Containerd 入门基础操作
Containerd 被 Docker、Kubernetes CRI 和其他一些项目使用
Containerd 旨在轻松嵌入到更大的系统中。Docker 在后台使用 containerd来运行容器。Kubernetes 可以通过 CRI 使用 containerd来管理单个节点上的容器。
生成默认配置
root@hello:~# containerd config default > /etc/containerd/config.toml
root@hello:~# vim /etc/containerd/config.toml
root@hello:~# cat /etc/containerd/config.toml
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
plugin_dir = ""
disabled_plugins = []
required_plugins = []
oom_score = 0
[grpc]
address = "/run/containerd/containerd.sock"
tcp_address = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[ttrpc]
address = ""
uid = 0
gid = 0
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[timeouts]
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
disable_tcp_service = true
stream_server_address = "127.0.0.1"
stream_server_port = "0"
stream_idle_timeout = "4h0m0s"
enable_selinux = false
selinux_category_range = 1024
sandbox_image = "k8s.gcr.io/pause:3.2"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
disable_cgroup = false
disable_apparmor = false
restrict_oom_score_adj = false
max_concurrent_downloads = 3
disable_proc_mount = false
unset_seccomp_profile = ""
tolerate_missing_hugetlb_controller = true
disable_hugetlb_controller = true
ignore_image_defined_volumes = false
[plugins."io.containerd.grpc.v1.cri".containerd]
snapshotter = "overlayfs"
default_runtime_name = "runc"
no_pivot = false
disable_snapshot_annotations = true
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
runtime_engine = ""
runtime_root = ""
privileged_without_host_devices = false
base_runtime_spec = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
max_conf_num = 1
conf_template = ""
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = ""
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.runtime.v1.linux"]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.snapshotter.v1.devmapper"]
root_path = ""
pool_name = ""
base_image_size = ""
async_remove = false
root@hello:~#配置镜像加速器
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://ted9wxpi.mirror.aliyuncs.com"]ctr 相当于核心组件,通过加载插件的方式来支持各种操作。
使用 ctr plugins ls 来查看当前加载的插件和支持的操作。
[root@k8s-master01 ~]# ctr plugins ls
TYPE ID PLATFORMS STATUS
io.containerd.content.v1 content - ok
io.containerd.snapshotter.v1 aufs linux/amd64 error
io.containerd.snapshotter.v1 devmapper linux/amd64 error
io.containerd.snapshotter.v1 native linux/amd64 ok
io.containerd.snapshotter.v1 overlayfs linux/amd64 ok
io.containerd.snapshotter.v1 zfs linux/amd64 error
io.containerd.metadata.v1 bolt - ok
io.containerd.differ.v1 walking linux/amd64 ok
io.containerd.gc.v1 scheduler - ok
io.containerd.service.v1 introspection-service - ok
io.containerd.service.v1 containers-service - ok
io.containerd.service.v1 content-service - ok
io.containerd.service.v1 diff-service - ok
io.containerd.service.v1 images-service - ok
io.containerd.service.v1 leases-service - ok
io.containerd.service.v1 namespaces-service - ok
io.containerd.service.v1 snapshots-service - ok
io.containerd.runtime.v1 linux linux/amd64 ok
io.containerd.runtime.v2 task linux/amd64 ok
io.containerd.monitor.v1 cgroups linux/amd64 ok
io.containerd.service.v1 tasks-service - ok
io.containerd.internal.v1 restart - ok
io.containerd.grpc.v1 containers - ok
io.containerd.grpc.v1 content - ok
io.containerd.grpc.v1 diff - ok
io.containerd.grpc.v1 events - ok
io.containerd.grpc.v1 healthcheck - ok
io.containerd.grpc.v1 images - ok
io.containerd.grpc.v1 leases - ok
io.containerd.grpc.v1 namespaces - ok
io.containerd.internal.v1 opt - ok
io.containerd.grpc.v1 snapshots - ok
io.containerd.grpc.v1 tasks - ok
io.containerd.grpc.v1 version - ok
io.containerd.grpc.v1 cri linux/amd64 ok
[root@k8s-master01 ~]#ctr plugins ls 命令会展示三列 ,第二列 ID 就是对应的命令。
例如 plugins 的 id 为 content 可使用 ctr content --help 来查看帮助,以及其他命令来执行操作。
[root@k8s-master01 ~]# ctr content --help
NAME:
ctr content - manage content
USAGE:
ctr content [global options] command [command options] [arguments...]
VERSION:
1.4.13
COMMANDS:
active display active transfers
delete, del, remove, rm permanently delete one or more blobs
edit edit a blob and return a new digest
fetch fetch all content for an image into containerd
fetch-object retrieve objects from a remote
get get the data for an object
ingest accept content into the store
list, ls list all blobs in the store
push-object push an object to a remote
label add labels to content
GLOBAL OPTIONS:
--help, -h show help
[root@k8s-master01 ~]#查看有哪些命名空间
[root@k8s-master01 ~]# ctr namespace ls
NAME LABELS
default
k8s.io
[root@k8s-master01 ~]#查看 k8s.io 空间下的镜像有哪些
[root@k8s-master01 ~]# ctr -n k8s.io images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
k8s.gcr.io/ingress-nginx/kube-webhook-certgen@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 application/vnd.docker.distribution.manifest.list.v2+json sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 18.0 MiB linux/amd64,linux/arm/v7,linux/arm64,linux/s390x接下来 从 容器的 生命周期流程 来说明 ctr 命令的使用。
ctr images ls 查看镜像
[root@k8s-master01 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@k8s-master01 ~]#ctr images pull 拉取镜像
[root@k8s-master01 ~]# ctr images pull docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:1e3458b8841319dec826a9a63b66f98c0bb260d50454dcdbdfe414eed362a3c4: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a9d990f68b82fceea08b4b08a0549e3de8ba7840ac721e0b8cc4d2d27e33ccf: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:7d73f57a7cf733ff46e22c3d60cb237f7b29e8e7ec6753922f2daa7f5af5d186: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:6c53e58c6af6338b6ea1ddeb46b638a719e4afdd2cffb5cf80362af3e61099d1: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:bda3fba8f6c468c5b9f60cec056498ebdedf711410c8864f956f0b8d3408428c: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e07cc103cea6f44382a40ffe1f7d893781521aa2723765c069f23480e674dd0c: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3d243047344378e9b7136d552d48feb7ea8b6fe14ce0990e0cc011d5e369626a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4ba4f346920eaf3fd54877cf123ac46a7bbea16f23d4b0bdc210988ebe7969f0: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 14.8s total: 9.7 Mi (671.0 KiB/s)
unpacking linux/amd64 sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a...
done
[root@k8s-master01 ~]#只有通过 crictl 或者 Kubernetes 调用时 mirror 才会生效,通过 ctr 拉取是不会生效的。
ctr images rm 删除镜像
[root@k8s-master01 ~]# ctr images rm docker.io/library/nginx:alpine
docker.io/library/nginx:alpine
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@k8s-master01 ~]#ctr images mount 挂载
[root@k8s-master01 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@k8s-master01 ~]# ctr images mount docker.io/library/nginx:alpine /cby
sha256:7a7cbbee0f17b403a980a36ae708bbd9ee428511a7219da36c50ce7e33662d43
/cby
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# ls /cby/
bin docker-entrypoint.d etc lib mnt proc run srv tmp var
dev docker-entrypoint.sh home media opt root sbin sys usr
[root@k8s-master01 ~]#ctr images unmount 卸载
[root@k8s-master01 ~]# ctr images unmount /cby
/cby
[root@k8s-master01 ~]#ctr images export 导出镜像
root@hello:~# ctr images export nginx.tar docker.io/library/nginx:alpine
root@hello:~#
root@hello:~# ls nginx.tar
nginx.tar
root@hello:~#ctr images import 导入镜像
root@hello:~# ctr images import nginx.tar
unpacking docker.io/library/nginx:alpine (sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a)...done
root@hello:~#ctr中 containers 是镜像实例化的一个虚拟环境,提供一个磁盘,模拟空间,就好比你电脑处于关机状态一样。
ctr中 tasks 是将容器运行起来,电脑开机了 ,初始化进程等 ,task就是的这么个形式。
ctr containers ls 查看容器
root@hello:~# ctr containers ls
CONTAINER IMAGE RUNTIME
nginx docker.io/library/nginx:alpine io.containerd.runc.v2
root@hello:~#ctr containers create 创建容器
root@hello:~# ctr containers create docker.io/library/nginx:alpine nginx
root@hello:~#ctr containers rm 删除容器
root@hello:~# ctr containers rm nginx
root@hello:~# ctr containers ls
CONTAINER IMAGE RUNTIME
root@hello:~#ctr containers info 查看详细信息
root@hello:~# ctr containers info nginx
{
"ID": "nginx",
"Labels": {
"io.containerd.image.config.stop-signal": "SIGQUIT"
},
"Image": "docker.io/library/nginx:alpine",
"Runtime": {
"Name": "io.containerd.runc.v2",
"Options": {
"type_url": "containerd.runc.v1.Options"
}
},
"SnapshotKey": "nginx",
"Snapshotter": "overlayfs",
"CreatedAt": "2022-03-21T08:51:45.127872097Z",
"UpdatedAt": "2022-03-21T08:51:45.127872097Z",
"Extensions": null,
"Spec": {
---略---create 的命令创建了容器后,并没有处于运行状态,只是一个静态的容器。一个 container 对象只是包含了运行一个容器所需的资源及配置的数据结构,这意味着 namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程(这里是 nginx)还没有启动。
ctr tasks start -d 在后台运行容器
root@hello:~# ctr tasks start -d nginx
root@hello:~# ctr tasks ls
TASK PID STATUS
nginx 118454 RUNNING
root@hello:~#ctr task exec 进入容器,id随便写就行,需要将其唯一
root@hello:~# ctr task exec --exec-id 1 -t nginx sh
/ #ctr task pause 暂停容器
root@hello:~# ctr task pause nginx
root@hello:~# ctr task ls
TASK PID STATUS
nginx 118454 PAUSED
root@hello:~#ctr task resume 恢复容器
root@hello:~# ctr task resume nginx
root@hello:~# ctr task ls
TASK PID STATUS
nginx 118454 RUNNING
root@hello:~#ctr task kill 杀死容器
root@hello:~# ctr task kill nginx
root@hello:~# ctr task ls
TASK PID STATUS
nginx 118454 STOPPED
root@hello:~#ctr task metrics获取容器信息
root@hello:~# ctr task metrics nginx
ID TIMESTAMP
nginx 2022-03-21 09:05:49.949321537 +0000 UTC
METRIC VALUE
memory.usage_in_bytes 3821568
memory.limit_in_bytes 9223372036854771712
memory.stat.cache 135168
cpuacct.usage 176641571
cpuacct.usage_percpu [24856408 21740008 12150472 37947198 31775746 28169704 7366623 12635412]
pids.current 0
pids.limit 0
root@hello:~#ctr tasks rm 删除容器
root@hello:~# ctr tasks rm nginx
root@hello:~# ctr tasks ls
TASK PID STATUS
root@hello:~#
https://www.oiox.cn/
https://www.chenby.cn/
https://cby-chen.github.io/
https://weibo.com/u/5982474121
https://blog.csdn.net/qq_33921750
https://my.oschina.net/u/3981543
https://www.zhihu.com/people/chen-bu-yun-2
https://segmentfault.com/u/hppyvyv6/articles
https://juejin.cn/user/3315782802482007
https://space.bilibili.com/352476552/article
https://cloud.tencent.com/developer/column/93230
https://www.jianshu.com/u/0f894314ae2c
https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/
CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
Containerd 入门基础操作的更多相关文章
- Docker | 入门 & 基础操作
Dcoker 入门 确保docker 已经安装好了,如没有装好的可以参考:Docker | 安装 运行第一个容器 docker run -it ubuntu /bin/bash docker run ...
- mysql的入门基础操作
1.数据库的简单介绍 1.1 什么是数据库,就是一个文件系统,使用标准sql对数据库进行操作 1.2 常见的数据库 oracle 是oracle公司的数据库,是一个收费的大型的数据库 DB2,是IB ...
- (大数据工程师学习路径)第一步 Linux 基础入门----文件系统操作与磁盘管理
介绍 本节的文件系统操作的内容十分简单,只会包含几个命令的几个参数的讲解,但掌握这些也将对你在学习后续其他内容的过程中有极大帮助. 因为本课程的定位为入门基础,尽快上手,故没有打算涉及太多理论内容,前 ...
- Python学习入门基础教程(learning Python)--5.6 Python读文件操作高级
前文5.2节和5.4节分别就Python下读文件操作做了基础性讲述和提升性介绍,但是仍有些问题,比如在5.4节里涉及到一个多次读文件的问题,实际上我们还没有完全阐述完毕,下面这个图片的问题在哪呢? 问 ...
- Python 入门基础6 --字符编码、文件操作1
今日内容: 1.字符编码 2.字符与字节 3.文件操作 一.字符编码 了解: cpu:将数据渲染给用户 内存:临时存放数据,断电消失 硬盘:永久存放数据,断电后不消失 1.1 什么是编码? 人类能够识 ...
- Python文件基础操作(IO入门1)
转载请标明出处: http://www.cnblogs.com/why168888/p/6422270.html 本文出自:[Edwin博客园] Python文件基础操作(IO入门1) 1. pyth ...
- MySQL入门(1)——基础操作
MySQL入门(1)--基础操作 创建数据库 创建基本数据库: create database db_admin; 创建基本数据库(等价于CREATE DATABASE): create schema ...
- mybatis入门基础(二)----原始dao的开发和mapper代理开发
承接上一篇 mybatis入门基础(一) 看过上一篇的朋友,肯定可以看出,里面的MybatisService中存在大量的重复代码,看起来不是很清楚,但第一次那样写,是为了解mybatis的执行步骤,先 ...
- Emacs学习心得之 基础操作
作者:枫雪庭 出处:http://www.cnblogs.com/FengXueTing-px/ 欢迎转载 Emacs学习心得之 基础操作 1.前言与学习计划2.Emacs基础操作 一. 前言与学习计 ...
- JavaScript入门基础
JavaScript基本语法 1.运算符 运算符就是完成操作的一系列符号,它有七类: 赋值运算符(=,+=,-=,*=,/=,%=,<<=,>>=,|=,&=).算术运 ...
随机推荐
- Linux的进程和线程关系
一.理解Linux的进程,线程,PID,LWP,TID,TGID 进程是资源分配的基本单位,线程是调度的基本单位进程是资源的集合,这些资源包括内存地址空间,文件描述符等等,一个进程中的多个线程共享这些 ...
- centos安装docker显示 No package docker-ce available
温馨提醒,docker内核版本必须是3.10+以上的版本 查看方式 uname -r 1. 卸载老版本的 docker 及其相关依赖 sudo yum remove docker docker-com ...
- Winform多线程访问UI控件问题
Winform多线程无法访问UI控件,考虑使用委托方法解决.
- 【项目记录】4:Pycharm激活方法
引用一下: 今天给大家带来一种全新的Pycharm安装激活方式.可以激活到2099年. 安装 1.我们首先进入idea官网 jetbrains.com 找到最新版本的pycharm,这里就以windo ...
- 解决SVN不显示绿色小对勾
https://blog.csdn.net/qq_34338527/article/details/108534652
- win10 wampserver升级 php7.0至 php7.2
1.去官网下载php7.2 下载地址: https://windows.php.net/download#php-7.0 2.下载安装 visual c++ 2017 或 visual c++ 20 ...
- AcWing 66. 两个链表的第一个公共结点 (2012算法题)
题目: 输入两个链表,找出它们的第一个公共结点. 当不存在公共节点时,返回空节点. 数据范围 链表长度 [1,2000]. 保证两个链表不完全相同,即两链表的头结点不相同. 样例 给出两个链表如下所 ...
- jdbc连接数据库access denied for user 'root'@'localhost'(using password:YES)
navicat可以进行连接,一般原因为mysql未启用远程连接 以下为解决方案 解决方法-更新用户加密方式: MySQL [mysql]> ALTER USER 'root'@'%' IDENT ...
- new一个实例的原理及过程
前提,要明白new出来的实例是什么,包含了哪些内容? 请看一下举例代码↓↓↓↓ function Person(name,age){ this.name = name; this.age = age; ...
- Hex格式和Mot格式简介
Hex格式和Mot格式简介 一.Hex格式介绍 1.1 什么是 Intel HEX 文件格式? Intel HEX文件 是由一行行符合 Intel HEX文件格式的文本所构成的ASCII文本文 ...