西班牙网站后缀,网站开发人员注意事项,网站模板站扩容,网站情况建设说明书1. 轻量级容器管理工具 Containerd 2. Containerd的两种安装方式 3. Containerd容器镜像管理 4. Containerd数据持久化和网络管理 操作系统环境为centos7u6 1. YUM方式安装
1.1 获取YUM源
获取阿里云YUM源
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun…1. 轻量级容器管理工具 Containerd 2. Containerd的两种安装方式 3. Containerd容器镜像管理 4. Containerd数据持久化和网络管理 操作系统环境为centos7u6 1. YUM方式安装
1.1 获取YUM源
获取阿里云YUM源
# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo查看YUM源中Containerd软件
# yum list | grep containerd
containerd.io.x86_64 1.4.12-3.1.el7 docker-ce-stable1.2 使用yum命令安装
安装Containerd.io软件即可安装Containerd
# yum -y install containerd.io1.3 验证安装及启动服务
使用rpm -qa命令查看是否安装
# rpm -qa | grep containerd
containerd.io-1.4.12-3.1.el7.x86_64设置containerd服务启动及开机自启动
# systemctl enable containerd
# systemctl start containerd查看containerd服务启动状态
# systemctl status containerd
● containerd.service - containerd container runtimeLoaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)Active: active (running) since 六 2023-08-05 19:25:57 CST; 46s agoDocs: https://containerd.ioProcess: 13319 ExecStartPre/sbin/modprobe overlay (codeexited, status0/SUCCESS)Main PID: 13323 (containerd)Tasks: 10Memory: 20.4MCGroup: /system.slice/containerd.service└─13323 /usr/bin/containerd......1.4 验证可用性
安装Containerd时ctr命令亦可使用ctr命令主要用于管理容器及容器镜像等。
使用ctr命令查看Containerd客户端及服务端相关信息。
# ctr version
Client:Version: 1.6.22Revision: 8165feabfdfe38c65b599c4993d227328c231fcaGo version: go1.19.11Server:Version: 1.6.22Revision: 8165feabfdfe38c65b599c4993d227328c231fcaUUID: a588fcfe-122c-4b3a-a25a-95eadd30d3a72. 二进制方式安装
Containerd有两种安装包
第一种是containerd-xxx,这种包用于单机测试没问题不包含runC需要提前安装。第二种是cri-containerd-cni-xxxx包含runc和k8s里的所需要的相关文件。k8s集群里需要用到此包。虽然包含runC但是依赖系统中的seccomp安全计算模式是一种限制容器调用系统资源的模式。
2.1 获取安装包 下载Containerd安装包
# wget https://github.com/containerd/containerd/releases/download/v1.6.0/cri-containerd-cni-1.6.0-linux-amd64.tar.gz2.2 安装并测试可用性
2.2.1 安装containerd
查看已获取的安装包
# ls
cri-containerd-cni-1.6.0-linux-amd64.tar.gz解压已下载的软件包
# tar xf cri-containerd-cni-1.6.0-linux-amd64.tar.gz查看解压后目录
# ls
etc opt usr 查看etc目录主要为containerd服务管理配置文件及cni虚拟网卡配置文件
# ls etc
cni crictl.yaml systemd
# ls etc/systemd/
system
# ls etc/systemd/system/
containerd.service查看opt目录主要为gce环境中使用containerd配置文件及cni插件
# ls opt
cni containerd
# ls opt/containerd/
cluster
# ls opt/containerd/cluster/
gce version
# ls opt/containerd/cluster/gce
cloud-init cni.template configure.sh env查看usr目录主要为containerd运行时文件包含runc
# ls usr
local
# ls usr/local/
bin sbin
# ls usr/local/bin
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
# ls usr/local/sbin
runc2.2.2 查看containerd安装位置
查看containerd.service文件了解containerd文件安装位置
# cat etc/systemd/system/containerd.service# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the License);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an AS IS BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.[Unit]
Descriptioncontainerd container runtime
Documentationhttps://containerd.io
Afternetwork.target local-fs.target[Service]
ExecStartPre-/sbin/modprobe overlay
ExecStart/usr/local/bin/containerd #查看此位置,把containerd二进制文件放置于此处即可完成安装。Typenotify
Delegateyes
KillModeprocess
Restartalways
RestartSec5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROCinfinity
LimitCOREinfinity
LimitNOFILEinfinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMaxinfinity
OOMScoreAdjust-999[Install]
WantedBymulti-user.target2.2.3 复制containerd运行时文件至系统
查看宿主机/usr/local/bin目录里面没有任何内容。
# ls /usr/local/bin/查看解压后usr/local/bin目录里面包含containerd运行时文件
# ls usr/
local
# ls usr/local/
bin sbin
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr复制containerd文件至/usr/local/bin目录中本次可仅复制containerd一个文件也可复制全部文件。
# cp usr/local/bin/containerd /usr/local/bin/
# ls /usr/local/bin/
containerd2.2.4 添加containerd.service文件至系统
查看解压后的etc/system目录
# ls etc
cni crictl.yaml systemd# ls etc/systemd/
system# ls etc/systemd/system/
containerd.service复制containerd服务管理配置文件至/usr/lib/systemd/system/目录中
# cp etc/systemd/system/containerd.service /usr/lib/systemd/system/containerd.service查看复制后结果
# ls /usr/lib/systemd/system/containerd.service
/usr/lib/systemd/system/containerd.service2.2.5 查看containerd使用帮助
# containerd --help
NAME:containerd -__ _ ___________ ____ / /_____ _(_)___ ___ _________/ // ___/ __ \/ __ \/ __/ __ / / __ \/ _ \/ ___/ __ /
/ /__/ /_/ / / / / /_/ /_/ / / / / / __/ / / /_/ /
\___/\____/_/ /_/\__/\__,_/_/_/ /_/\___/_/ \__,_/
......2.2.6 生成containerd模块配置文件
2.2.6.1 生成默认模块配置文件
Containerd 的默认配置文件为 /etc/containerd/config.toml可以使用containerd config default /etc/containerd/config.toml命令创建一份模块配置文件
创建配置文件目录
# mkdir /etc/containerd生成配置文件
# containerd config default /etc/containerd/config.toml查看配置文件
# cat /etc/containerd/config.toml2.2.6.2 替换默认配置文件
但上述配置文件后期改动的地方较多这里直接换成可单机使用也可k8s环境使用的配置文件并配置好镜像加速器可参考配置。
# vim /etc/containerd/config.toml# cat /etc/containerd/config.toml
root /var/lib/containerd
state /run/containerd
oom_score -999[grpc]address /run/containerd/containerd.sockuid 0gid 0max_recv_message_size 16777216max_send_message_size 16777216[debug]address uid 0gid 0level [metrics]address grpc_histogram false[cgroup]path [plugins][plugins.cgroups]no_prometheus false[plugins.cri]stream_server_address 127.0.0.1stream_server_port 0enable_selinux falsesandbox_image easzlab/pause-amd64:3.2 #配置了沙箱镜像stats_collect_period 10systemd_cgroup falseenable_tls_streaming falsemax_container_log_line_size 16384[plugins.cri.containerd]snapshotter overlayfsno_pivot false[plugins.cri.containerd.default_runtime]runtime_type io.containerd.runtime.v1.linuxruntime_engine runtime_root [plugins.cri.containerd.untrusted_workload_runtime]runtime_type runtime_engine runtime_root [plugins.cri.cni]bin_dir /opt/kube/binconf_dir /etc/cni/net.dconf_template /etc/cni/net.d/10-default.conf[plugins.cri.registry][plugins.cri.registry.mirrors][plugins.cri.registry.mirrors.docker.io]endpoint [https://docker.mirrors.ustc.edu.cn,http://hub-mirror.c.163.com][plugins.cri.registry.mirrors.gcr.io]endpoint [https://gcr.mirrors.ustc.edu.cn][plugins.cri.registry.mirrors.k8s.gcr.io]endpoint [https://gcr.mirrors.ustc.edu.cn/google-containers/][plugins.cri.registry.mirrors.quay.io]endpoint [https://quay.mirrors.ustc.edu.cn][plugins.cri.registry.mirrors.harbor.kubemsb.com] #此处添加了本地容器镜像仓库 Harbor,做为本地容器镜像仓库。endpoint [http://harbor.kubemsb.com][plugins.cri.x509_key_pair_streaming]tls_cert_file tls_key_file [plugins.diff-service]default [walking][plugins.linux]shim containerd-shimruntime runcruntime_root no_shim falseshim_debug false[plugins.opt]path /opt/containerd[plugins.restart]interval 10s[plugins.scheduler]pause_threshold 0.02deletion_threshold 0mutation_threshold 100schedule_delay 0sstartup_delay 100ms2.2.7 启动containerd服务并设置开机自启动
# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
# systemctl start containerd# systemctl status containerd
● containerd.service - containerd container runtimeLoaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)Active: active (running) since 日 2023-08-06 14:11:12 CST; 5s agoDocs: https://containerd.ioProcess: 20523 ExecStartPre/sbin/modprobe overlay (codeexited, status0/SUCCESS)Main PID: 20525 (containerd)Tasks: 13Memory: 26.1MCGroup: /system.slice/containerd.service└─20525 /usr/local/bin/containerd......2.2.8 复制ctr命令至系统
# ls usr/local/bin/
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
# cp usr/local/bin/ctr /usr/bin/2.2.9 查看已安装containerd服务版本
# ctr version
Client:Version: v1.6.0Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6eGo version: go1.17.2Server:Version: v1.6.0Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6eUUID: c1972cbe-884a-41b0-867f-f8a58c168e6d2.2.10 安装runC 由于二进制包中提供的runC默认需要系统中安装seccomp支持需要单独安装且不同版本runC对seccomp版本要求一致所以建议单独下载runC 二进制包进行安装里面包含了seccomp模块支持。 2.2.10.1 获取runC 使用wget下载
# wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd642.2.10.2 安装runC并验证安装结果
查看已下载文件
# ls
runc.amd64安装runC
# mv runc.amd64 /usr/sbin/runc为runC添加可执行权限
# chmod x /usr/sbin/runc使用runc命令验证是否安装成功
# runc -v
runc version 1.1.0
commit: v1.1.0-0-g067aaf85
spec: 1.0.2-dev
go: go1.17.6
libseccomp: 2.5.3
