errors=all unix:///run/containerd/containerd.sock  --image-repository registry.aliyuncs.com/google_containers --v=5
unknown command "unix:///run/containerd/containerd.sock" for "kubeadm init"
root@ubuntu:~# 
复制代码

 

 

 

复制代码
root@ubuntu:~# ctr images  -help
NAME:
   ctr images - manage images

USAGE:
   ctr images command [command options] [arguments...]

COMMANDS:
   check       check that an image has all content available locally
   export      export images
   import      import images
   list, ls    list images known to containerd
   pull        pull an image from a remote
   push        push an image to a remote
   remove, rm  remove one or more images by reference
   tag         tag an image
   label       set and clear labels for an image

OPTIONS:
   --help, -h  show help
   
root@ubuntu:~# 
复制代码

 

复制代码
root@ubuntu:~# ctr images list -help
NAME:
   ctr images list - list images known to containerd

USAGE:
   ctr images list [command options] [flags] [<filter>, ...]

DESCRIPTION:
   list images registered with containerd

OPTIONS:
   --quiet, -q  print only the image refs
   
root@ubuntu:~# ctr images list -q 
docker.io/library/nginx:alpine
k8s.gcr.io/coredns:1.6.7
k8s.gcr.io/etcd-arm64:3.4.3-0
k8s.gcr.io/kube-apiserver:v1.18.1
k8s.gcr.io/kube-controller-manager:v1.18.1
k8s.gcr.io/kube-proxy:v1.18.1
k8s.gcr.io/kube-scheduler:v1.18.1
k8s.gcr.io/pause-arm64:3.2
root@ubuntu:~# 
复制代码

 

 

复制代码
root@ubuntu:~# ctr images list -q 
docker.io/library/nginx:alpine
k8s.gcr.io/coredns:1.6.7
k8s.gcr.io/etcd-arm64:3.4.3-0
k8s.gcr.io/kube-apiserver:v1.18.1
k8s.gcr.io/kube-controller-manager:v1.18.1
k8s.gcr.io/kube-proxy:v1.18.1
k8s.gcr.io/kube-scheduler:v1.18.1
k8s.gcr.io/pause-arm64:3.2
root@ubuntu:~# ctr images rm $(ctr images list -q)
docker.io/library/nginx:alpine
k8s.gcr.io/coredns:1.6.7
k8s.gcr.io/etcd-arm64:3.4.3-0
k8s.gcr.io/kube-apiserver:v1.18.1
k8s.gcr.io/kube-controller-manager:v1.18.1
k8s.gcr.io/kube-proxy:v1.18.1
k8s.gcr.io/kube-scheduler:v1.18.1
k8s.gcr.io/pause-arm64:3.2
root@ubuntu:~# ctr images list -q 
root@ubuntu:~# 
复制代码

 

复制代码
root@ubuntu:~# ctr -n  k8s.gcr.io images list -q 
k8s.gcr.io/coredns:1.6.7
k8s.gcr.io/etcd-arm64:3.4.3-0
k8s.gcr.io/kube-apiserver:v1.18.1
k8s.gcr.io/kube-controller-manager:v1.18.1
k8s.gcr.io/kube-proxy:v1.18.1
k8s.gcr.io/kube-scheduler:v1.18.1
k8s.gcr.io/pause-arm64:3.2
root@ubuntu:~# ctr -n  k8s.gcr.io images rm $(ctr -n  k8s.gcr.io images list -q)
k8s.gcr.io/coredns:1.6.7
k8s.gcr.io/etcd-arm64:3.4.3-0
k8s.gcr.io/kube-apiserver:v1.18.1
k8s.gcr.io/kube-controller-manager:v1.18.1
k8s.gcr.io/kube-proxy:v1.18.1
k8s.gcr.io/kube-scheduler:v1.18.1
k8s.gcr.io/pause-arm64:3.2
root@ubuntu:~# ctr -n  k8s.gcr.io images list -q 
root@ubuntu:~# 
复制代码

 

复制代码
root@ubuntu:~# kubeadm config images list --image-repository k8s.gcr.io
I1015 09:51:08.165119   47994 version.go:252] remote version is much newer: v1.19.3; falling back to: stable-1.18
W1015 09:51:08.786382   47994 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
k8s.gcr.io/kube-apiserver:v1.18.9
k8s.gcr.io/kube-controller-manager:v1.18.9
k8s.gcr.io/kube-scheduler:v1.18.9
k8s.gcr.io/kube-proxy:v1.18.9
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7
root@ubuntu:~# 
复制代码

 

 

posted @ 2024-03-03 20:43  牧之丨  阅读(348)  评论(0编辑  收藏  举报