1. 系统兼容
Operating System | Containerd 1.4 - 1.7 |
---|---|
Ubuntu 20.04 LTS | Yes |
Ubuntu 22.04 LTS | Yes |
CentOS 7.9 | Yes |
Red Hat Core OS (RHCOS) | No |
Red Hat Enterprise Linux 8.6, 8.7, 8.8 | Yes |
2. 下载安装
软件版本
软件 | 版本 |
---|---|
runc | 1.1.9 |
containerd | 1.7.5 |
nerdctl | 1.5.0 |
crictl | 1.28.0 |
cni-plugin | 1.3.0 |
此脚本包含下载与安装。
- sh install-containerd.sh d #下载
- sh install-containerd.sh download #下载
- sh install-containerd.sh i #安装
- sh install-containerd.sh install #安装
#!/bin/bash
name=`basename $0 .sh`
ENABLE_DOWNLOAD=${ENABLE_DOWNLOAD:-true}
BASE_DIR="$( dirname "$( readlink -f "${0}" )" )"
if [ ! -e files ]; then
mkdir -p files
fi
FILES_DIR=./files
IMAGES_DIR=./images
# download files, if not found
download() {
url=$1
dir=$2
filename=$(basename $1)
mkdir -p ${FILES_DIR}/$dir
if [ ! -e ${FILES_DIR}/$dir/$filename ]; then
echo "==> download $url"
(cd ${FILES_DIR}/$dir && curl -SLO $1)
fi
}
download_files() {
if $ENABLE_DOWNLOAD; then
# TODO: These version must be same as kubespray. Refer `roles/downloads/defaults/main.yml` of kubespray.
RUNC_VERSION=1.1.9
CONTAINERD_VERSION=1.7.5
NERDCTL_VERSION=1.5.0
CRICTL_VERSION=1.28.0
CNI_VERSION=1.3.0
download https://github.com/opencontainers/runc/releases/download/v${RUNC_VERSION}/runc.amd64 runc/v${RUNC_VERSION}
download https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-amd64.tar.gz
download https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-amd64.tar.gz
download https://github.com/kubernetes-sigs/cri-tools/releases/download/v${CRICTL_VERSION}/crictl-v${CRICTL_VERSION}-linux-amd64.tar.gz
download https://github.com/containernetworking/plugins/releases/download/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz kubernetes/cni
else
FILES_DIR=./files
fi
}
select_latest() {
local latest=$(ls $* | tail -1)
if [ -z "$latest" ]; then
echo "No such file: $*"
exit 1
fi
echo $latest
}
install_runc() {
# Install runc
echo "==> Install runc"
sudo cp $(select_latest "${FILES_DIR}/runc/v*/runc.amd64") /usr/local/bin/runc
sudo chmod 755 /usr/local/bin/runc
}
install_nerdctl() {
# Install nerdctl
echo "==> Install nerdctl"
tar xvf $(select_latest "${FILES_DIR}/nerdctl-*-linux-amd64.tar.gz") -C /tmp
sudo cp /tmp/nerdctl /usr/local/bin
sudo mkdir /etc/nerdctl
sudo cat > /etc/nerdctl/nerdctl.toml <<EOF
debug = false
debug_full = false
address = "unix:///var/run/containerd/containerd.sock"
namespace = "k8s.io"
snapshotter = "overlayfs"
cni_path = "/opt/cni/bin"
cni_netconfpath = "/etc/cni/net.d"
cgroup_manager = "systemd"
hosts_dir = ["/etc/containerd/certs.d"]
insecure_registry = true
EOF
}
install_crictl () {
# Install crictl plugins
echo "==> Install crictl plugins"
sudo tar xvzf $(select_latest "${FILES_DIR}/crictl-v*-linux-amd64.tar.gz") -C /usr/local/bin
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
}
install_containerd() {
# Install containerd
echo "==> Install containerd"
echo ""
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
systemctl restart systemd-modules-load.service
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
sudo tar xvf $(select_latest "${FILES_DIR}/containerd-*-linux-amd64.tar.gz") --strip-components=1 -C /usr/local/bin
cat > /etc/systemd/system/containerd.service <<EOF
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
sudo mkdir -p \
/etc/systemd/system/containerd.service.d \
/etc/containerd \
/var/lib/containerd \
/run/containerd
cat > /etc/containerd/config.toml <<EOF
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = 0
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
[debug]
address = "/run/containerd/debug.sock"
uid = 0
gid = 0
level = "info"
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[plugins]
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
systemdCgroup = true
EOF
echo "==> Start containerd"
sudo systemctl daemon-reload && sudo systemctl enable --now containerd && sudo systemctl restart containerd && sudo systemctl status containerd | grep Active
}
install_cni() {
# Install cni plugins
echo "==> Install CNI plugins"
sudo mkdir -p /opt/cni/bin
sudo tar xvzf $(select_latest "${FILES_DIR}/kubernetes/cni/cni-plugins-linux-amd64-v*.tgz") -C /opt/cni/bin
}
action=$1
case $action in
d )
download_files
;;
i|install)
install_nerdctl
install_crictl
install_runc
install_containerd
install_cni
;;
*)
echo "Usage: $name [d|i]"
echo "sh $name d: it is download packages."
echo "sh$name i: it is install packages."
;;
esac
exit 0
下载介质
sh install-containerd.sh d
介质结构
$ tree
.
├── files
│ ├── containerd-1.7.5-linux-amd64.tar.gz
│ ├── crictl-v1.27.1-linux-amd64.tar.gz
│ ├── crictl-v1.28.0-linux-amd64.tar.gz
│ ├── kubernetes
│ │ └── cni
│ │ └── cni-plugins-linux-amd64-v1.3.0.tgz
│ ├── nerdctl-1.5.0-linux-amd64.tar.gz
│ └── runc
│ └── v1.1.9
│ └── runc.amd64
└── install-containerd.sh
5 directories, 7 files
拷贝离线机器节点安装
sh install-containerd.sh i
3. 检查
检查 containerd 服务状态
$ systemctl status containerd.service
● containerd.service - containerd container runtime
Loaded: loaded (/etc/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-12-07 15:29:13 CST; 1h 1min ago
Docs: https://containerd.io
Process: 2069 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 2073 (containerd)
Tasks: 23
Memory: 304.1M
CGroup: /system.slice/containerd.service
├─2073 /usr/local/bin/containerd
└─2733 /usr/local/bin/containerd-shim-runc-v2 -namespace default -id nginx1 -address /run/containerd/containerd.sock
Dec 07 16:05:16 localhost.localdomain containerd[2073]: time="2023-12-07T16:05:16.070075409+08:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=i...rd.ttrpc.v1
Dec 07 16:05:16 localhost.localdomain containerd[2073]: time="2023-12-07T16:05:16.070225781+08:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runti...rd.event.v1
Dec 07 16:05:16 localhost.localdomain containerd[2073]: time="2023-12-07T16:05:16.070487356+08:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io...rd.ttrpc.v1
Dec 07 16:05:25 localhost.localdomain containerd[2073]: time="2023-12-07T16:05:25.314451770+08:00" level=info msg="shim disconnected" id=nginx1 namespace=default
Dec 07 16:05:25 localhost.localdomain containerd[2073]: time="2023-12-07T16:05:25.314619808+08:00" level=warning msg="cleaning up after shim disconnected" id=nginx1 namespace=default
Dec 07 16:05:25 localhost.localdomain containerd[2073]: time="2023-12-07T16:05:25.314660589+08:00" level=info msg="cleaning up dead shim" namespace=default
Dec 07 16:07:07 localhost.localdomain containerd[2073]: time="2023-12-07T16:07:07.682100420+08:00" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." run...internal.v1
Dec 07 16:07:07 localhost.localdomain containerd[2073]: time="2023-12-07T16:07:07.682320004+08:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=i...rd.ttrpc.v1
Dec 07 16:07:07 localhost.localdomain containerd[2073]: time="2023-12-07T16:07:07.682429251+08:00" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runti...rd.event.v1
Dec 07 16:07:07 localhost.localdomain containerd[2073]: time="2023-12-07T16:07:07.682477794+08:00" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io...rd.ttrpc.v1
Hint: Some lines were ellipsized, use -l to show in full.
检查ctr & crictl $ nerdctl & containerd命令是否安装成功。
$ containerd --version
containerd github.com/containerd/containerd v1.7.5 fe457eb99ac0e27b3ce638175ef8e68a7d2bc373
$ crictl version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: v1.7.5
RuntimeApiVersion: v1
$ nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH
Client:
Version: v1.5.0
OS/Arch: linux/amd64
Git commit: b33a58f288bc42351404a016e694190b897cd252
buildctl:
Version:
Server:
containerd:
Version: v1.7.5
GitCommit: fe457eb99ac0e27b3ce638175ef8e68a7d2bc373
runc:
Version: 1.1.9
GitCommit: v1.1.9-0-gccaecfcb
$ ctr version
Client:
Version: v1.7.5
Revision: fe457eb99ac0e27b3ce638175ef8e68a7d2bc373
Go version: go1.20.7
Server:
Version: v1.7.5
Revision: fe457eb99ac0e27b3ce638175ef8e68a7d2bc373
UUID: 86b0073d-e329-4184-b319-e4c965369e7a
4. 测试
创建镜像仓库容器
cat > start-registry.sh <<EOF
#!/bin/bash
REGISTRY_IMAGE=${REGISTRY_IMAGE:-registry:2.8.2}
REGISTRY_DIR=${REGISTRY_DIR:-/var/lib/registry}
REGISTRY_PORT=${REGISTRY_PORT:-35000}
if [ ! -e $REGISTRY_DIR ]; then
sudo mkdir $REGISTRY_DIR
fi
echo "===> Start registry"
sudo /usr/local/bin/nerdctl --insecure-registry=true run -d \
--network host \
-e REGISTRY_HTTP_ADDR=0.0.0.0:${REGISTRY_PORT} \
--restart always \
--name registry \
-v $REGISTRY_DIR:/var/lib/registry \
$REGISTRY_IMAGE
EOF
sh start-registry.sh
配置 /etc/hosts
$ cat /etc/hosts
10.70.0.73 registry.demo
推送镜像入库
nerdctl pull registry:2.8.2
nerdctl tag registry:2.8.2 registry.demo:35000/registry:2.8.2
nerdctl --insecure-registry=true push registry.demo:35000/registry:2.8.2
nerdctl --insecure-registry=true pull registry.demo:35000/registry:2.8.2
参考: