容器引擎说明——Contianerd与Docker的区别以及Containerd换源操作

容器引擎是Kubernetes最重要的组件之一,负责管理镜像和容器的生命周期。Kubelet通过Container Runtime Interface (CRI) 与容器引擎交互,以管理镜像和容器。

表1 容器引擎对比

Containerd和Docker组件常用命令对比#

表2 镜像相关功能

表3 容器相关功能

表4 Pod相关功能

说明
Containerd创建并启动的容器会被kubelet立即删除,不支持暂停、恢复、重启、重命名、等待容器,Containerd不具备docker构建、导入、导出、比较、推送、查找、打标签镜像的能力,Containerd不支持复制文件,可通过修改containerd的配置文件实现登录镜像仓库。

调用链区别#

  • Docker(Kubernetes 1.23及以下版本):
    kubelet --> docker shim (在kubelet 进程中) --> docker --> containerd

  • Docker(Kubernetes 1.24及以上版本社区方案):
    kubelet --> cri-dockerd (kubelet使用cri接口对接cri-dockerd) --> docker --> containerd

  • Containerd:
    kubelet --> cri plugin(在containerd进程中) --> containerd

其中Docker虽增加了swarm cluster、docker build、docker API等功能,但也会引入一些bug,并且与Containerd相比,多了一层调用,因此Containerd被认为更加节省资源且更安全。

Contianerd换源#

Containerd通过在启动时指定一个配置文件夹,使后续所有镜像仓库相关的配置都可以在里面热加载,无需重启Containerd。

  1. 如果/etc/containerd/config.toml配置文件中已包含config_path配置(例如"/etc/containerd/cert.d"),则无需执行此步骤;如果不存在,您可以在配置文件中添加以下config_path并重启Containerd使更改生效。
Copy
config_path = "/etc/containerd/certs.d"
  1. 在步骤一中指定的config_path路径中创建docker.io/hosts.toml文件。
    在文件中写入如下配置。
Copy
server = "https://registry-1.docker.io"

[host."$(镜像加速器地址,如https://xxx.mirror.aliyuncs.com)"]
  capabilities = ["pull", "resolve", "push"]

镜像加速配置:

Copy
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerproxy.com"]
  capabilities = ["pull", "resolve"]

[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]

[host."https://reg-mirror.qiniu.com"]
  capabilities = ["pull", "resolve"]

[host."https://registry.docker-cn.com"]
  capabilities = ["pull", "resolve"]

[host."http://hub-mirror.c.163.com"]
  capabilities = ["pull", "resolve"]

EOF

# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"

[host."https://k8s.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"

[host."https://elastic.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"

[host."https://gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"

[host."https://ghcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"

[host."https://k8s-gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"

[host."https://mcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"

[host."https://nvcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"

[host."https://quay.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF'
server = "https://registry.jujucharms.com"

[host."https://jujucharms.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF'
server = "https://rocks.canonical.com"

[host."https://rocks-canonical.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

参考:

  1. https://support.huaweicloud.com/usermanual-cce/cce_10_0462.html
  2. https://help.aliyun.com/zh/acr/user-guide/accelerate-the-pulls-of-docker-official-images?spm=5176.28426678.J_HeJR_wZokYt378dwP-lLl.11.55d25181Z6Gz74&scm=20140722.S_help@@文档@@60750.S_BB2@bl+RQW@ag0+BB1@ag0+os0.ID_60750-RL_etccontainerd-LOC_searchUNDhelpdocUNDitem-OR_ser-V_3-P0_0
  3. https://blog.csdn.net/IOT_AI/article/details/131975562
posted @   LMFrank  阅读(231)  评论(0编辑  收藏  举报
相关博文:
· 使用containerd作为容器运行时拉取镜像的方法
· kubernetes中 kube-proxy 的代理模块
· 0-容器引擎 Containerd&&Docker -- (Kubernetes 1.24 开始,删除了对 Docker(Dockershim)的容器运行时接口(CRI)的支持)
· K8s 集群内 containerd 、docker 的区别
· 全网首套完整containerd容器工具教程
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛
CONTENTS