containerd 容器
#containerd管理操作
yum -y install libseccomp-devel
wget https://github.com/containerd/containerd/releases/download/v1.5.7/cri-containerd-cni-1.5.7-linux-amd64.tar.gz
tar -zxf cri-containerd-cni-1.5.7-linux-amd64.tar.gz -C /
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
systemctl enable containerd --now
systemctl status containerd
systemctl restart containerd
ctr version
ctr plugin ls 查看插件列表
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://bqr1dr1n.mirror.aliyuncs.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://registry.aliyuncs.com/k8sxio"]
[root@vultr ~]# ctr image pull docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:2452715dd322b3273419652b7721b64aa60305f606ef7a674ae28b6f12d155a3: exists |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:fcba10206c0e29bc2c6c5ede2d64817c113de5bfaecf908b3b7b158a89144162: exists |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2806408d582ebcfd09c12dc43d07148e367d606a72116630d31ed472feb59d62: exists |++++++++++++++++++++++++++++++++++++++|
config-sha256:b997307a58ab5b542359e567c9f77bb2a7cc3da1432baf6de2b3ae3e7b872070: exists |++++++++++++++++++++++++++++++++++++++|
layer-sha256:213ec9aee27d8be045c6a92b7eac22c9a64b44558193775a1a7f626352392b49: exists |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ae98275d0ecb61b725943a77d453c4de98444b1752482861a5c1e57e350a70b5: exists |++++++++++++++++++++++++++++++++++++++|
layer-sha256:121e2d9f6af29eabd4ae2a52625c5a00d1208589259c989b4842f82b29aceff9: exists |++++++++++++++++++++++++++++++++++++++|
layer-sha256:6a07d505af0fac2dc907688187e796549a8d294dac1fa4ef0dbdcfea640b2f9b: exists |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3e8957b70867da3e0f1f0a51f96c3c666fefb635648f6dc168f8fbc1b58e72c7: exists |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.4 s total: 0.0 B (0.0 B/s)
unpacking linux/amd64 sha256:2452715dd322b3273419652b7721b64aa60305f606ef7a674ae28b6f12d155a3...
done: 8.007935ms
ctr image tag docker.io/library/nginx:alpine harbor.k8s.local/course/nginx:alpine 打标签
ctr image rm harbor.k8s.local/course/nginx:alpine 删除镜像
ctr image ls -q
[root@vultr ~]# ctr image mount docker.io/library/nginx:alpine /root/ctrdemo/ 挂载镜像到目录
sha256:43695da83088569e26588846489304f12e5fe836330b5e8e52e96276bf767159
/root/ctrdemo/
ctr i export --platform linux/amd64 nginx.tar.gz docker.io/library/nginx:alpine 导出镜像nginx.tar.gz
#创建容器
ctr c create docker.io/library/nginx:alpine nginx
#查看容器信息
ctr c info nginx
#启动容器
[root@vultr ~]# ctr task start -d nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
#查看容器进程
[root@vultr ~]# ctr task ls
TASK PID STATUS
nginx 13207 RUNNING
#进入容器
[root@vultr ~]# ctr task exec --exec-id 1 -t nginx sh
#暂停这个容器
[root@vultr ~]# ctr task pause nginx
#恢复容器
[root@vultr ~]# ctr task resume nginx
#查看容器内存 cpu信息
[root@vultr ~]# ctr task metrics nginx
ID TIMESTAMP
nginx 2022-11-07 04:35:59.11390163 +0000 UTC
METRIC VALUE
memory.usage_in_bytes 2727936
memory.limit_in_bytes 9223372036854771712
memory.stat.cache 1339392
cpuacct.usage 34855699
cpuacct.usage_percpu [34855699]
pids.current 2
pids.limit 0
#查看在宿主机的上的pid
[root@vultr ~]# ctr task ps nginx
PID INFO
13207 -
13244 -
#安装管理命令 nerdctl
wget https://github.com/containerd/nerdctl/releases/download/v1.0.0/nerdctl-1.0.0-linux-amd64.tar.gz
mv nerdctl usr/local/bin
[root@vultr ~]# ctr -n moby container ls
CONTAINER IMAGE RUNTIME
#安装网络插件cni
https://github.com/containernetworking/plugins/releases
下载安装cni,并解压到/usr/local/cni/bin目录下
root@containerd:/tools# mkdir /opt/cni/bin -p
root@containerd:/tools# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
#nerdctl进入容器
[root@vultr ~]# ctr c ls
CONTAINER IMAGE RUNTIME
e5d4d004aa105f6675cc9d1f8fa850cef5ef034ac8c6cf6ec11921c89ee51063 docker.io/library/nginx:alpine io.containerd.runc.v2
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
[root@vultr ~]# nerdctl exec -it e5d4d004aa105f6675cc9d1f8fa850cef5ef034ac8c6cf6ec11921c89ee51063 /bin/sh
#查看容器
[root@vultr ~]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e5d4d004aa10 docker.io/library/nginx:alpine "/docker-entrypoint.…" 9 minutes ago Up 0.0.0.0:80->80/tcp nginx
nginx docker.io/library/nginx:alpine "/docker-entrypoint.…" 2 hours ago Up
#查看日志
[root@vultr ~]# ctr c ls
CONTAINER IMAGE RUNTIME
e5d4d004aa105f6675cc9d1f8fa850cef5ef034ac8c6cf6ec11921c89ee51063 docker.io/library/nginx:alpine io.containerd.runc.v2
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
[root@vultr ~]# nerdctl logs -f e5d4d004aa105f6675cc9d1f8fa850cef5ef034ac8c6cf6ec11921c89ee51063
#查看几行日志
[root@vultr ~]# nerdctl logs -f e5d4d004aa105f6675cc9d1f8fa850cef5ef034ac8c6cf6ec11921c89ee51063 -n 1200
#nerdctl 打标签
[root@vultr ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
busybox latest 6bdd92bf5240 5 minutes ago linux/amd64 1.3 MiB 759.1 KiB
harbor.k8s.io latest 2452715dd322 About a minute ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k9s.io latest 2452715dd322 4 seconds ago linux/amd64 26.4 MiB 9.8 MiB
nginx alpine 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k8s.local latest 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
[root@vultr ~]# nerdctl tag nginx:alpine harbor.k9s.io
#导出镜像nerdctl
[root@vultr ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
busybox latest 6bdd92bf5240 5 minutes ago linux/amd64 1.3 MiB 759.1 KiB
harbor.k8s.io latest 2452715dd322 About a minute ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k9s.io latest 2452715dd322 4 seconds ago linux/amd64 26.4 MiB 9.8 MiB
nginx alpine 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k8s.local latest 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
[root@vultr ~]# nerdctl tag nginx:alpine harbor.k9s.io^C
[root@vultr ~]# nerdctl save -o busybox.tar.gz busybox
#删除镜像
[root@vultr ~]# nerdctl rmi busybox
Untagged: docker.io/library/busybox:latest@sha256:6bdd92bf5240be1b5f3bf71324f5e371fe59f0e153b27fa1f1620f78ba16963c
Deleted: sha256:0438ade5aeea533b00cd75095bec75fbc2b307bace4c89bb39b75d428637bcd8
[root@vultr ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
harbor.k8s.io latest 2452715dd322 5 minutes ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k9s.io latest 2452715dd322 4 minutes ago linux/amd64 26.4 MiB 9.8 MiB
nginx alpine 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k8s.local latest 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
#导入镜像
[root@vultr ~]# nerdctl load -i busybox.tar.gz
unpacking docker.io/library/busybox:latest (sha256:6bdd92bf5240be1b5f3bf71324f5e371fe59f0e153b27fa1f1620f78ba16963c)...
Loaded image: docker.io/library/busybox:latest[root@vultr ~]# ls
[root@vultr ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
busybox latest 6bdd92bf5240 10 seconds ago linux/amd64 1.3 MiB 759.1 KiB
harbor.k8s.io latest 2452715dd322 6 minutes ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k9s.io latest 2452715dd322 5 minutes ago linux/amd64 26.4 MiB 9.8 MiB
nginx alpine 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
harbor.k8s.local latest 2452715dd322 3 hours ago linux/amd64 26.4 MiB 9.8 MiB
#安装buildkit
https://github.com/moby/buildkit/releases/download/v0.10.5/buildkit-v0.10.5.linux-amd64.tar.gz
mv bin/* /usr/local/bin
cat > /etc/systemd/system/buildkit.service << 'EOF'
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Service]
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
EOF
[root@vultr ~]# systemctl daemon-reload
[root@vultr ~]# systemctl enable buildkit --now
#构建镜像
nerdctl build -t nginx:nerd -f Dockerfile .
#运行容器
[root@vultr ~]# nerdctl run -d -p 81:81 --name=ngixx nginx:nerd
a3f28f1babcb13beb7986f77be17658c0c4a002aefafaff5ca752672824b1927
#查看cgroup
[root@vultr ~]# cat /proc/cgroups
#subsys_name hierarchy num_cgroups enabled
cpuset 5 7 1
cpu 7 61 1
cpuacct 7 61 1
memory 8 61 1
devices 3 61 1
freezer 2 7 1
net_cls 6 7 1
blkio 4 61 1
perf_event 11 7 1
hugetlb 10 7 1
pids 9 61 1
net_prio 6 7 1
[root@vultr ~]# df -h |grep cgroup
tmpfs 496M 0 496M 0% /sys/fs/cgroup
[root@vultr ~]# mount --type cgroup
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_prio,net_cls)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
https://zhuanlan.zhihu.com/p/397830859
