OpenEuler/Centos安装containerd容器,cni,nerdctl,buildkit,runc
OpenEuler/Centos安装containerd容器,cni,nerdctl,buildkit,runc
一,Containerd 的技术方向和目标
完整的 OCI 支持(runtime 和 image spec)
同时具备稳定性和高性能的定义良好的容器核心功能
一个解耦的系统(让 image、filesystem、runtime 解耦合),实现插件式的扩展和重用
为什么需要独立的 containerd:
以往隶属于docker项目中,现如今从整体 docker 引擎中分离出的项目(开源项目的思路)
可以被 Kubernets CRI 等项目使用(通用化)
为广泛的行业合作打下基础(就像 runC 一样)
二,安装步骤
1,Centos7需要升级内核,OpenEuler2203不需要。
[root@os-240 ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
[root@os-240 ~]# yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
#建议迁移lt长期支持内核
[root@os-240 ~]# yum --enablerepo='elrepo-kernel' install kernel-lt kernel-lt-devel
[root@os-240 ~]# grub2-set-default 0
[root@os-240 ~]# reboot
不升级内核,启动containerd服务或是拉取镜像会报以下错误:
Mar 24 11:05:03 os-240 containerd: time="2023-03-24T11:05:03.870447561+08:00" level=error msg="(*service).Write failed" error="rpc error: code = Canceled desc = context canceled" expected="sha256:d4ceccbfc2696101c94fbf2149036e4ff815e4723e518721ff85105ce5aa8afc" ref="layer-sha256:d4ceccbfc2696101c94fbf2149036e4ff815e4723e518721ff85105ce5aa8afc" total=1405
FATA[0005] failed to copy: httpReadSeeker: failed open: failed to do request: Get "https://registry-1.docker.io/v2/library/nginx/blobs/sha256:e9427fcfa8642f8ddf5106f742a75eca0dbac676cf8145598623d04fa45dd74e": dial tcp: lookup registry-1.docker.io on 114.114.114.114:53: no such host
如果出现镜像无法下载情况,可以修改dns1=8.8.8.8
2,下载相关软件包, 需要安装的软件版本如下:
[root@os-240 ~]# wget https://github.com/opencontainers/runc/releases/download/v1.1.12/libseccomp-2.5.4.tar.gz
[root@os-240 ~]# wget https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64
[root@os-240 ~]# wget https://github.com/containernetworking/plugins/releases/download/v1.5.0/cni-plugins-linux-amd64-v1.5.0.tgz
[root@os-240 ~]# wget https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-amd64.tar.gz
[root@os-240 ~]# wget https://github.com/moby/buildkit/releases/download/v0.11.5/buildkit-v0.11.5.linux-amd64.tar.gz
[root@os-240 ~]# wget https://github.com/containerd/containerd/releases/download/v1.6.32/containerd-1.6.32-linux-amd64.tar.gz
# 安装新版libseccomp软件包,runc需要使用
[root@os-240 ~]# dnf groupinstall '开发工具' 或 dnf groupinstall 'Development Tools'
[root@os-240 ~]# tar zxvf libseccomp-2.5.4.tar.gz
[root@os-240 ~]# yum -y install gperf #根据情况安装编写环境
[root@os-240 ~]# ./configure
[root@os-240 ~]# make && make install
3,安装配置containerd
# 配置时区
timedatectl set-timezone Asia/Shanghai
[root@os-240 ~]# tar xvf containerd-1.7.0-linux-amd64.tar.gz
# 二进制文件都安装到/usr/local/bin/目录下
[root@os-240 ~]# mv /root/bin/* /usr/local/bin/ && rm -rf /root/bin
#创建containerd systemd service启动管理文件
[root@os-240 ~]# cat << EOF > /usr/lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
[root@os-240 ~]# mkdir /etc/containerd
[root@os-240 ~]# containerd config default > /etc/containerd/config.toml
[root@os-240 ~]# systemctl daemon-reload
修改配置文件
vim下搜索/mirrors,添加镜像加速,使用docker镜像源即可,上下级配置,缩进两个空格。
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://dxc7f1d6.mirror.aliyuncs.com"]
或是使用:
endpoint = ["https://registry-1.docker.io"]
[root@os-240 ~]# mkdir -p /opt/cni/bin
[root@os-240 ~]# mkdir -p /etc/containerd
[root@os-240 ~]# systemctl enable --now containerd
4,安装runc
[root@os-240 ~]# install -m 755 runc.amd64 /usr/local/sbin/runc
[root@k8sm1 ~]# runc -version
runc version 1.1.12
commit: v1.1.12-0-g51d5e946
spec: 1.0.2-dev
go: go1.20.13
libseccomp: 2.5.4
5,安装buildkit,实现Dockerfile构建镜像
[root@os-240 ~]# mkdir buildkit
[root@os-240 ~]# tar zxvf buildkit-v0.13.2.linux-amd64.tar.gz -C buildkit
[root@os-240 ~]# cp -a buildkit/bin/build* /usr/local/sbin/
添加启动服务
[root@os-240 ~]#
cat << EOF > /etc/systemd/system/buildkit.service
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Service]
ExecStart=/usr/local/sbin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
EOF
[root@os-240 ~]# systemctl daemon-reload
[root@os-240 ~]# systemctl enable buildkit --now
[root@os-240 ~]# systemctl status buildkit.service
6,安装cni网络插件
CNI:Container network interface容器网络接口,为容器分配ip地址网卡等
[root@os-240 ~]# mkdir -p /opt/cni/bin
[root@os-240 ~]# tar zxvf cni-plugins-linux-amd64-v1.5.0.tgz -C /opt/cni/bin/
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
# 给containerd配置一个网络
root@containerd:/tools# nerdctl network create docker0
#如不配置网络,会有以下报错。
# Mar 24 10:14:51 os-240 containerd: time="2023-03-24T10:14:51.282280892+08:00" level=error msg="failed to load cni during init, please check CRI plugin status before setting up network for pods" error="cni config load failed: no network config found in /etc/cni/net.d: cni plugin not initialized: failed to load cni config"
[root@os-240 ~]# nerdctl network ls
NETWORK ID NAME FILE
17f29b073143 bridge /etc/cni/net.d/nerdctl-bridge.conflist
297a8b73df18 docker0 /etc/cni/net.d/nerdctl-docker0.conflist
host
none
[root@os-240 ~]# nerdctl network create bridge
# 最后重启containerd
root@containerd:/tools# systemctl restart containerd.service
# 创建容器时,不加--netwrok 参数时,默认使用bridge网卡。
[root@os-240 ~]# nerdctl run -dt --name=nginx --network docker0 -p 8082:80 docker.io/library/nginx:latest
#以上添加network命令使用docker0网络,网络配置文件内容可以修改 /etc/cni/net.d/nerdctl-docker0.conflist。
7,安装命令工具,这里使用nerdctl,与docker命令基本一样。
[root@os-240 ~]# tar zxvf buildkit-v0.13.2.linux-amd64.tar.gz -C /usr/local/sbin/
[root@os-240 ~]#
cat << EOF > /etc/systemd/system/buildkit.service
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit
[Service]
ExecStart=/usr/local/sbin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
EOF
[root@os-240 ~]# systemctl daemon-reload
[root@os-240 ~]# systemctl enable buildkit --now
[root@os-240 ~]# sudo modprobe overlay
[root@os-240 ~]# sudo modprobe br_netfilter
[root@os-240 ~]# systemctl restart containerd.service
8,命令补全
[root@os-240 ~]# source /usr/share/bash-completion/bash_completion
[root@os-240 ~]# source <(nerdctl completion bash)
[root@os-240 ~]# echo "source <(nerdctl completion bash)" >> ~/.bashrc
[root@os-240 ~]# source ~/.bashrc
[root@os-240 ~]# ln -s /usr/local/sbin/nerdctl /usr/local/sbin/docker
# 实现与docker命令操作一样的效果
9,命令测试
[root@os-240 ~]# nerdctl run -dt --name=nginxweb --network docker0 -p 8083:80 docker.io/library/nginx:latest
7181edec2d8a556ac8d2fbbff36123797963ac7091ec2d44a66efacb2732237d
[root@os-240 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7181edec2d8a docker.io/library/nginx:latest "/docker-entrypoint.…" 5 seconds ago Up 0.0.0.0:8083->80/tcp nginxweb
[root@os-240 ~]#
[root@os-240 ~]# curl -i 127.0.0.1:8083
目录 返回
首页