再见Docker！Containerd安装与使用

Containerd 的技术方向和目标

• 简洁的基于 gRPC 的 API 和 client library
• 完整的 OCI 支持(runtime 和 image spec)
• 同时具备稳定性和高性能的定义良好的容器核心功能
• 一个解耦的系统(让 image、filesystem、runtime 解耦合)，实现插件式的扩展和重用

  为什么需要独立的 containerd：

• 以往隶属于docker项目中，现如今从整体 docker 引擎中分离出的项目(开源项目的思路)
• 可以被 Kubernets CRI 等项目使用(通用化)
• 为广泛的行业合作打下基础(就像 runC 一样)

  containerd的架构设计图：

安装containerd

       验证仓库版本：

root@containerd:~# apt-cache madison containerd

  ubuntu在线仓库版本不是最新，可以使用github仓库中的新版本，使用二进制方式部署

下载二进制安装包

github链接地址：https://github.com/containerd/containerd/releases

选择64位x86架构系统安装包

   上传安装包到服务器并开始解压安装

  解压缩并将containerd执行文件放入系统默认命令路径下

root@containerd:/tools# tar xf containerd-1.6.6-linux-amd64.tar.gz
root@containerd:/tools# cp -r bin/* /usr/local/bin/

 创建containerd systemd service启动管理文件：

 修改ExecStart=/usr/local/bin/containerd为当前containerd文件路径

root@containerd:/tools# cd /etc/systemd/system/
root@containerd:/etc/systemd/system# cat containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

  重新加载系统管理服务文件

root@containerd:/etc/systemd/system# systemctl daemon-reload

  创建配置文件

root@containerd:/etc/systemd/system# mkdir /etc/containerd

  

  生成模板配置文件

root@containerd:/etc/systemd/system# containerd config default > /etc/containerd/config.toml

  修改配置文件

root@containerd:/etc/systemd/system# cd /etc/containerd/
root@containerd:/etc/containerd# vim config.toml

  vim下搜索/mirrors，添加镜像加速，使用docker镜像源即可，上下级配置，缩进两个空格。

   [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://dxc7f1d6.mirror.aliyuncs.com"]

  

  如果是从docker.io下载进行，则使用endpoint配置的镜像站点加速下载

 

  启动containerd并设置开机自启动

root@containerd:/etc/containerd# systemctl enable containerd --now

安装runc

  github下载链接：https://github.com/opencontainers/runc/releases

  下载最新版本

上传到服务器

root@containerd:/tools# chmod +x runc.amd64
root@containerd:/tools# cp runc.amd64 /usr/local/bin/runc

 验证使用containerd

  containerd是ctrl工具在服务器上创建、管理和使用容器

root@containerd:~# ctr --help
NAME:
   ctr -
        __
  _____/ /______
 / ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/

containerd CLI

USAGE:
   ctr [global options] command [command options] [arguments...]

VERSION:
   v1.6.6

DESCRIPTION:

ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.

COMMANDS:
   plugins, plugin            provides information about containerd plugins
   version                    print the client and server versions
   containers, c, container   manage containers
   content                    manage content
   events, event              display containerd events
   images, image, i           manage images
   leases                     manage leases
   namespaces, namespace, ns  manage namespaces
   pprof                      provide golang pprof outputs for containerd
   run                        run a container
   snapshots, snapshot        manage snapshots
   tasks, t, task             manage tasks
   install                    install a new package
   oci                        OCI tools
   shim                       interact with a shim directly
   help, h                    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug                      enable debug output in logs
   --address value, -a value    address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
   --timeout value              total timeout for ctr commands (default: 0s)
   --connect-timeout value      timeout for connecting to containerd (default: 0s)
   --namespace value, -n value  namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
   --help, -h                   show help
   --version, -v                print the version

  

  拉取镜像

  与docker区别在于拉取官方镜像必须指定镜像的完整名称包括镜像仓库地址

root@containerd:~# ctr images pull docker.io/library/nginx:latest

  

查看本地的镜像

root@containerd:~# ctr images ls

  运行容器

root@containerd:~# ctr run -t  docker.io/library/nginx:latest container1 bash

container客户端工具

  客户端工具有两种，分别是crictl和nerdctl

推荐使用nerdctl，使用效果与docker命令的语法一致

github下载链接：https://github.com/containerd/nerdctl/releases

  下载安装nerdctl

  

  解压安装nerdctl

  

  

  拷贝nerdctl到系统二进制命令路径下

root@containerd:/tools# cp nerdctl /usr/local/bin/

  

  验证版本

  

  

  查看nerdctl使用帮助，与docker客户端工具使用方法基本一致

root@containerd:~# nerdctl --help
nerdctl is a command line interface for containerd

Config file ($NERDCTL_TOML): /etc/nerdctl/nerdctl.toml

Usage:
  nerdctl [flags]
  nerdctl [command]
Management commands:
  apparmor    Manage AppArmor profiles
  builder     Manage builds
  container   Manage containers
  image       Manage images
  ipfs        Distributing images on IPFS
  namespace   Manage containerd namespaces
  network     Manage networks
  system      Manage containerd
  volume      Manage volumes
Commands:
  build       Build an image from a Dockerfile. Needs buildkitd to be running.
  commit      Create a new image from a container's changes
  completion  Generate the autocompletion script for the specified shell
  compose     Compose
  cp          Copy files/folders between a running container and the local filesystem.
  create      Create a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
  events      Get real time events from the server
  exec        Run a command in a running container
  help        Help about any command
  history     Show the history of an image
  images      List images
  info        Display system-wide information
  inspect     Return low-level information on objects.
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container. Currently, only containers created with `nerdctl run -d` are supported.
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image from a registry. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
  push        Push an image or a repository to a registry. Optionally specify "ipfs://" or "ipns://" scheme to push image to IPFS.
  rename      rename a container
  restart     Restart one or more running containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container. Optionally specify "ipfs://" or "ipns://" scheme to pull image from IPFS.
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  start       Start one or more running containers
  stats       Display a live stream of container(s) resource usage statistics.
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update one or more running containers
  version     Show the nerdctl version information
  wait        Block until one or more containers stop, then print their exit codes.
Flags:
  -H, --H string                 Alias of --address (default "/run/containerd/containerd.sock")
  -a, --a string                 Alias of --address (default "/run/containerd/containerd.sock")
      --address string           containerd address, optionally with "unix://" prefix [$CONTAINERD_ADDRESS] (default "/run/containerd/containerd.sock")
      --cgroup-manager string    Cgroup manager to use ("cgroupfs"|"systemd") (default "cgroupfs")
      --cni-netconfpath string   cni config directory [$NETCONFPATH] (default "/etc/cni/net.d")
      --cni-path string          cni plugins binary directory [$CNI_PATH] (default "/opt/cni/bin")
      --data-root string         Root directory of persistent nerdctl state (managed by nerdctl, not by containerd) (default "/var/lib/nerdctl")
      --debug                    debug mode
      --debug-full               debug mode (with full output)
  -h, --help                     help for nerdctl
      --host string              Alias of --address (default "/run/containerd/containerd.sock")
      --hosts-dir strings        A directory that contains <HOST:PORT>/hosts.toml (containerd style) or <HOST:PORT>/{ca.cert, cert.pem, key.pem} (docker style) (default [/etc/containerd/certs.d,/etc/docker/certs.d])
      --insecure-registry        skips verifying HTTPS certs, and allows falling back to plain HTTP
  -n, --n string                 Alias of --namespace (default "default")
      --namespace string         containerd namespace, such as "moby" for Docker, "k8s.io" for Kubernetes [$CONTAINERD_NAMESPACE] (default "default")
      --snapshotter string       containerd snapshotter [$CONTAINERD_SNAPSHOTTER] (default "overlayfs")
      --storage-driver string    Alias of --snapshotter (default "overlayfs")
  -v, --version                  version for nerdctl
Use "nerdctl [command] --help" for more information about a command.

  

  查看镜像、容器：

  

  拉取镜像：

安装cni网络插件

  CNI：Container network interface容器网络接口，为容器分配ip地址网卡等

github链接： 

https://github.com/containernetworking/plugins/releases

  

  

  下载安装cni，并解压到/usr/local/cni/bin目录下

root@containerd:/tools# mkdir /opt/cni/bin -p
root@containerd:/tools# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/

  

  查看解压后的cni插件文件：

  

  

  注意：必须将cni解压到/opt/cni/bin，否则nerdctl为容器映射端口时，会出现找不到cni插件的报错

root@containerd:~# nerdctl run -d -p 80:80 --name=web --restart=always nginx:latest
FATA[0000] needs CNI plugin "bridge" to be installed in CNI_PATH ("/opt/cni/bin"), see https://github.com/con stat /opt/cni/bin/bridge: no such file or directory

  

  

  验证：使用nerdctl运行一个容器

  

  宿主机访问容器映射到宿主机80端口

  

  

  以上就是关于container的介绍与安装。如果对你有帮助或有建议疑问可以评论区留言！