共计 11925 个字符,预计需要花费 30 分钟才能阅读完成。
Containerd 被 Docker、Kubernetes CRI 和其余一些我的项目应用
Containerd 旨在轻松嵌入到更大的零碎中。Docker 在后盾应用 containerd 来运行容器。Kubernetes 能够通过 CRI 应用 containerd 来治理单个节点上的容器。
生成默认配置
root@hello:~# containerd config default > /etc/containerd/config.toml
root@hello:~# vim /etc/containerd/config.toml
root@hello:~# cat /etc/containerd/config.toml
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
plugin_dir = ""
disabled_plugins = []
required_plugins = []
oom_score = 0
[grpc]
address = "/run/containerd/containerd.sock"
tcp_address = ""tcp_tls_cert =""
tcp_tls_key = ""
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[ttrpc]
address = ""
uid = 0
gid = 0
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""[timeouts]"io.containerd.timeout.shim.cleanup"="5s""io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
disable_tcp_service = true
stream_server_address = "127.0.0.1"
stream_server_port = "0"
stream_idle_timeout = "4h0m0s"
enable_selinux = false
selinux_category_range = 1024
sandbox_image = "k8s.gcr.io/pause:3.2"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
disable_cgroup = false
disable_apparmor = false
restrict_oom_score_adj = false
max_concurrent_downloads = 3
disable_proc_mount = false
unset_seccomp_profile = ""
tolerate_missing_hugetlb_controller = true
disable_hugetlb_controller = true
ignore_image_defined_volumes = false
[plugins."io.containerd.grpc.v1.cri".containerd]
snapshotter = "overlayfs"
default_runtime_name = "runc"
no_pivot = false
disable_snapshot_annotations = true
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
runtime_type = ""runtime_engine =""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
runtime_type = ""runtime_engine =""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
runtime_engine = ""runtime_root =""
privileged_without_host_devices = false
base_runtime_spec = ""[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
max_conf_num = 1
conf_template = ""[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = ""[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""tls_key_file =""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.runtime.v1.linux"]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.snapshotter.v1.devmapper"]
root_path = ""pool_name =""
base_image_size = ""
async_remove = false
root@hello:~# 配置镜像加速器
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://ted9wxpi.mirror.aliyuncs.com"]ctr 相当于外围组件,通过加载插件的形式来反对各种操作。
应用 ctr plugins ls 来查看以后加载的插件和反对的操作。
[root@k8s-master01 ~]# ctr plugins ls
TYPE ID PLATFORMS STATUS
io.containerd.content.v1 content - ok
io.containerd.snapshotter.v1 aufs linux/amd64 error
io.containerd.snapshotter.v1 devmapper linux/amd64 error
io.containerd.snapshotter.v1 native linux/amd64 ok
io.containerd.snapshotter.v1 overlayfs linux/amd64 ok
io.containerd.snapshotter.v1 zfs linux/amd64 error
io.containerd.metadata.v1 bolt - ok
io.containerd.differ.v1 walking linux/amd64 ok
io.containerd.gc.v1 scheduler - ok
io.containerd.service.v1 introspection-service - ok
io.containerd.service.v1 containers-service - ok
io.containerd.service.v1 content-service - ok
io.containerd.service.v1 diff-service - ok
io.containerd.service.v1 images-service - ok
io.containerd.service.v1 leases-service - ok
io.containerd.service.v1 namespaces-service - ok
io.containerd.service.v1 snapshots-service - ok
io.containerd.runtime.v1 linux linux/amd64 ok
io.containerd.runtime.v2 task linux/amd64 ok
io.containerd.monitor.v1 cgroups linux/amd64 ok
io.containerd.service.v1 tasks-service - ok
io.containerd.internal.v1 restart - ok
io.containerd.grpc.v1 containers - ok
io.containerd.grpc.v1 content - ok
io.containerd.grpc.v1 diff - ok
io.containerd.grpc.v1 events - ok
io.containerd.grpc.v1 healthcheck - ok
io.containerd.grpc.v1 images - ok
io.containerd.grpc.v1 leases - ok
io.containerd.grpc.v1 namespaces - ok
io.containerd.internal.v1 opt - ok
io.containerd.grpc.v1 snapshots - ok
io.containerd.grpc.v1 tasks - ok
io.containerd.grpc.v1 version - ok
io.containerd.grpc.v1 cri linux/amd64 ok
[root@k8s-master01 ~]#ctr plugins ls 命令会展现三列,第二列 ID 就是对应的命令。
例如 plugins 的 id 为 content 可应用 ctr content –help 来查看帮忙,以及其余命令来执行操作。
[root@k8s-master01 ~]# ctr content --help
NAME:
ctr content - manage content
USAGE:
ctr content [global options] command [command options] [arguments...]
VERSION:
1.4.13
COMMANDS:
active display active transfers
delete, del, remove, rm permanently delete one or more blobs
edit edit a blob and return a new digest
fetch fetch all content for an image into containerd
fetch-object retrieve objects from a remote
get get the data for an object
ingest accept content into the store
list, ls list all blobs in the store
push-object push an object to a remote
label add labels to content
GLOBAL OPTIONS:
--help, -h show help
[root@k8s-master01 ~]# 查看有哪些命名空间
[root@k8s-master01 ~]# ctr namespace ls
NAME LABELS
default
k8s.io
[root@k8s-master01 ~]# 查看 k8s.io 空间下的镜像有哪些
[root@k8s-master01 ~]# ctr -n k8s.io images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
k8s.gcr.io/ingress-nginx/kube-webhook-certgen@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 application/vnd.docker.distribution.manifest.list.v2+json sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 18.0 MiB linux/amd64,linux/arm/v7,linux/arm64,linux/s390x接下来 从 容器的 生命周期流程 来阐明 ctr 命令的应用。
ctr images ls 查看镜像
[root@k8s-master01 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@k8s-master01 ~]#ctr images pull 拉取镜像
[root@k8s-master01 ~]# ctr images pull docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:1e3458b8841319dec826a9a63b66f98c0bb260d50454dcdbdfe414eed362a3c4: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a9d990f68b82fceea08b4b08a0549e3de8ba7840ac721e0b8cc4d2d27e33ccf: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:7d73f57a7cf733ff46e22c3d60cb237f7b29e8e7ec6753922f2daa7f5af5d186: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:6c53e58c6af6338b6ea1ddeb46b638a719e4afdd2cffb5cf80362af3e61099d1: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:bda3fba8f6c468c5b9f60cec056498ebdedf711410c8864f956f0b8d3408428c: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e07cc103cea6f44382a40ffe1f7d893781521aa2723765c069f23480e674dd0c: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3d243047344378e9b7136d552d48feb7ea8b6fe14ce0990e0cc011d5e369626a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4ba4f346920eaf3fd54877cf123ac46a7bbea16f23d4b0bdc210988ebe7969f0: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 14.8s total: 9.7 Mi (671.0 KiB/s)
unpacking linux/amd64 sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a...
done
[root@k8s-master01 ~]# 只有通过 crictl 或者 Kubernetes 调用时 mirror 才会失效,通过 ctr 拉取是不会失效的。
ctr images rm 删除镜像
[root@k8s-master01 ~]# ctr images rm docker.io/library/nginx:alpine
docker.io/library/nginx:alpine
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@k8s-master01 ~]# ctr images mount 挂载
[root@k8s-master01 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@k8s-master01 ~]# ctr images mount docker.io/library/nginx:alpine /cby
sha256:7a7cbbee0f17b403a980a36ae708bbd9ee428511a7219da36c50ce7e33662d43
/cby
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# ls /cby/
bin docker-entrypoint.d etc lib mnt proc run srv tmp var
dev docker-entrypoint.sh home media opt root sbin sys usr
[root@k8s-master01 ~]# ctr images unmount 卸载
[root@k8s-master01 ~]# ctr images unmount /cby
/cby
[root@k8s-master01 ~]#ctr images export 导出镜像
root@hello:~# ctr images export nginx.tar docker.io/library/nginx:alpine
root@hello:~#
root@hello:~# ls nginx.tar
nginx.tar
root@hello:~# ctr images import 导入镜像
root@hello:~# ctr images import nginx.tar
unpacking docker.io/library/nginx:alpine (sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a)...done
root@hello:~# ctr 中 containers 是镜像实例化的一个虚拟环境,提供一个磁盘,模仿空间,就好比你电脑处于关机状态一样。
ctr 中 tasks 是将容器运行起来,电脑开机了,初始化过程等,task 就是的这么个模式。
ctr containers ls 查看容器
root@hello:~# ctr containers ls
CONTAINER IMAGE RUNTIME
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
root@hello:~# ctr containers create 创立容器
root@hello:~# ctr containers create docker.io/library/nginx:alpine nginx
root@hello:~# ctr containers rm 删除容器
root@hello:~# ctr containers rm nginx
root@hello:~# ctr containers ls
CONTAINER IMAGE RUNTIME
root@hello:~# ctr containers info 查看详细信息
root@hello:~# ctr containers info nginx
{
"ID": "nginx",
"Labels": {"io.containerd.image.config.stop-signal": "SIGQUIT"},
"Image": "docker.io/library/nginx:alpine",
"Runtime": {
"Name": "io.containerd.runc.v2",
"Options": {"type_url": "containerd.runc.v1.Options"}
},
"SnapshotKey": "nginx",
"Snapshotter": "overlayfs",
"CreatedAt": "2022-03-21T08:51:45.127872097Z",
"UpdatedAt": "2022-03-21T08:51:45.127872097Z",
"Extensions": null,
"Spec": {--- 略 ---create 的命令创立了容器后,并没有处于运行状态,只是一个动态的容器。一个 container 对象只是蕴含了运行一个容器所需的资源及配置的数据结构,这意味着 namespaces、rootfs 和容器的配置都曾经初始化胜利了,只是用户过程 (这里是 nginx) 还没有启动。
ctr tasks start -d 在后盾运行容器
root@hello:~# ctr tasks start -d nginx
root@hello:~# ctr tasks ls
TASK PID STATUS
nginx 118454 RUNNING
root@hello:~# ctr task exec 进入容器,id 轻易写就行,须要将其惟一
root@hello:~# ctr task exec --exec-id 1 -t nginx sh
/ # ctr task pause 暂停容器
root@hello:~# ctr task pause nginx
root@hello:~# ctr task ls
TASK PID STATUS
nginx 118454 PAUSED
root@hello:~#ctr task resume 复原容器
root@hello:~# ctr task resume nginx
root@hello:~# ctr task ls
TASK PID STATUS
nginx 118454 RUNNING
root@hello:~# ctr task kill 杀死容器
root@hello:~# ctr task kill nginx
root@hello:~# ctr task ls
TASK PID STATUS
nginx 118454 STOPPED
root@hello:~# ctr task metrics 获取容器信息
root@hello:~# ctr task metrics nginx
ID TIMESTAMP
nginx 2022-03-21 09:05:49.949321537 +0000 UTC
METRIC VALUE
memory.usage_in_bytes 3821568
memory.limit_in_bytes 9223372036854771712
memory.stat.cache 135168
cpuacct.usage 176641571
cpuacct.usage_percpu [24856408 21740008 12150472 37947198 31775746 28169704 7366623 12635412]
pids.current 0
pids.limit 0
root@hello:~# ctr tasks rm 删除容器
root@hello:~# ctr tasks rm nginx
root@hello:~# ctr tasks ls
TASK PID STATUS
root@hello:~#https://www.oiox.cn/
https://www.chenby.cn/
https://cby-chen.github.io/
https://weibo.com/u/5982474121
https://blog.csdn.net/qq_3392…
https://my.oschina.net/u/3981543
https://www.zhihu.com/people/…
https://segmentfault.com/u/hp…
https://juejin.cn/user/331578…
https://space.bilibili.com/35…
https://cloud.tencent.com/dev…
https://www.jianshu.com/u/0f8…
https://www.toutiao.com/c/use…
CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、集体博客、全网可搜《小陈运维》
正文完
