Docker的组件与二进制程序(重要)
在2013年Docker刚发布的时候,它是一款基于 LXC 的开源容器管理引擎。把LXC复杂的容器创建与使用方式简化为Docker自己的一套命令体系
Docker公司的最终目标,是在过往工作的基础上,进一步将Docker组件化.从runc和containerd开始,长期以来拆分一直是Docker项目的目标
到目前为止,Docker仍是一套组织良好的library和package。一般包括 docker、docker-containerd、docker-containerd-ctr、docker-containerd-shim、dockerd、docker-init、docker-proxy、docker-runc ,这8个二进制文件(但是要注意,不同版本和不同的容器产品之间是有差异的,所以显得比较混乱)
基础采样来自: 社区版18.03.0-ce和20.10.14 (两个版本下的二进制文件名称都有改变,我下面的通用表示两个版本都有该二进制文件)
| 名称 | 相关地址 | 备注 |
| lxc | https://github.com/lxc/lxc |
docker初期是基于开源的LXC开源容器管理引擎. |
| LinuxKit | https://thenewstack.io/category/containers/ |
Linuxkit是Docke的另外一个新项目LinuxKit,为每种容器提供了一个基于容器的方法,
|
| Moby | https://github.com/moby/moby |
Moby是docker的开源项目,适用于自主定制开发你自己的容器编排系统。
如果你是一个普通的Docker容器平台产品用户应该使用Docker CE(开源版)/docker EE(社区版) |
| notary | https://github.com/notaryproject/notary |
2014年左右,Docker就开始了这些研究,开始项目称为Notary |
| docker-dev | ||
| http://libcg.sourceforge.net/html/index.html | yum install libcgroup libcgroup-tools,在 CentOS 7中,已经通过 systemd 替换了之前的 cgroup-tools 工具 在 CentOS 7 中如果没有cgroup,需要通过 yum install libcgroup libcgroup-tools 安装额外的 cgroup 工具, 对系统来说,默认会挂载到 /sys/fs/cgroup/ 目录下。 |
|
| Swarm | docker集群管理工具 | |
| containerd | https://www.docker.com/blog/docker-containerd-integration/ |
docker 作为 k8s 容器运行时,调用关系为: kubelet --> dockershim (在 kubelet 进程中) --> dockerd --> containerd docker由 docker-client(docker命令) ,dockerd,containerd,docker-shim(docker-containerd-shim), 这里介绍了将其从docker中独立出来的原因。 代码仓库: https://containerd.io/ //有的版本没有例如: docker-ce就没有,但是Community版本中有containerd等 配置参数的一些说明 https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file 架构细节:
社区版20.10.14中会有/usr/bin/ctr (ctr来操作containerd 守护进程) 社区版20.10.14中会有/usr/bin/runc (更底层的容器操作实现 ,例如cgroup的创建和管理、namespace的创建和使用等,并不是由containerd提供的, |
| dockerd |
本地代码:E:\docker源码\moby-20.10.14\moby-20.10.14\cmd\dockerd https://github.com/moby/moby/cmd/dockerd |
dockerd(docker的守护进程 daemon)向外提供RESTful API,其他程序(例如docker客户端)可以通过API来调用dockerd的各种功能,实现对容器的操作 linux系统下即: /usr/bin/dockerd即server端(通用) |
| Docker SDK |
Docker 客户端(Client) Docker 客户端通过命令行或者其他工具使用 Docker SDK (https://docs.docker.com/develop/sdk/) 与 Docker 的守护进程通信 /usr/bin/docker 即客户端(通用) |
|
| docker daemon |
从1.11开始docker已拆分docker daemon(守护进程),安装docker之后的 |
|
| docker client |
/usr/bin/docker 即cli (通用) docker client 实际是用户输入命令行的 docker CLI命令行 |
|
| docker shim | 社区版18.03.0-ce会有 /usr/bin/docker-containerd-shim | |
|
docker-containerd-shim |
linux系统下安装docker时会被放在/usr/bin下 [root@ht5 ~]# ps -aux | grep docker docker-containerd-shim:这是每一个容器的运行时载体,我们在 docker宿主机上看到的 社区版18.03.0-ce会有/usr/bin/docker-containerd-shim |
|
|
docker-containerd |
/usr/bin/docker-containerd 即high performance container runtime 社区版18.03.0-ce会有/usr/bin/docker-containerd --help 查看帮助 |
|
| docker Build | 使用 Dockerfile 创建镜像(通用) | |
| docker-proxy |
查看具体使用 https://www.cnblogs.com/aozhejin/p/16188440.html 社区版20.10.14会有 /usr/bin/docker-proxy |
|
| containerd的简单client |
docker-containerd-ctr |
它是一个简单的 CLI 接口,用作 containerd 本身的一些调试用途 docker-containerd-ctr是 containerd的客户端 社区版 18.03.0-ce版本里面 /usr/bin/docker-containerd-ctr |
| ctr | 是containerd的简单client 社区版20.10.14下是 /usr/bin/ctr 社区版18.03.0-ce下是/usr/bin/docker-containerd-ctr |
|
| docker-init | 社区版20.10.14中会有/usr/bin/docker-init | |
| dockerd-rootless.sh |
Rootless 模式允许以非 root 用户身份运行Docker 守护进程(dockerd)和容器,以缓解 Docker守护进程和容器运行时中潜在的漏洞 |
|
| libcontainer(runc前身就是该组件,基于该组件重构runc) | https://www.cnblogs.com/plxx/p/5483100.html |
Docker支持的容器管理方式有两种,一种就是最初支持的LXC方式,另一种称为 |
| cli | https://github.com/docker/cli |
cli表示docker的一系列命令 例如: docker info,docker load,dokcer build,docker images,docker inspect等 |
| runc(oci的docker实现) | https://github.com/opencontainers/runc
http://runc.io/ |
是对于OCI标准的一个参考实现,是一个可以用于创建和运行容器的CLI(command-line interface)工具 runc state 容器名 (查看容器状态) runc ps 容器名 ( 容器内运行进程) runc exec 容器名 ls (执行容器中的命令) runc kill 容器名 (停止容器内的任务) runc pause 容器名 (暂停容器内的所有进程) runc resume 容器名 (恢复容器内进程的执行) runc events 容器名 (获取容器的资源使用情况) OCI 提出了两个规范: 社区版20.10.14会有 /usr/bin/runc |
|
|
https://github.com/docker/compose/ |
Compose是用于定义和运行多容器 Docker应用程序的工具(根据编排配置文件) https://compose-spec.io/ compose文件格式 https://github.com/docker/compose/releases |
| Docker CE | https://github.com/docker/docker-ce |
docker-ce是docker的开源版本,CE指Community Edition。 docker-ce中的组件来自于moby、containerd等其他项目。 |
| Docker EE | Docker 企业版(Docker Enterprise Edition ) |
用于生产环境中大规模地构建、交付和运行关键业务应用程序, 从Docker Enterprise 2.1开始,Docker Enterprise—Basic、Docker Enterprise—Standard 和Docker Enterprise—Advanced都被称为Docker Enterprise |
| Docker Developer Tools |
https://www.docker.com/products/developer-tools/ 开发docker下运行的应用.比如:你要创建一个应用服务类似mysql的. http://www.compose-spec.io/ 这里是一些compose规范 |
|
| runc |
https://github.com/opencontainers/runc http://runc.io/ |
runc的源码可以下载并通过make命令构建 //有的版本没有例如: docker-ce就没有,但是Community版本中有runc等 社区版20.10.14会有 /usr/bin/runc https://github.com/opencontainers/runtime-spec |
| lxc |
https://github.com/topics/lxc |
docker底层的沙盒机制(sandbox表示的是隔离的机制)就是基于lxc |
| libcontainer | https://github.com/docker-archive/libcontainer | 早期版本Libcontainer,功能实现上涵盖了包括namespaces使用、cgroups管理、Rootfs的配置启动、 默认的Linux capability权限集、以及进程运行的环境变量配置。内核版本最低要求为 2.6,最好是3.8,这与内核对namespace的支持有关 |
| 容器运行时交互规范(cri) | CRI(docker内置cri插件,实现cri规范) https://github.com/containerd/cri 主要包含了两个gRPC服务: |
kubelet使用containerd作为CRI docker的containerd利用cri插件实现了cri规范(Container Runtime Interface) crictl是k8s的CRI 客户端(单独安装,) ctr是docker containerd 的一个客户端工具(docker安装以后后放置于/usr/bin下,docker不同版本是 docker-containerd-ctr和ctr ) |
|
cri-o http://cri-o.io/ |
cri-o 是一个由 redhat 发起并开源且由社区驱动的 container-runtime,Red Hat, IBM, Intel, SUSE,openshift使用的是CRI-O https://www.redhat.com/zh/blog/why-red-hat-investing-cri-o-and-podman https://github.com/kubernetes/community/blob/master/contributors/devel/container-runtime-interface.md |
|
| oci(容器运行时标准) | https://opencontainers.org/ | OCI缩写Open Container Initiative,开放容器标准就是在容器技术发展过程中出现的容器标准。 OCI 组织在 Linux 基金会的支持下于成立,致力于围绕容器格式与运行时指定开放的行业标准。 oci组织是在docker基础上,Redhat/google/Vmware等参与制定的的标准. OCI 主要提出了两个规范: |
| grpc | https://github.com/grpc/grpc | |
| Docker Swarm | Swarm是Docker公司推出的用来管理docker集群的平台,几乎全部用GO语言来完成的开发的, Docker Swarm 和 Docker Compose 一样,都是 Docker 官方容器编排项目, 而 Docker Swarm 则可以在多个服务器或主机上创建容器集群服务, 代码在: https://github.com/docker/swarm; |
这里比较重要的是理解OCI/CRI-O/RUNC之间的区别和联系,看下面的图
查看相关的命令行区别
| docker | ctr(docker) | crictl(k8s) | cri-o(小红帽) |
|---|---|---|---|
| docker version | ctr version | crictl version | |
| docker images | ctr i ls | crictl img | |
| docker pull nginx:latest | ctr i pull docker.io/library/nginx:latest | crictl pull docker.io/library/redis | |
| docker run -d --name nginx-name nginx:latest | ctr run -d docker.io/library/nginx:latest nginx-name | crictl run [command options] container-config.[json yaml] pod-config.[json yaml] | |
| docker ps | ctr c ls / ctr t ls | crictl ps | |
| docker inspect nginx-name | ctr c info nginx-name | crictl inspect | |
| docker stop nginx-name | ctr t kill nginx-name | crictl stop | |
| docker start nginx-name | crictl start | ||
| docker rm nginx-name | ctr c rm nginx-name | ||
| docker exec -it nginx-name bash | ctr t exec -t --exec-id="foo" nginx-name sh |
我们用两台安装不同docker之后的机器来比较下,我们在/usr/bin下会看到很多的docker二进制文件,我们看看版本差异情况
别的版本还有其他内容如下(这里是docker-ce社区版-开源和Community版本)
//docker版本,ce版本(开源版本)
//docker由于是cs架构,所以docker cli就是client端,dockerd就是server端 [root@ht5 bin]# docker version Client: Version: 18.03.0-ce API version: 1.37 Go version: go1.9.4 Git commit: 0520e24 Built: Wed Mar 21 23:09:15 2018 OS/Arch: linux/amd64 //这里是有错误的,用了amd64的rpm包,应该用
//https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm Experimental: false Orchestrator: swarm //swarm manager使用内部负载均衡机制来接受集群中节点的请求,基于DNS名字解析来实现 Server: Engine: Version: 18.03.0-ce API version: 1.37 (minimum version 1.12) Go version: go1.9.4 Git commit: 0520e24 Built: Wed Mar 21 23:13:03 2018 //构建于2018年 OS/Arch: linux/amd64 Experimental: false [root@ht5 bin]# ll | grep docker* docker //命令行客户端,client端
dockerd //daemon,server端 docker-containerd docker-containerd-ctr docker-containerd-shim docker-init docker-proxy docker-runc container-storage-setup
//docker 社区版本 [root@ht6 bin]# docker version Client: Docker Engine - Community Version: 20.10.14 API version: 1.41 Go version: go1.16.15 //go编译环境版本 Git commit: a224086 Built: Thu Mar 24 01:49:57 2022 OS/Arch: linux/amd64 //架构不对 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.14 API version: 1.41 (minimum version 1.12) Go version: go1.16.15 Git commit: 87a90dc Built: Thu Mar 24 01:48:24 2022 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.5.11 GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8 runc: Version: 1.0.3 GitCommit: v1.0.3-0-gf46b6ba docker-init: Version: 0.19.0 GitCommit: de40ad0 [root@ht6 /usr/bin]# ls ... containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 container-storage-setup docker dockerd dockerd-rootless-setuptool.sh dockerd-rootless.sh docker-init docker-proxy ...
我们看下在linux下查看下帮助---
//我们看看ht5机器上的情况,docker版本是18.03.0-ce
[root@ht5 bin]# docker-containerd --help NAME: containerd - __ _ __ _________ ____ / /_____ _(_)___ ___ _________/ / / ___/ __ \/ __ \/ __/ __ `/ / __ \/ _ \/ ___/ __ / / /__/ /_/ / / / / /_/ /_/ / / / / / __/ / / /_/ / \___/\____/_/ /_/\__/\__,_/_/_/ /_/\___/_/ \__,_/ high performance container runtime USAGE: docker-containerd [global options] command [command options] [arguments...] VERSION: v1.0.2 COMMANDS: config information on the containerd config publish binary to publish events to containerd help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --config value, -c value path to the configuration file (default: "/etc/containerd/config.toml") --log-level value, -l value set the logging level [debug, info, warn, error, fatal, panic] --address value, -a value address for containerd's GRPC server --root value containerd root directory --state value containerd state directory --help, -h show help --version, -v print the version
[root@ht5 bin]# docker-containerd-shim --help Usage of docker-containerd-shim: -address string grpc address back to main containerd -containerd-binary containerd publish path to containerd binary (used for containerd publish) (default "containerd") -criu string path to criu binary -debug enable debug output in logs -namespace string namespace that owns the shim -runtime-root string root directory for the runtime (default "/run/containerd/runc") -socket string abstract socket path to serve -systemd-cgroup set runtime to use systemd-cgroup -workdir string path used to storge large temporary data [root@ht5 bin]# docker-containerd-ctr --help NAME: ctr - __ _____/ /______ / ___/ __/ ___/ / /__/ /_/ / \___/\__/_/ containerd CLI USAGE: docker-containerd-ctr [global options] command [command options] [arguments...] VERSION: v1.0.2 COMMANDS: plugins, plugin provides information about containerd plugins version print the client and server versions containers, c, container manage containers content manage content events, event display containerd events images, image manage images namespaces, namespace manage namespaces pprof provide golang pprof outputs for containerd run run a container snapshots, snapshot manage snapshots tasks, t, task manage tasks shim interact with a shim directly help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --debug enable debug output in logs --address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") --timeout value total timeout for ctr commands (default: 0s) --connect-timeout value timeout for connecting to containerd (default: 0s) --namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE] --help, -h show help --version, -v print the version [root@ht5 bin]# dockerd --help //docker守护进程 Usage: dockerd COMMAND A self-sufficient runtime for containers. Options: --add-runtime runtime Register an additional OCI compatible runtime (default []) --allow-nondistributable-artifacts list Allow push of nondistributable artifacts to registry --api-cors-header string Set CORS headers in the Engine API --authorization-plugin list Authorization plugins to load --bip string Specify network bridge IP -b, --bridge string Attach containers to a network bridge --cgroup-parent string Set parent cgroup for all containers --cluster-advertise string Address or interface name to advertise --cluster-store string URL of the distributed storage backend --cluster-store-opt map Set cluster store options (default map[]) --config-file string Daemon configuration file (default "/etc/docker/daemon.json") --containerd string containerd grpc address --cpu-rt-period int Limit the CPU real-time period in microseconds --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds --data-root string Root directory of persistent Docker state (default "/var/lib/docker") -D, --debug Enable debug mode --default-gateway ip Container default gateway IPv4 address --default-gateway-v6 ip Container default gateway IPv6 address --default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "shareable") --default-runtime string Default OCI runtime for containers (default "runc") --default-shm-size bytes Default shm size for containers (default 64MiB) --default-ulimit ulimit Default ulimits for containers (default []) --dns list DNS server to use --dns-opt list DNS options to use --dns-search list DNS search domains to use --exec-opt list Runtime execution options --exec-root string Root directory for execution state files (default "/var/run/docker") --experimental Enable experimental features --fixed-cidr string IPv4 subnet for fixed IPs --fixed-cidr-v6 string IPv6 subnet for fixed IPs -G, --group string Group for the unix socket (default "docker") --help Print usage -H, --host list Daemon socket(s) to connect to --icc Enable inter-container communication (default true) --init Run an init in the container to forward signals and reap processes --init-path string Path to the docker-init binary --insecure-registry list Enable insecure registry communication --ip ip Default IP when binding container ports (default 0.0.0.0) --ip-forward Enable net.ipv4.ip_forward (default true) --ip-masq Enable IP masquerading (default true) --iptables Enable addition of iptables rules (default true) --ipv6 Enable IPv6 networking --label list Set key=value labels to the daemon --live-restore Enable live restore of docker when containers are still running --log-driver string Default driver for container logs (default "json-file") -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --log-opt map Default log driver options for containers (default map[]) --max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3) --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) --metrics-addr string Set default address and port to serve the metrics api on --mtu int Set the containers network MTU --network-control-plane-mtu int Network Control plane MTU (default 1500) --no-new-privileges Set no-new-privileges by default for new containers --node-generic-resource list Advertise user-defined resource --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring --registry-mirror list Preferred Docker registry mirror --seccomp-profile string Path to seccomp profile --selinux-enabled Enable selinux support --shutdown-timeout int Set the default shutdown timeout (default 15) -s, --storage-driver string Storage driver to use --storage-opt list Storage driver options --swarm-default-advertise-addr string Set default address or interface for swarm advertised address --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote --userland-proxy Use userland proxy for loopback traffic (default true) --userland-proxy-path string Path to the userland proxy binary --userns-remap string User/Group setting for user namespaces -v, --version Print version information and quit Run 'dockerd COMMAND --help' for more information on a command. [root@ht5 bin]# docker-init --help docker-init: invalid option -- '-' docker-init (tini version 0.13.0 - git.949e6fa) Usage: docker-init [OPTIONS] PROGRAM -- [ARGS] | --version Execute a program under the supervision of a valid init process (docker-init) Command line options: --version: Show version and exit. -h: Show this help message and exit. -s: Register as a process subreaper (requires Linux >= 3.4). -v: Generate more verbose output. Repeat up to 3 times. -g: Send signals to the child's process group. -l: Show license and exit. Environment variables: TINI_SUBREAPER: Register as a process subreaper (requires Linux >= 3.4) TINI_VERBOSITY: Set the verbosity level (default: 1) [root@ht5 bin]# docker-runc --help NAME: runc - Open Container Initiative runtime runc is a command line client for running applications packaged according to the Open Container Initiative (OCI) format and is a compliant implementation of the Open Container Initiative specification. runc integrates well with existing process supervisors to provide a production container runtime environment for applications. It can be used with your existing process monitoring tools and the container will be spawned as a direct child of the process supervisor. Containers are configured using bundles. A bundle for a container is a directory that includes a specification file named "config.json" and a root filesystem. The root filesystem contains the contents of the container. To start a new instance of a container: # runc run [ -b bundle ] <container-id> Where "<container-id>" is your name for the instance of the container that you are starting. The name you provide for the container instance must be unique on your host. Providing the bundle directory using "-b" is optional. The default value for "bundle" is the current directory. USAGE: docker-runc [global options] command [command options] [arguments...] VERSION: 1.0.0-rc5 commit: 4fc53a81fb7c994640722ac585fa9ca548971871 spec: 1.0.0 COMMANDS: checkpoint checkpoint a running container create create a container delete delete any resources held by the container often used with detached container events display container events such as OOM notifications, cpu, memory, and IO usage statistics exec execute new process inside the container init initialize the namespaces and launch the process (do not call it outside of runc) kill kill sends the specified signal (default: SIGTERM) to the container's init process list lists containers started by runc with the given root pause pause suspends all processes inside the container ps ps displays the processes running inside a container restore restore a container from a previous checkpoint resume resumes all processes that have been previously paused run create and run a container spec create a new specification file start executes the user defined process in a created container state output the state of a container update update container resource constraints help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --debug enable debug output for logging --log value set the log file path where internal debug information is written (default: "/dev/null") --log-format value set the format used by logs ('text' (default), or 'json') (default: "text") --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc") --criu value path to the criu binary used for checkpoint and restore (default: "criu") --systemd-cgroup enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234" --help, -h show help --version, -v print the version
___________________________________________________________________________________________________________________________________
//ht6的机器情况,版本是20.10.14
[root@ht6 bin]# containerd --help //容器管理
NAME:
containerd -
__ _ __
_________ ____ / /_____ _(_)___ ___ _________/ /
/ ___/ __ \/ __ \/ __/ __ `/ / __ \/ _ \/ ___/ __ /
/ /__/ /_/ / / / / /_/ /_/ / / / / / __/ / / /_/ /
\___/\____/_/ /_/\__/\__,_/_/_/ /_/\___/_/ \__,_/
high performance container runtime
USAGE:
containerd [global options] command [command options] [arguments...]
VERSION:
1.5.11
DESCRIPTION:
containerd is a high performance container runtime whose daemon can be started
by using this command. If none of the *config*, *publish*, or *help* commands
are specified, the default action of the **containerd** command is to start the
containerd daemon in the foreground.
A default configuration is used if no TOML configuration is specified or located
at the default file location. The *containerd config* command can be used to
generate the default configuration for containerd. The output of that command
can be used and modified as necessary as a custom configuration.
COMMANDS:
config information on the containerd config
publish binary to publish events to containerd
oci-hook provides a base for OCI runtime hooks to allow arguments to be injected.
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--config value, -c value path to the configuration file (default: "/etc/containerd/config.toml")
--log-level value, -l value set the logging level [trace, debug, info, warn, error, fatal, panic]
--address value, -a value address for containerd's GRPC server
--root value containerd root directory
--state value containerd state directory
--help, -h show help
--version, -v print the versio
containerd-shim --help [root@ht6 bin]# containerd-shim --help //用来组装runc命令的参数,负责容器中进程的启动 Usage of containerd-shim: -address string grpc address back to main containerd -containerd-binary containerd publish path to containerd binary (used for containerd publish) (default "containerd") -criu string path to criu binary -debug enable debug output in logs -namespace string namespace that owns the shim -runtime-root string root directory for the runtime (default "/run/containerd/runc") -socket string socket path to serve -systemd-cgroup set runtime to use systemd-cgroup -workdir string path used to storge large temporary data containerd-shim-runc-v1 --help [root@ht6 bin]# containerd-shim-runc-v1 --help Usage of containerd-shim-runc-v1: -address string grpc address back to main containerd -bundle string path to the bundle if not workdir -debug enable debug output in logs -id string id of the task -namespace string namespace that owns the shim -publish-binary string path to publish binary (used for publishing events) (default "containerd") -socket string socket path to serve -v show the shim version and exit container-storage-setup --help [root@ht6 bin]# container-storage-setup --help Usage: container-storage-setup [OPTIONS] Usage: container-storage-setup [OPTIONS] COMMAND [arg...] Grows the root filesystem and sets up storage for container runtimes Options: --help Print help message --reset Reset your docker storage to init state. //重置docker存贮的初始化状态 --version Print version information. Commands: create Create storage configuration //创建一个存储配置 activate Activate storage configuration //激活一个存储配置 deactivate Deactivate storage configuration //停止存储配置 remove Remove storage configuration //删除一个存储配置 list List storage configuration //列出存储配置 export Send storage configuration output file to stdout add-dev Add block device to storage configuration 用pstree查看下docker进程之间的关系 [root@ht5 bin]# ps -ef | grep docker | more root 1384 1 1 Feb18 ? 17:28:15 /usr/bin/dockerd ...... [root@ht5 bin]# yum -y install psmisc //安装pstree [root@ht5 bin]# pstree -l -a -A 1384 //dockerd的进程pid dockerd |-docker-containe --config /var/run/docker/containerd/containerd.toml | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/79855c5387398e98be32fea5563cf244a492f0bb50d9c187a98290f91a1d7588 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-pause | | `-10*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/a68c237edc2e16dadd42b148239e188c1e0acecf5ac73ca2386cdccf46f130a1 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-pause | | `-9*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/575e05ff775d45897b006f501ad2b94b3160ff7bad58a160e7af2ba8a4c3c6af -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-pause | | `-10*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/3a693c4dd76ac9c1ec73cd484f80bdb9a15081e81524301a1bd8f77efb30237a -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-node_exporter --web.listen-address=0.0.0.0:9796 --path.procfs=/host/proc --path.sysfs=/host/sys --path.rootfs=/host --collector.arp --collector.bcache --collector.bonding --no-collector.buddyinfo --collector.conntrack --collector.cpu --collector.diskstats --no-collector.drbd --collector.edac --collector.entropy --collector.filefd --collector.filesystem --collector.hwmon --collector.infiniband --no-collector.interrupts --collector.ipvs --no-collector.ksmd --collector.loadavg --no-collector.logind --collector.mdadm --collector.meminfo --no-collector.meminfo_numa --no-collector.mountstats --collector.netdev --collector.netstat --collector.nfs --collector.nfsd --no-collector.ntp --no-collector.processes --no-collector.qdisc --no-collector.runit --collector.sockstat --collector.stat --no-collector.supervisord --no-collector.systemd --no-collector.tcpstat --collector.textfile --collector.time --collector.timex --collector.uname --collector.vmstat --no-collector.wifi --collector.xfs --collector.zfs | | | `-18*[{node_exporter}] | | `-10*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/b3ec5c8759d42e5e3bda0a8d3cf98fb6b515ec040df8a4f08d624404a767c886 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-pause | | `-9*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/c03983f6a002e098dff4b150d754783e5c404841032f79befe44a42b96a2b471 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-agent | | | `-17*[{agent}] | | `-10*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/80aa0afc8dab05b7d213bc5a2ee1c8d959688a6b5979c2490eb133237c13b69b -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-install-cni.sh /install-cni.sh | | | `-sleep 10 | | `-8*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/96004c815035b7b8bcb6ca60b3757df2c3b3707e676f393b68365f24fa8b4cfa -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-node_exporter --path.procfs /host/proc --path.sysfs /host/sys --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)" | | | `-4*[{node_exporter}] | | `-10*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/8fc9e21f1a663c2ea2536f83000c36107ffb0744c468d15925de2d2dbb052154 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-pause | | `-8*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/7ed999beb392c686c97e61e561fb765bbfdb0f8e1b6cf76988436c117ac18d3a -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-node-problem-de --system-log-monitors=/config/kernel-monitor.json | | | `-17*[{node-problem-de}] | | `-10*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/c7a1d5ed96ae2c6b18b30e4ae627285b9c28145041eadc44cb3af9e884099788 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-nginx | | | |-nginx | | | |-nginx | | | |-nginx | | | |-nginx | | | |-nginx | | | |-nginx | | | |-nginx | | | `-nginx | | `-8*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/abf2eae3e0d0e6dda34d53a376beaf64b9be1f759019e2897d0d85ac6d36d039 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-runsvdir -P /etc/service/enabled | | | |-runsv felix | | | | `-calico-felix | | | | `-22*[{calico-felix}] | | | |-runsv bird | | | | `-bird -R -s /var/run/calico/bird.ctl -d -c /etc/calico/confd/config/bird.cfg | | | |-runsv bird6 | | | | `-bird6 -R -s /var/run/calico/bird6.ctl -d -c /etc/calico/confd/config/bird6.cfg | | | |-runsv confd | | | | `-confd -confdir=/etc/calico/confd | | | | `-19*[{confd}] | | | `-runsv libnetwork | | | `-libnetwork-plug | | | `-12*[{libnetwork-plug}] | | `-8*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/a4777feb9e6aea27d5ea5f9f17fe5701fea72674d4813c4bc0232d22ab5b8535 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-pause | | `-8*[{docker-containe}] | |-docker-containe -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/b586a24025aabe242add57ad5c694c17adc05c67c290241582023de8ab83d011 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc | | |-sh -c start-zookeeper --servers=3 --data_dir=/var/lib/zookeeper/data --data_log_dir=/var/lib/zookeeper/data/log --conf_dir=/opt/zookeeper/conf --client_port=2181 --election_port=3888 --server_port=2888 --tick_time=2000 --init_limit=10 --sync_limit=5 --heap=4G --max_client_cnxns=60 --snap_retain_count=3 --purge_interval=12 --max_session_timeout=40000 --min_session_timeout=4000 --log_level=INFO | | | `-java -Dzookeeper.log.dir=/var/log/zookeeper -Dzookeeper.root.logger=INFO,CONSOLE -cp /usr/bin/../build/classes:/usr/bin/../build/lib/*.jar:/usr/bin/../share/zookeeper/zookeeper-3.4.10.jar:/usr/bin/../share/zookeeper/slf4j-log4j12-1.6.1.jar:/usr/bin/../share/zookeeper/slf4j-api-1.6.1.jar:/usr/bin/../share/zookeeper/netty-3.10.5.Final.jar:/usr/bin/../share/zookeeper/log4j-1.2.16.jar:/usr/bin/../share/zookeeper/jline-0.9.94.jar:/usr/bin/../src/java/lib/*.jar:/usr/bin/../etc/zookeeper: -Xmx4G -Xms4G -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.local.only=false org.apache.zookeeper.server.quorum.QuorumPeerMain /usr/bin/../etc/zookeeper/zoo.cfg | | | `-38*[{java}] | | `-10*[{docker-containe}] | `-34*[{docker-containe}] `-22*[{dockerd}]
containerd容器管理工具
//该机器安装的是20.10版本的docer-ce
[root@ht6 bin]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2022-04-21 08:57:59 CST; 4 days ago
Docs: https://containerd.io
Process: 1396 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 1414 (containerd)
Tasks: 27
Memory: 97.2M
CGroup: /system.slice/containerd.service
├─1414 /usr/bin/containerd
└─1870 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 59a690d4aa20bbc5121e08f61b01d12e2c0ec784ad604620705bc8f94c426344 -address /run/containerd/co...
Apr 21 08:57:59 ht6.node containerd[1414]: time="2022-04-21T08:57:59.515115635+08:00" level=info msg="loading plugin \"io.containerd.grpc.v1.introspectio...rd.grpc.v1
Apr 21 08:57:59 ht6.node containerd[1414]: time="2022-04-21T08:57:59.515299761+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc
Apr 21 08:57:59 ht6.node containerd[1414]: time="2022-04-21T08:57:59.515343600+08:00" level=info msg=serving... address=/run/containerd/containerd.sock
Apr 21 08:57:59 ht6.node containerd[1414]: time="2022-04-21T08:57:59.515396318+08:00" level=info msg="containerd successfully booted in 0.197064s"
Apr 21 08:58:06 ht6.node containerd[1414]: time="2022-04-21T08:58:06.154297646+08:00" level=info msg="starting signal loop" namespace=moby path=/run/cont...f pid=1731
Apr 21 08:58:07 ht6.node containerd[1414]: time="2022-04-21T08:58:07.928502417+08:00" level=info msg="shim disconnected" id=92e936c69bcac8adad85e785df00f...0ce3efc70f
Apr 21 08:58:07 ht6.node containerd[1414]: time="2022-04-21T08:58:07.928560356+08:00" level=warning msg="cleaning up after shim disconnected" id=92e936c6...space=moby
Apr 21 08:58:07 ht6.node containerd[1414]: time="2022-04-21T08:58:07.928571506+08:00" level=info msg="cleaning up dead shim"
Apr 21 08:58:07 ht6.node containerd[1414]: time="2022-04-21T08:58:07.938459757+08:00" level=warning msg="cleanup warnings time=\"2022-04-21T08:58:07+08:0...id=1833\n"
Apr 21 08:58:08 ht6.node containerd[1414]: time="2022-04-21T08:58:08.136200681+08:00" level=info msg="starting signal loop" namespace=moby path=/run/cont...4 pid=1870
Hint: Some lines were ellipsized, use -l to show in full.
//重启containerd
[root@ht5 bin]# systemctl restart containerd
//查看服务文件 /usr/lib/systemd/system/containerd.service
[root@ht6 bin]# cat /usr/lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
我们比较下这两个版本下的docker info的输出
[root@ht5 bin]# docker info Containers: 24 Running: 14 Paused: 0 Stopped: 10 Images: 68 Server Version: 18.03.0-ce Storage Driver: overlay2 //docker存储驱动程序 Backing Filesystem: xfs //容器的文件存储格式,由于默认docker的存储路径是/var/lib/docker,
文件类型是xfs,对 Docker 来说,backing filesystem 就是 /var/lib/docker/ 所在的文件系统 Supports d_type: false Native Overlay Diff: true Logging Driver: json-file //日志驱动程序 Cgroup Driver: cgroupfs //cgroupfs驱动程序 Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive //swarm集群工具状态 Runtimes: runc //默认的运行期runtime,docker-runc即runc Default Runtime: runc //默认的就是docker-runc Init Binary: docker-init containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c runc version: 4fc53a81fb7c994640722ac585fa9ca548971871 init version: 949e6fa Security Options: seccomp Profile: default Kernel Version: 3.10.0-1160.42.2.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64(架构) CPUs: 8 //cpu数量 Total Memory: 15.65GiB Name: ht5.node ID: BGK3:6SSW:KQ56:JJTE:FUYP:RQKJ:37C5:AIXY:UEQM:FJIV:ZUFY:5527 Docker Root Dir: /var/lib/docker //默认安装的目录 Debug Mode (client): false //debug client模式 Debug Mode (server): false //debug server模式 Registry: https://index.docker.io/v1/ //镜像仓库 Labels: Experimental: false Insecure Registries: #非安全镜像仓库 127.0.0.0/8 Live Restore Enabled: false WARNING: overlay2: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior. Reformat the filesystem with ftype=1 to enable d_type support. Running without d_type support will not be supported in future releases. //这里有个警告,希望你设置ftype=1
[root@ht5 mapper]# xfs_info /
meta-data=/dev/mapper/centos-root isize=256 agcount=4, agsize=6259200 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0 finobt=0 spinodes=0
data = bsize=4096 blocks=25036800, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal bsize=4096 blocks=12225, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@ht5 mapper]# cat /etc/sysconfig/docker-storage.rpmsave
DOCKER_STORAGE_OPTIONS="--storage-driver overlay2 "
[root@ht5 sysconfig]# cat /etc/udev/rules.d/80-docker.rules
# hide docker's loopback devices from udisks, and thus from user desktops
SUBSYSTEM=="block", ENV{DM_NAME}=="docker-*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"
SUBSYSTEM=="block", DEVPATH=="/devices/virtual/block/loop*", ATTR{loop/backing_file}=="/var/lib/docker/*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"
[root@ht6 bin]# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Docker Buildx (Docker Inc., v0.8.1-docker) scan: Docker Scan (Docker Inc., v0.17.0) Server: Containers: 16 Running: 1 Paused: 0 Stopped: 15 Images: 29 Server Version: 20.10.14 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8 runc version: v1.0.3-0-gf46b6ba init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 3.10.0-1160.62.1.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 15.65GiB Name: ht6.node ID: FO3V:IUJ2:AULG:BBG5:43ZW:BCVD:BKEY:6T6C:V4K7:IGEE:XZKD:KWFI Docker Root Dir: /var/lib/docker //这个根目录是可以改变的 Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: overlay2: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior. Reformat the filesystem with ftype=1 to enable d_type support. //设置ftype=1 Running without d_type support will not be supported in future releases.
docker配置文件我们看下
[root@ht5 bin]# cat /lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity //设置LimitNOFILE=infinity就等于LimitNOFILE=65536,用这个看下: cat /proc/`pidof dockerd`/limits |grep files LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target
//查找 locate multi-user.target
[root@ht5 bin]# cat /proc/`pidof dockerd`/limits |grep files
Max open files 1048576 1048576 files
//nproc是操作系统级别对每个用户创建的进程数的限制,在Linux下运行多线程时,每个线程的实现其实是一个轻量级的进程,对应的术语是:light weight process(LWP)
[root@ht5 bin]# cat /etc/security/limits.d/20-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
* soft nproc 4096
root soft nproc unlimited
我们看看这些命令的使用和作用 /usr/bin下的程序
| 组件名称(linux下的docker安装后的二进制命令程序) | 关键作用 | 具体阐述 |
| dockerd | 用于管理容器的守护进程 |
docker是可以分为服务端和客户端的,docker client和dockerd,是一个客户端工具,用来把用户的请求发送给docker daemon(dockerd),dockerd本身实属是对容器相关操作的api的最上层封装,直接面向操作用户
dockerd是docker的守护进程. 源码: E:\git客户端\moby\cmd\dockerd https://github.com/moby/moby |
| containerd |
containerd是真正管控容器的daemon(守护进程),执行容器的时候用的是runc dockerd实际真实调用的还是containerd的api接口(rpc方式实现), containerd是dockerd和runc之间的一个中间交流组件.(dockerd-->containerd--->runc) 具体作用有: 1)、管理容器的生命周期(从创建容器到销毁容器) 2)、拉取/推送容器镜像 3)、存储管理(管理镜像及容器数据的存储) 4)、调用runC运行容器(与runC等容器运行时交互) 5)、管理容器网络接口及网络 源码地址:https://github.com/containerd/containerd |
|
| docker-shim |
docker-shim是一个真实运行的容器的真实垫片载体,每启动一个容器都会起一个新的docker-shim的一个进程, containerd-shim位于containerd和runc之间,当containerd需要创建运行容器时,它没有直接运行runc,而是运行了shim,再由shim间接的运行runc |
|
docker-runc |
创建运行容器 |
docker-runc命令就是runc,它是一个命令行工具端,创建容器,其实最终通过runc, 他根据oci(开放容器组织)的标准来创建和运行容器。 runc是从Docker的libcontainer中迁移而来的,实现了容器启停、资源隔离等功能. 什么意思呢? 按照 OCI 标准有一个配置文件 config.json 说明如何运行容器
https://github.com/opencontainers/runc |
docker-containerd-shim |
负责容器中进程的启动 |
containerd 内部使用containerd-shim,每启动一个容器都会创建一个新的containerd-shim进程 容器中的shim是充当containerd和runc之间的中间件,用来组装runc命令的参数,负责容器中进程的启动 |
| docker-proxy |
docker-proxy provides a network Proxy interface and implementations for TCP and UDP https://github.com/moby/moby/tree/master/cmd/docker-proxy |
相关部分参考资料:
https://blog.51cto.com/u_12182612/2476093 OCI 容器镜像(images spec) https://github.com/opencontainers/image-spec/blob/master/config.md https://github.com/opencontainers/image-spec/blob/master/layer.md https://github.com/opencontainers/image-spec/blob/master/manifest.md https://github.com/opencontainers/runtime-spec oci的一些介绍 https://www.likecs.com/show-305887854.html //docker之前的开源版本 https://github.com/docker/docker-ce https://github.com/docker/docker-ce/tree/master/components An open and reliable container runtime https://github.com/containerd/ https://github.com/containerd/containerd CLI and validation tools for Kubelet Container Runtime Interface (CRI) https://github.com/kubernetes-sigs/ https://github.com/kubernetes-sigs/cri-tools Container Network Interface - networking for Linux containers https://github.com/containernetworking https://github.com/containernetworking/cni runc is a CLI tool for spawning(触发) and running containers on Linux according to the OCI specification https://github.com/opencontainers/runc
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?