containerd

doc

安装containerd

套接字文件 /run/containerd/containerd.sock

配置文件 /etc/containerd/config.toml

# install containerd,cri-containerd 无序单独安装已经集成到 containerd-${version}-linux-amd64.tar.gz
version=1.6.32
wget https://github.com/containerd/containerd/releases/download/v${version}/containerd-${version}-linux-amd64.tar.gz -O containerd-${version}-linux-amd64.tar.gz

tar xf containerd-${version}-linux-amd64.tar.gz
\cp bin/* /usr/local/bin/

包含的可执行文件

bin/
├── containerd  主进程，负责容器声明周期管理（创建、运行、停止、删除）
├── containerd-shim	负责于实际容器运行时（runc）交互。每一个容器都会产生一个对应的containerd-shim进程
├── containerd-shim-runc-v1	对接runc
├── containerd-shim-runc-v2 对接runc
├── containerd-stress	压测工具
└── ctr	客户端工具

systemd配置文件

tee /usr/lib/systemd/system/containerd.service<<EOF
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io 
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF

安装runc

containerd：Docker 的一个子项目，提供了一个更高级别的容器管理抽象，包括镜像管理、存储管理等功能。containerd 本身也使用了 runc 作为默认的容器运行时。

# install runc
wget https://github.com/opencontainers/runc/releases/download/v1.1.13/runc.amd64
chmod +x runc.amd64 
\cp runc.amd64 /usr/local/sbin/runc

安装cni

mkdir /opt/cni/bin -p 
wget https://github.com/containernetworking/plugins/releases/download/v1.6.2/cni-plugins-linux-amd64-v1.6.2.tgz

tar xf cni-plugins-linux-amd64-v1.6.2.tgz -C /opt/cni/bin

安装客户端工具

对比几个常用的命令行工具

Name	Community	API	Target	Web site
ctr	containerd	Native	For debugging only	(None, see to learn the usage)ctr --help
nerdctl	containerd (non-core)	Native	General-purpose	https://github.com/containerd/nerdctl
crictl	Kubernetes SIG-node	CRI	For debugging only	https://github.com/kubernetes-sigs/cri-tools/blob/master/docs/crictl.md

推荐使用nerdctl

wget https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-amd64.tar.gz
tar xf nerdctl-1.7.6-linux-amd64.tar.gz  -C  /usr/local/bin 

crictl images 和 nerdctl images 结果不一致的原因：

• crictl：默认查看 k8s.io 命名空间中的镜像（Kubernetes 专用）
• nerdctl：默认查看 default 命名空间中的镜像（普通容器使用）

解决方案：

nerdctl --namespace=k8s.io images

验证

启动containerd

systemctl daemon-realod
systemctl enable containerd --now

nerdctl run -it --rm quay.io/prometheus/busybox:glibc ip a