Containerd安装操作系统: CentOS Stream 81.YUM方式安装基于 CentOS-Stream-8模板制作.md 制作的模板克隆一台虚拟机命名为Containerd安装必要工具[rootlocalhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2vim安装Containerd# 1.获取阿里云YUM源[rootlocalhost ~]# yum-config-manager --add-repohttps://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo[rootlocalhost ~]# yum makecache# 2.查看YUM源中Containerd软件[rootlocalhost ~]# yum list | grep containerdcontainerd.io.x86_641.6.32-3.1.el8 docker-ce-stable# 3.安装Containerd.io软件即可安装Containerd[rootlocalhost ~]# yum -y install containerd.io# 4.使用rpm -qa命令查看是否安装[rootlocalhost ~]# rpm -qa | grep containerdcontainerd.io-1.6.32-3.1.el8.x86_64# 5.设置containerd服务启动及开机自启动[rootlocalhost ~]# systemctl enable containerd --now[rootlocalhost ~]# systemctl status containerd# 6.验证# 安装Containerd时ctr命令亦可使用ctr命令主要用于管理容器及容器镜像等。# 使用ctr命令查看Containerd客户端及服务端相关信息[rootlocalhost ~]# ctr versionClient: Version:1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 Go version: go1.21.10 Server: Version:1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 UUID: 979940af-68e0-4681-a560-189eeaefbdfc二进制方式安装安装Container# 1.下载Containerd安装包# 此处是下载的第二种[rootlocalhost ~]# wgethttps://github.com/containerd/containerd/releases/download/v1.6.32/cricontainerd-cni-1.6.32-linux-amd64.tar.gz# 2.安装containerd[rootlocalhost ~]# mkdir containerd[rootlocalhost ~]# tar xf cri-containerd-cni-1.6.32-linux-amd64.tar.gz -Ccontainerd/[rootlocalhost ~]# cd containerd/[rootlocalhost containerd]# lscri-containerd.DEPRECATED.txt etc opt usr[rootlocalhost containerd]# tree.├── cri-containerd.DEPRECATED.txt ├── etc#etc目录主要为containerd服务管理配置文件及cni虚拟网卡配置文件│ ├── cni │ │ └── net.d │ │ └──10-containerd-net.conflist#网络插件配置文件│ ├── crictl.yaml │ └── systemd │ └── system │ └── containerd.service#服务配置文件├── opt#opt目录主要为gce环境中使用containerd配置文件及cni插件 │ ├── cni#网络插件│ │ └── bin │ │ ├── bandwidth │ │ ├── bridge │ │ ├── dhcp │ │ ├── firewall │ │ ├── host-device │ │ ├── host-local │ │ ├── ipvlan │ │ ├── loopback │ │ ├── macvlan │ │ ├── portmap │ │ ├── ptp │ │ ├── sbr │ │ ├── static │ │ ├── tuning │ │ ├── vlan │ │ └── vrf │ └── containerd │ └── cluster │ ├── gce │ │ ├── cloud-init │ │ │ ├── master.yaml │ │ │ └── node.yaml │ │ ├── cni.template │ │ ├── configure.sh │ │ └──env│ └── version └── usr#usr目录主要为containerd运行时文件包含runc└──local# bin,sbin命令├── bin │ ├── containerd │ ├── containerd-shim │ ├── containerd-shim-runc-v1 │ ├── containerd-shim-runc-v2 │ ├── containerd-stress │ ├── crictl │ ├── critest │ ├── ctd-decoder │ └── ctr └── sbin └── runc16directories,36files#查看containerd.service文件了解containerd文件安装位置[rootlocalhost containerd]# cat etc/systemd/system/containerd.service# Copyright The containerd Authors.## Licensed under the Apache License, Version 2.0 (the License);# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an AS IS BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.[Unit]Descriptioncontainerd container runtimeDocumentationhttps://containerd.ioAfternetwork.target local-fs.target[Service]ExecStartPre-/sbin/modprobe overlayExecStart/usr/local/bin/containerd#查看此位置,把containerd二进制文件放置于此处即可完成安装。TypenotifyDelegateyesKillModeprocessRestartalwaysRestartSec5# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNPROCinfinityLimitCOREinfinityLimitNOFILEinfinity# Comment TasksMax if your systemd version does not supports it.# Only systemd 226 and above support this version.TasksMaxinfinityOOMScoreAdjust-999[Install]WantedBymulti-user.target#复制containerd运行时文件至系统[rootlocalhost containerd]# cp usr/local/bin/* /usr/local/bin#添加containerd.service文件至系统[rootlocalhost containerd]# cp etc/systemd/system/containerd.service/usr/lib/systemd/system/containerd.service# 生成containerd模块配置文件可以自定义一下配置如有私有镜像仓库等按需配置[rootlocalhost containerd]# mkdir /etc/containerd[rootlocalhost containerd]# containerd config default /etc/containerd/config.toml[rootlocalhost containerd]# cat /etc/containerd/config.tomldisabled_plugins[]imports[]oom_score0plugin_dirrequired_plugins[]root/var/lib/containerdstate/run/containerdtempversion2[cgroup]path[debug]addressformatgid0leveluid0[grpc]address/run/containerd/containerd.sockgid0max_recv_message_size16777216max_send_message_size16777216tcp_addresstcp_tls_catcp_tls_certtcp_tls_keyuid0[metrics]addressgrpc_histogramfalse[plugins][plugins.io.containerd.gc.v1.scheduler]deletion_threshold0mutation_threshold100pause_threshold0.02schedule_delay0sstartup_delay100ms[plugins.io.containerd.grpc.v1.cri]device_ownership_from_security_contextfalsedisable_apparmorfalsedisable_cgroupfalsedisable_hugetlb_controllertruedisable_proc_mountfalsedisable_tcp_servicetruedrain_exec_sync_io_timeout0senable_selinuxfalseenable_tls_streamingfalseenable_unprivileged_icmpfalseenable_unprivileged_portsfalseignore_deprecation_warnings[]ignore_image_defined_volumesfalsemax_concurrent_downloads3max_container_log_line_size16384netns_mounts_under_state_dirfalserestrict_oom_score_adjfalsesandbox_imageregistry.k8s.io/pause:3.6selinux_category_range1024stats_collect_period10stream_idle_timeout4h0m0sstream_server_address127.0.0.1stream_server_port0systemd_cgroupfalsetolerate_missing_hugetlb_controllertrueunset_seccomp_profile[plugins.io.containerd.grpc.v1.cri.cni]bin_dir/opt/cni/binconf_dir/etc/cni/net.dconf_templateip_prefmax_conf_num1[plugins.io.containerd.grpc.v1.cri.containerd]default_runtime_nameruncdisable_snapshot_annotationstruediscard_unpacked_layersfalseignore_rdt_not_enabled_errorsfalseno_pivotfalsesnapshotteroverlayfs[plugins.io.containerd.grpc.v1.cri.containerd.default_runtime]base_runtime_speccni_conf_dircni_max_conf_num0container_annotations[]pod_annotations[]privileged_without_host_devicesfalseruntime_engineruntime_pathruntime_rootruntime_type[plugins.io.containerd.grpc.v1.cri.containerd.default_runtime.options][plugins.io.containerd.grpc.v1.cri.containerd.runtimes][plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc]base_runtime_speccni_conf_dircni_max_conf_num0container_annotations[]pod_annotations[]privileged_without_host_devicesfalseruntime_engineruntime_pathruntime_rootruntime_typeio.containerd.runc.v2[plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc.options]BinaryNameCriuImagePathCriuPathCriuWorkPathIoGid0IoUid0NoNewKeyringfalseNoPivotRootfalseRootShimCgroupSystemdCgroupfalse[plugins.io.containerd.grpc.v1.cri.containerd.untrusted_workload_runtime]base_runtime_speccni_conf_dircni_max_conf_num0container_annotations[]pod_annotations[]privileged_without_host_devicesfalseruntime_engineruntime_pathruntime_rootruntime_type[plugins.io.containerd.grpc.v1.cri.containerd.untrusted_workload_runtime.option s][plugins.io.containerd.grpc.v1.cri.image_decryption]key_modelnode[plugins.io.containerd.grpc.v1.cri.registry]config_path[plugins.io.containerd.grpc.v1.cri.registry.auths][plugins.io.containerd.grpc.v1.cri.registry.configs][plugins.io.containerd.grpc.v1.cri.registry.headers][plugins.io.containerd.grpc.v1.cri.registry.mirrors][plugins.io.containerd.grpc.v1.cri.x509_key_pair_streaming]tls_cert_filetls_key_file[plugins.io.containerd.internal.v1.opt]path/opt/containerd[plugins.io.containerd.internal.v1.restart]interval10s[plugins.io.containerd.internal.v1.tracing][plugins.io.containerd.metadata.v1.bolt]content_sharing_policyshared[plugins.io.containerd.monitor.v1.cgroups]no_prometheusfalse[plugins.io.containerd.runtime.v1.linux]no_shimfalseruntimeruncruntime_rootshimcontainerd-shimshim_debugfalse[plugins.io.containerd.runtime.v2.task]platforms[linux/amd64]sched_corefalse[plugins.io.containerd.service.v1.diff-service]default[walking][plugins.io.containerd.service.v1.tasks-service]rdt_config_file[plugins.io.containerd.snapshotter.v1.aufs]root_path[plugins.io.containerd.snapshotter.v1.btrfs]root_path[plugins.io.containerd.snapshotter.v1.devmapper]async_removefalsebase_image_sizediscard_blocksfalsefs_optionsfs_typepool_nameroot_path[plugins.io.containerd.snapshotter.v1.native]root_path[plugins.io.containerd.snapshotter.v1.overlayfs]mount_options[]root_pathsync_removefalseupperdir_labelfalse[plugins.io.containerd.snapshotter.v1.zfs]root_path[plugins.io.containerd.tracing.processor.v1.otlp][proxy_plugins][stream_processors][stream_processors.io.containerd.ocicrypt.decoder.v1.tar]accepts[application/vnd.oci.image.layer.v1.tarencrypted]args[--decryption-keys-path,/etc/containerd/ocicrypt/keys]env[OCICRYPT_KEYPROVIDER_CONFIG/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf]pathctd-decoderreturnsapplication/vnd.oci.image.layer.v1.tar[stream_processors.io.containerd.ocicrypt.decoder.v1.tar.gzip]accepts[application/vnd.oci.image.layer.v1.targzipencrypted]args[--decryption-keys-path,/etc/containerd/ocicrypt/keys]2.2安装runC 由于二进制包中提供的runC默认需要系统中安装seccomp支持需要单独安装且不同版本runC对 seccomp版本要求一致所以建议单独下载runC 二进制包进行安装里面包含了seccomp模块支持 下载地址https://github.com/opencontainers/runc/releasesenv[OCICRYPT_KEYPROVIDER_CONFIG/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf]pathctd-decoderreturnsapplication/vnd.oci.image.layer.v1.targzip[timeouts]io.containerd.timeout.bolt.open0sio.containerd.timeout.shim.cleanup5sio.containerd.timeout.shim.load5sio.containerd.timeout.shim.shutdown3sio.containerd.timeout.task.state2s[ttrpc]addressgid0uid0#启动containerd并验证[rootlocalhost ~]# systemctl enable containerd --now[rootlocalhost ~]# systemctl status containerd[rootlocalhost ~]# ctr versionClient: Version: v1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 Go version: go1.21.10 Server: Version: v1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 UUID: 3ece67b1-4d8e-4059-afae-b837672ede83安装runC# 使用wget下载runc[rootlocalhost ~]# wgethttps://github.com/opencontainers/runc/releases/download/v1.3.0/runc.amd64# 安装runc[rootlocalhost ~]# mv runc.amd64 /usr/sbin/runc# 为runc添加可执行权限[rootlocalhost ~]# chmod x /usr/sbin/runc# 使用runc命令验证是否安装成功[rootlocalhost ~]# runc -vrunc version1.3.0 commit: v1.3.0-0-g4ca628d1 spec:1.2.1 go: go1.23.8Containerd容器镜像管理查看镜像[rootdocker ~]# ctr images listREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr images lsREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr image listREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr i listREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr i lsREF TYPE DIGEST SIZE PLATFORMS LABELS下载镜像# 这里ctr命令pull镜像时不能直接把镜像名字写成nginx:alpine[rootlocalhost ~]# ctr images pull054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown -镜像挂载# 挂载[rootlocalhost ~]# ctr images mount054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t /mnt sha256:3c1159cd77f83ede793fc21502ae30b39b04378b6b1b625451d701d555cc1cb9 /mnt# 查看挂载[rootlocalhost ~]# ls /mntbin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var# 卸载[rootlocalhost ~]# umount /mnt镜像导出#--platform linux/amd64,导出指定平台镜像[rootlocalhost ~]# ctr i export --platform linux/amd64 nginx.tar054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t[rootlocalhost ~]# lsnginx.tar镜像删除# ctr image rm帮助[rootlocalhost ~]# ctr image rm --helpNAME: ctr images delete - remove one ormoreimages by reference USAGE: ctr images delete[command options][flags]ref[ref,...]DESCRIPTION: remove one ormoreimages by reference OPTIONS:--syncSynchronously remove image and all associated resources# 删除指定镜像[rootlocalhost ~]# ctr image rm054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS镜像导入# 导入镜像[rootlocalhost ~]# ctr images import --platform linux/amd64 nginx.tarunpacking 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t(sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb)...done# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown -修改镜像tag# 把054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t 修改为 nginx:latest[rootlocalhost ~]# ctr images tag054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t nginx:latest nginx:latest# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown - nginx:latest application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown -Containerd容器管理2.查看容器(container表示静态容器可用c缩写代表container)[rootlocalhost ~]# ctr container ls # 可以简写为 ctr c lsCONTAINER IMAGE RUNTIME3.查看任务(task表示容器里跑的进程, 可用t缩写代表task)[rootlocalhost ~]# ctr task ls # 可以简写为 ctr t lsTASK PID STATUS4.创建静态容器[rootlocalhost ~]# ctr container create nginx:latest nginx1[rootlocalhost ~]# ctr container lsCONTAINER IMAGE RUNTIME nginx1 nginx:latest io.containerd.runc.v2[rootlocalhost ~]# ctr container info nginx15.静态容器启动为动态容器[rootlocalhost ~]# ctr task lsTASK PID STATUS[rootlocalhost ~]# ctr task start -d nginx1 #启动task即表示在容器中运行了进程即为动态容器-d后台[rootlocalhost ~]# ctr task ls #容器是以宿主机进程的方式存在的TASK PID STATUS nginx122614RUNNING[rootlocalhost ~]# ps aux | grep 22614root226140.00.0114687196? Ss15:400:00 nginx: master process nginx-gdaemon off;root229690.00.0122161104pts/0 S15:410:00grep--colorauto226146.进入容器操作[rootlocalhost ~]# ctr task exec --exec-id $RANDOM -t nginx1 /bin/sh #为exec进程设定一个id可以随意输入只要保证唯一即可也可使用$RANDOM变量#7.直接运行一个动态容器[rootlocalhost ~]# ctr run -d --net-host nginx:latest nginx2 # --net-host 代表容器的IP就是宿主机的IP(相当于docker里的host类型网络)8.暂停容器[rootlocalhost ~]# ctr tasks pause nginx2[rootlocalhost ~]# ctr task lsTASK PID STATUS nginx122614RUNNING nginx225569PAUSED#状态为PAUSED表示暂停9.恢复容器[rootlocalhost ~]# ctr tasks resume nginx2[rootlocalhost ~]# ctr task lsTASK PID STATUS nginx122614RUNNING nginx225569RUNNING#恢复RUNNING10.停止容器[rootlocalhost ~]# ctr tasks kill nginx2[rootlocalhost ~]# ctr tasks lsTASK PID STATUS nginx122614RUNNING nginx225569STOPPED#容器停止后STATUS为STOPPED11.删除容器[rootlocalhost ~]# ctr tasks delete nginx2 #必须先停止tasks或先删除task再删除容器[rootlocalhost ~]# ctr tasks lsTASK PID STATUS nginx122614RUNNING
containerd
发布时间:2026/5/22 1:21:15
Containerd安装操作系统: CentOS Stream 81.YUM方式安装基于 CentOS-Stream-8模板制作.md 制作的模板克隆一台虚拟机命名为Containerd安装必要工具[rootlocalhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2vim安装Containerd# 1.获取阿里云YUM源[rootlocalhost ~]# yum-config-manager --add-repohttps://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo[rootlocalhost ~]# yum makecache# 2.查看YUM源中Containerd软件[rootlocalhost ~]# yum list | grep containerdcontainerd.io.x86_641.6.32-3.1.el8 docker-ce-stable# 3.安装Containerd.io软件即可安装Containerd[rootlocalhost ~]# yum -y install containerd.io# 4.使用rpm -qa命令查看是否安装[rootlocalhost ~]# rpm -qa | grep containerdcontainerd.io-1.6.32-3.1.el8.x86_64# 5.设置containerd服务启动及开机自启动[rootlocalhost ~]# systemctl enable containerd --now[rootlocalhost ~]# systemctl status containerd# 6.验证# 安装Containerd时ctr命令亦可使用ctr命令主要用于管理容器及容器镜像等。# 使用ctr命令查看Containerd客户端及服务端相关信息[rootlocalhost ~]# ctr versionClient: Version:1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 Go version: go1.21.10 Server: Version:1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 UUID: 979940af-68e0-4681-a560-189eeaefbdfc二进制方式安装安装Container# 1.下载Containerd安装包# 此处是下载的第二种[rootlocalhost ~]# wgethttps://github.com/containerd/containerd/releases/download/v1.6.32/cricontainerd-cni-1.6.32-linux-amd64.tar.gz# 2.安装containerd[rootlocalhost ~]# mkdir containerd[rootlocalhost ~]# tar xf cri-containerd-cni-1.6.32-linux-amd64.tar.gz -Ccontainerd/[rootlocalhost ~]# cd containerd/[rootlocalhost containerd]# lscri-containerd.DEPRECATED.txt etc opt usr[rootlocalhost containerd]# tree.├── cri-containerd.DEPRECATED.txt ├── etc#etc目录主要为containerd服务管理配置文件及cni虚拟网卡配置文件│ ├── cni │ │ └── net.d │ │ └──10-containerd-net.conflist#网络插件配置文件│ ├── crictl.yaml │ └── systemd │ └── system │ └── containerd.service#服务配置文件├── opt#opt目录主要为gce环境中使用containerd配置文件及cni插件 │ ├── cni#网络插件│ │ └── bin │ │ ├── bandwidth │ │ ├── bridge │ │ ├── dhcp │ │ ├── firewall │ │ ├── host-device │ │ ├── host-local │ │ ├── ipvlan │ │ ├── loopback │ │ ├── macvlan │ │ ├── portmap │ │ ├── ptp │ │ ├── sbr │ │ ├── static │ │ ├── tuning │ │ ├── vlan │ │ └── vrf │ └── containerd │ └── cluster │ ├── gce │ │ ├── cloud-init │ │ │ ├── master.yaml │ │ │ └── node.yaml │ │ ├── cni.template │ │ ├── configure.sh │ │ └──env│ └── version └── usr#usr目录主要为containerd运行时文件包含runc└──local# bin,sbin命令├── bin │ ├── containerd │ ├── containerd-shim │ ├── containerd-shim-runc-v1 │ ├── containerd-shim-runc-v2 │ ├── containerd-stress │ ├── crictl │ ├── critest │ ├── ctd-decoder │ └── ctr └── sbin └── runc16directories,36files#查看containerd.service文件了解containerd文件安装位置[rootlocalhost containerd]# cat etc/systemd/system/containerd.service# Copyright The containerd Authors.## Licensed under the Apache License, Version 2.0 (the License);# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an AS IS BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.[Unit]Descriptioncontainerd container runtimeDocumentationhttps://containerd.ioAfternetwork.target local-fs.target[Service]ExecStartPre-/sbin/modprobe overlayExecStart/usr/local/bin/containerd#查看此位置,把containerd二进制文件放置于此处即可完成安装。TypenotifyDelegateyesKillModeprocessRestartalwaysRestartSec5# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNPROCinfinityLimitCOREinfinityLimitNOFILEinfinity# Comment TasksMax if your systemd version does not supports it.# Only systemd 226 and above support this version.TasksMaxinfinityOOMScoreAdjust-999[Install]WantedBymulti-user.target#复制containerd运行时文件至系统[rootlocalhost containerd]# cp usr/local/bin/* /usr/local/bin#添加containerd.service文件至系统[rootlocalhost containerd]# cp etc/systemd/system/containerd.service/usr/lib/systemd/system/containerd.service# 生成containerd模块配置文件可以自定义一下配置如有私有镜像仓库等按需配置[rootlocalhost containerd]# mkdir /etc/containerd[rootlocalhost containerd]# containerd config default /etc/containerd/config.toml[rootlocalhost containerd]# cat /etc/containerd/config.tomldisabled_plugins[]imports[]oom_score0plugin_dirrequired_plugins[]root/var/lib/containerdstate/run/containerdtempversion2[cgroup]path[debug]addressformatgid0leveluid0[grpc]address/run/containerd/containerd.sockgid0max_recv_message_size16777216max_send_message_size16777216tcp_addresstcp_tls_catcp_tls_certtcp_tls_keyuid0[metrics]addressgrpc_histogramfalse[plugins][plugins.io.containerd.gc.v1.scheduler]deletion_threshold0mutation_threshold100pause_threshold0.02schedule_delay0sstartup_delay100ms[plugins.io.containerd.grpc.v1.cri]device_ownership_from_security_contextfalsedisable_apparmorfalsedisable_cgroupfalsedisable_hugetlb_controllertruedisable_proc_mountfalsedisable_tcp_servicetruedrain_exec_sync_io_timeout0senable_selinuxfalseenable_tls_streamingfalseenable_unprivileged_icmpfalseenable_unprivileged_portsfalseignore_deprecation_warnings[]ignore_image_defined_volumesfalsemax_concurrent_downloads3max_container_log_line_size16384netns_mounts_under_state_dirfalserestrict_oom_score_adjfalsesandbox_imageregistry.k8s.io/pause:3.6selinux_category_range1024stats_collect_period10stream_idle_timeout4h0m0sstream_server_address127.0.0.1stream_server_port0systemd_cgroupfalsetolerate_missing_hugetlb_controllertrueunset_seccomp_profile[plugins.io.containerd.grpc.v1.cri.cni]bin_dir/opt/cni/binconf_dir/etc/cni/net.dconf_templateip_prefmax_conf_num1[plugins.io.containerd.grpc.v1.cri.containerd]default_runtime_nameruncdisable_snapshot_annotationstruediscard_unpacked_layersfalseignore_rdt_not_enabled_errorsfalseno_pivotfalsesnapshotteroverlayfs[plugins.io.containerd.grpc.v1.cri.containerd.default_runtime]base_runtime_speccni_conf_dircni_max_conf_num0container_annotations[]pod_annotations[]privileged_without_host_devicesfalseruntime_engineruntime_pathruntime_rootruntime_type[plugins.io.containerd.grpc.v1.cri.containerd.default_runtime.options][plugins.io.containerd.grpc.v1.cri.containerd.runtimes][plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc]base_runtime_speccni_conf_dircni_max_conf_num0container_annotations[]pod_annotations[]privileged_without_host_devicesfalseruntime_engineruntime_pathruntime_rootruntime_typeio.containerd.runc.v2[plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc.options]BinaryNameCriuImagePathCriuPathCriuWorkPathIoGid0IoUid0NoNewKeyringfalseNoPivotRootfalseRootShimCgroupSystemdCgroupfalse[plugins.io.containerd.grpc.v1.cri.containerd.untrusted_workload_runtime]base_runtime_speccni_conf_dircni_max_conf_num0container_annotations[]pod_annotations[]privileged_without_host_devicesfalseruntime_engineruntime_pathruntime_rootruntime_type[plugins.io.containerd.grpc.v1.cri.containerd.untrusted_workload_runtime.option s][plugins.io.containerd.grpc.v1.cri.image_decryption]key_modelnode[plugins.io.containerd.grpc.v1.cri.registry]config_path[plugins.io.containerd.grpc.v1.cri.registry.auths][plugins.io.containerd.grpc.v1.cri.registry.configs][plugins.io.containerd.grpc.v1.cri.registry.headers][plugins.io.containerd.grpc.v1.cri.registry.mirrors][plugins.io.containerd.grpc.v1.cri.x509_key_pair_streaming]tls_cert_filetls_key_file[plugins.io.containerd.internal.v1.opt]path/opt/containerd[plugins.io.containerd.internal.v1.restart]interval10s[plugins.io.containerd.internal.v1.tracing][plugins.io.containerd.metadata.v1.bolt]content_sharing_policyshared[plugins.io.containerd.monitor.v1.cgroups]no_prometheusfalse[plugins.io.containerd.runtime.v1.linux]no_shimfalseruntimeruncruntime_rootshimcontainerd-shimshim_debugfalse[plugins.io.containerd.runtime.v2.task]platforms[linux/amd64]sched_corefalse[plugins.io.containerd.service.v1.diff-service]default[walking][plugins.io.containerd.service.v1.tasks-service]rdt_config_file[plugins.io.containerd.snapshotter.v1.aufs]root_path[plugins.io.containerd.snapshotter.v1.btrfs]root_path[plugins.io.containerd.snapshotter.v1.devmapper]async_removefalsebase_image_sizediscard_blocksfalsefs_optionsfs_typepool_nameroot_path[plugins.io.containerd.snapshotter.v1.native]root_path[plugins.io.containerd.snapshotter.v1.overlayfs]mount_options[]root_pathsync_removefalseupperdir_labelfalse[plugins.io.containerd.snapshotter.v1.zfs]root_path[plugins.io.containerd.tracing.processor.v1.otlp][proxy_plugins][stream_processors][stream_processors.io.containerd.ocicrypt.decoder.v1.tar]accepts[application/vnd.oci.image.layer.v1.tarencrypted]args[--decryption-keys-path,/etc/containerd/ocicrypt/keys]env[OCICRYPT_KEYPROVIDER_CONFIG/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf]pathctd-decoderreturnsapplication/vnd.oci.image.layer.v1.tar[stream_processors.io.containerd.ocicrypt.decoder.v1.tar.gzip]accepts[application/vnd.oci.image.layer.v1.targzipencrypted]args[--decryption-keys-path,/etc/containerd/ocicrypt/keys]2.2安装runC 由于二进制包中提供的runC默认需要系统中安装seccomp支持需要单独安装且不同版本runC对 seccomp版本要求一致所以建议单独下载runC 二进制包进行安装里面包含了seccomp模块支持 下载地址https://github.com/opencontainers/runc/releasesenv[OCICRYPT_KEYPROVIDER_CONFIG/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf]pathctd-decoderreturnsapplication/vnd.oci.image.layer.v1.targzip[timeouts]io.containerd.timeout.bolt.open0sio.containerd.timeout.shim.cleanup5sio.containerd.timeout.shim.load5sio.containerd.timeout.shim.shutdown3sio.containerd.timeout.task.state2s[ttrpc]addressgid0uid0#启动containerd并验证[rootlocalhost ~]# systemctl enable containerd --now[rootlocalhost ~]# systemctl status containerd[rootlocalhost ~]# ctr versionClient: Version: v1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 Go version: go1.21.10 Server: Version: v1.6.32 Revision: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89 UUID: 3ece67b1-4d8e-4059-afae-b837672ede83安装runC# 使用wget下载runc[rootlocalhost ~]# wgethttps://github.com/opencontainers/runc/releases/download/v1.3.0/runc.amd64# 安装runc[rootlocalhost ~]# mv runc.amd64 /usr/sbin/runc# 为runc添加可执行权限[rootlocalhost ~]# chmod x /usr/sbin/runc# 使用runc命令验证是否安装成功[rootlocalhost ~]# runc -vrunc version1.3.0 commit: v1.3.0-0-g4ca628d1 spec:1.2.1 go: go1.23.8Containerd容器镜像管理查看镜像[rootdocker ~]# ctr images listREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr images lsREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr image listREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr i listREF TYPE DIGEST SIZE PLATFORMS LABELS[rootdocker ~]# ctr i lsREF TYPE DIGEST SIZE PLATFORMS LABELS下载镜像# 这里ctr命令pull镜像时不能直接把镜像名字写成nginx:alpine[rootlocalhost ~]# ctr images pull054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown -镜像挂载# 挂载[rootlocalhost ~]# ctr images mount054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t /mnt sha256:3c1159cd77f83ede793fc21502ae30b39b04378b6b1b625451d701d555cc1cb9 /mnt# 查看挂载[rootlocalhost ~]# ls /mntbin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var# 卸载[rootlocalhost ~]# umount /mnt镜像导出#--platform linux/amd64,导出指定平台镜像[rootlocalhost ~]# ctr i export --platform linux/amd64 nginx.tar054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t[rootlocalhost ~]# lsnginx.tar镜像删除# ctr image rm帮助[rootlocalhost ~]# ctr image rm --helpNAME: ctr images delete - remove one ormoreimages by reference USAGE: ctr images delete[command options][flags]ref[ref,...]DESCRIPTION: remove one ormoreimages by reference OPTIONS:--syncSynchronously remove image and all associated resources# 删除指定镜像[rootlocalhost ~]# ctr image rm054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS镜像导入# 导入镜像[rootlocalhost ~]# ctr images import --platform linux/amd64 nginx.tarunpacking 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t(sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb)...done# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown -修改镜像tag# 把054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t 修改为 nginx:latest[rootlocalhost ~]# ctr images tag054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t nginx:latest nginx:latest# 验证现象[rootlocalhost ~]# ctr image lsREF TYPE DIGEST SIZE PLATFORMS LABELS 054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com/library/nginx:lates t application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown - nginx:latest application/vnd.oci.image.index.v1json sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb68.9MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,lin ux/ppc64le,linux/s390x,unknown/unknown -Containerd容器管理2.查看容器(container表示静态容器可用c缩写代表container)[rootlocalhost ~]# ctr container ls # 可以简写为 ctr c lsCONTAINER IMAGE RUNTIME3.查看任务(task表示容器里跑的进程, 可用t缩写代表task)[rootlocalhost ~]# ctr task ls # 可以简写为 ctr t lsTASK PID STATUS4.创建静态容器[rootlocalhost ~]# ctr container create nginx:latest nginx1[rootlocalhost ~]# ctr container lsCONTAINER IMAGE RUNTIME nginx1 nginx:latest io.containerd.runc.v2[rootlocalhost ~]# ctr container info nginx15.静态容器启动为动态容器[rootlocalhost ~]# ctr task lsTASK PID STATUS[rootlocalhost ~]# ctr task start -d nginx1 #启动task即表示在容器中运行了进程即为动态容器-d后台[rootlocalhost ~]# ctr task ls #容器是以宿主机进程的方式存在的TASK PID STATUS nginx122614RUNNING[rootlocalhost ~]# ps aux | grep 22614root226140.00.0114687196? Ss15:400:00 nginx: master process nginx-gdaemon off;root229690.00.0122161104pts/0 S15:410:00grep--colorauto226146.进入容器操作[rootlocalhost ~]# ctr task exec --exec-id $RANDOM -t nginx1 /bin/sh #为exec进程设定一个id可以随意输入只要保证唯一即可也可使用$RANDOM变量#7.直接运行一个动态容器[rootlocalhost ~]# ctr run -d --net-host nginx:latest nginx2 # --net-host 代表容器的IP就是宿主机的IP(相当于docker里的host类型网络)8.暂停容器[rootlocalhost ~]# ctr tasks pause nginx2[rootlocalhost ~]# ctr task lsTASK PID STATUS nginx122614RUNNING nginx225569PAUSED#状态为PAUSED表示暂停9.恢复容器[rootlocalhost ~]# ctr tasks resume nginx2[rootlocalhost ~]# ctr task lsTASK PID STATUS nginx122614RUNNING nginx225569RUNNING#恢复RUNNING10.停止容器[rootlocalhost ~]# ctr tasks kill nginx2[rootlocalhost ~]# ctr tasks lsTASK PID STATUS nginx122614RUNNING nginx225569STOPPED#容器停止后STATUS为STOPPED11.删除容器[rootlocalhost ~]# ctr tasks delete nginx2 #必须先停止tasks或先删除task再删除容器[rootlocalhost ~]# ctr tasks lsTASK PID STATUS nginx122614RUNNING
)
)
