containerd安装

下载安装包

sudo curl -SLo /usr/local/src/cri-containerd-1.6.9-linux-amd64.tar.gz https://github.com/containerd/containerd/releases/download/v1.6.9/cri-containerd-1.6.9-linux-amd64.tar.gz
sudo curl -SLo /usr/local/src/runc.amd64 https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64

cri-containerd 有包含 runc 二进制文件,但是编译的时候没有包含 libseccomp 依赖。

两个方法解决:

  1. 下载包含 libseccomp 依赖的 runc 二进制文件(本文章采用该方式)
  2. 宿主机安装依赖。例如用于 CentOS 的 libseccomp-devel,或用于 Ubuntu 的 libseccomp-dev

解压文件

sudo mkdir /opt/cri-containerd
sudo tar xf /usr/local/src/cri-containerd-1.6.9-linux-amd64.tar.gz -C /opt/cri-containerd
sudo cp /opt/cri-containerd/usr/local/bin/* /usr/local/bin
sudo cp /usr/local/src/runc.amd64 /usr/local/bin/runc && chmod +x /usr/local/bin/runc

加载内核模块

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

设置 sysctl 参数

cat <<EOF | sudo tee /etc/sysctl.d/containerd.conf > /dev/null
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

sudo sysctl -p /etc/sysctl.d/containerd.conf

将目录加入搜索命令路径

注意:需要重新登录

sudo grep '/usr/local/bin' /etc/sudoers | grep -q secure_path
if [ $? -ne 0 ];then
    egrep -q '^[^#].*secure_path.*[[:space:]]{1,}$' /etc/sudoers || \
	sed -ri 's@^([^#].*secure_path.*)$@\1:/usr/local/bin@g' /etc/sudoers
fi

生成contaienrd配置文件

sudo mkdir -p /etc/containerd/certs.d
containerd config default | sudo tee /etc/containerd/config.toml

修改containerd默认配置

# 修改containerd存储目录
sudo sed -ri 's@^(root).*@\1 = "/data/containerd"@g' /etc/containerd/config.toml

# 修改containerd沙河镜像
sudo sed -ri 's@(sandbox_image).*@\1 = "registry.aliyuncs.com/google_containers/pause:3.6"@g' /etc/containerd/config.toml

# containerd开启cgroup功能
sudo sed -ri 's@(SystemdCgroup).*@\1 = true@g' /etc/containerd/config.toml

# containerd设置registry配置目录
sudo sed -ri 's@(config_path).*@\1 = "/etc/containerd/certs.d"@g' /etc/containerd/config.toml

注意:ctr 默认操作的是 default 命名空间

配置systemd服务

sudo cp /opt/cri-containerd/etc/systemd/system/containerd.service /usr/lib/systemd/system
sudo sed -ri 's@(ExecStart)=.*@\1=/usr/local/bin/containerd --config /etc/containerd/config.toml@g' /usr/lib/systemd/system/containerd.service

清理解压文件

sudo rm -rf /opt/cri-containerd

启动containerd

sudo systemctl daemon-reload
sudo systemctl enable containerd --now

crictl连接containerd配置文件

cat <<-EOF | sudo tee /etc/crictl.yaml > /dev/null
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF

注意:crictl 默认操作的是 k8s.io 命名空间

验证服务

$ sudo /usr/local/bin/ctr version
Client:
  Version:  v1.6.9
  Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f
  Go version: go1.18.7

Server:
  Version:  v1.6.9
  Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f
  UUID: 174c85ff-e5c0-4150-b3ee-5eb685554b88

$ sudo /usr/local/bin/ctr -n k8s.io image pull registry.aliyuncs.com/google_containers/pause:3.2
registry.aliyuncs.com/google_containers/pause:3.2:                                resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814f:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108: done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:c74f8866df097496217c9f15efe8f8d3db05d19d678a02d01cc7eaed520bb136:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 1.1 s                                                                    total:  1.7 Ki (1.5 KiB/s)                                       
unpacking linux/amd64 sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814f...
done: 33.40955ms

$ sudo /usr/local/bin/ctr -n k8s.io image ls
REF                                                                     TYPE                                                      DIGEST                                                                  SIZE      PLATFORMS                                                      LABELS                          
registry.aliyuncs.com/google_containers/pause:3.2                       application/vnd.docker.distribution.manifest.list.v2+json sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814f 292.5 KiB linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x io.cri-containerd.image=managed
posted @   jiaxzeng  阅读(303)  评论(0编辑  收藏  举报
相关博文:
·  containerd + nerdctl + buildkit 实现docker cli 和 docker-compose 功能
·  运行时(docker, containerd)配置推拉镜像参数
·  containerd
·  k8s的容器运行时是containerd的安装步骤
·  二进制部署containerd与runc && ubuntu系统
阅读排行:
· winform 绘制太阳,地球,月球 运作规律
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· AI 智能体引爆开源社区「GitHub 热点速览」
· Manus的开源复刻OpenManus初探
· 写一个简单的SQL生成工具
点击右上角即可分享
微信分享提示