使用Containerd构建容器镜像

使用Containerd构建容器镜像

一. 安装Containerd

1.1. 下载软件包

https://github.com/containerd/containerd/releases
wget https://github.com/containerd/containerd/releases/download/v1.6.8/cri-containerd-cni-1.6.8-linux-amd64.tar.gz

1.2. 安装配置

1.2.1. 生成配置文件

mkdir -p /etc/containerd
containerd config default |sed 's@/var/lib/containerd@/apps/containerd@' |sed '/SystemdCgroup/s/false/true/' |sed  '/sandbox_image/s@k8s.gcr.io@registry.aliyuncs.com/google_containers@'|sed 's@config_path.*@config_path = "/etc/containerd/certs.d"@' > /etc/containerd/config.toml

1.2.3. 配置镜像加速

mkdir /etc/containerd/certs.d/docker.io -pv
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://docker.mirrors.ustc.edu.cn/"]
  capabilities = ["pull", "resolve"]
EOF

1.2.4. 配置内核参数

cat > /etc/sysctl.d/containerd.conf << EOF
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl -p

1.2.5. 安装依赖包

apt install libseccomp2

1.3. 启动Containerd

systemctl daemon-reload
systemctl enable --now containerd

二. 安装BuildKit

2.1. 下载软件包

# https://github.com/moby/buildkit/releases
wget https://github.com/moby/buildkit/releases/download/v0.10.3/buildkit-v0.10.3.linux-amd64.tar.gz

2.2. 安装配置

2.2.1. 解压安装

tar -xf buildkit-v0.10.3.linux-amd64.tar.gz  -C /usr/local/

2.2.2. 编辑Service文件

cat > /etc/systemd/system/buildkitd.service << EOF
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit

[Service]
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true

[Install]
WantedBy=multi-user.target
EOF

三. 安装Nerdctl命令

3.1. 下载软件包

# https://github.com/containerd/nerdctl/releases
wget https://github.com/containerd/nerdctl/releases/download/v0.22.2/nerdctl-0.22.2-linux-amd64.tar.gz

3.2. 安装配置

tar -xf nerdctl-0.22.2-linux-amd64.tar.gz -C /usr/local/bin

3.3. 配置命令补全

echo 'source <(nerdctl compltion bash)' >> ~/.bashrc