Loading

nerdctl 套件

nerdctl 套件

准备 nerdctl 全量安装包

# github containerd/nerdctl 项目 release 中下载 full 包,例如:
wget https://github.com/containerd/nerdctl/releases/download/v0.22.2/nerdctl-full-0.22.2-linux-amd64.tar.gz

tar xzvf nerdctl-full-0.22.2-linux-amd64.tar.gz -C /usr/local/

解压文件说明:

  • bin 服务二进制文件,一些配置脚本类,例如:
    • containerd, ctr 容器运行时
    • runc
    • nerdctl 类似 dockercli 的工具
    • buildkit 镜像构建工具
  • lib 服务托管 systemd service 文件
    • buildkitd
    • containerd
  • libexec containernetowrk/plugins 中的工具
  • share nertctl 项目的官方文档说明

配置文件

containerd 配置文件

mkdir /etc/containerd/certs.d/registry.my.io -p
cd /etc/containerd
vim config.toml
  • config.toml
root = "/data/containerd/root"
state = "/data/containerd/state"

version = 2

[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"
    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
      runtime_type = "io.containerd.runc.v2"
      sandbox_mode = "podsandbox"
    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
      SystemdCgroup = true
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.my.io/kubernetes/pause:3.2"
    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = "/etc/containerd/certs.d"
  • 镜像仓库配置 registry.my.io/hosts.toml
server = "http://registry.my.io"

[host."http://registry.my.io"]
  capabilities = ["pull","resolve"]
  skip_verify = true

buildkitd 配置文件修改

mkdir /etc/buildkit/ -p
vim /etc/buildkit/buildkitd.toml

debug = true
root = "/data/buildkit"

[registry."registry.my.io"]
  http = true

Buildkitd_config

nerdctl 配置文件

mkdir -p /etc/nerdctl/
vim /etc/nerdctl/nerdctl.toml


data_root = "/data/containerd/nerdctl/"
  • 注:不建议在 nerdctl 中配置 insecure_registry = true ,因为这个选项是全局的,无论是拉取 httphttps 都会跳过认证

服务安装验证

# 启动 buildkitd ,containerd 服务
systemctl start buildkitd 
systemctl start containerd
systemctl enable buildkitd
systemctl enable containerd

# 使用 nerdctl 拉取私有仓库镜像
nerdctl pull registry.my.io/lib/nginx:1.19
# 运行一个容器试试
nerdctl run -d -p 8888:80 registry.my.io/lib/nginx:1.19
# 基于下文 compose.yaml 启动个编排配置
# -f 会基于 compose.yaml 中的配置设置网络,如果没有设置则用默认的
# 不指定 -f 参数,则会创建一个网桥,命名规则: <PWD_DIR>_<NAMESPACE> ,配置文件: nerdctl-<PWD_DIR>_<NAMESPACE>.conflist
nerdctl compose -f compose.yaml up -d 

# compose.yaml
version: '3.3'
services:
    nginx:
        ports:
            - '8080:80'
        volumes:
            - '/data/log/nginx:/var/log/nginx'
        image: 'nginx:1.19'
posted @ 2022-09-06 17:38  尚墨  阅读(655)  评论(0编辑  收藏  举报