Containerd is a container virtualization technology, which is stripped from docker and forms part of the Open Container Interface (OCI) standard.
Docker's management and operation of containers are basically done through containerd. Containerd is an industry-standard container runtime, which emphasizes simplicity, robustness, and portability. Containerd can manage the complete container life cycle in the host: the transmission and storage of container images, the execution and management of containers, storage and networking, etc. In detail, Containerd is responsible for the following things:
•Manage the life cycle of containers (from container creation to container destruction)
• Pull/push container image
•Storage management (manage the storage of image and container data)
• Invoke runC to run the container (interact with runC and other container runtimes)
• Manage container network interfaces and networks
Note: Containerd is designed to be embedded in a larger system, not directly used by developers or end users.
We can understand why a separate containerd is needed from the following points:
• Continue to separate projects from the overall docker engine (the idea of open source projects)
• Can be used by projects such as Kubernets CRI (generalized)
• Lay the foundation for extensive industry cooperation (just like runC)
After docker is installed, containerd is installed by default, and containerd contains the following command components:
•Containerd: High-performance container runtime.
• ctr: The command line client of containerd.
•Runc: A command line tool for running containers.
docker、containerd、docker-shim、runC关系:
Docker: As far as docker itself is concerned, it includes docker client and dockerd. dockerd is actually the top-level encapsulation of the api for container-related operations, directly facing operating users.
containerd: What dockerd actually actually calls is the api interface of containerd (implemented in rpc mode), and containerd is an intermediate communication component between dockerd and runC.
docker-shim: A carrier for real running containers. Every time a container is started, a new docker-shim process will be started. It creates a container by specifying three parameters: container ID, boundle directory (containerd corresponds to a container generation directory), and runtime binary (default is runC) to call runC's api to create a container.
runC: A command-line tool to create and run containers according to OCI standards.
containerd app
The docker image and containerd image are common, but the organization method and storage directory are different, which makes the docker and ctr commands not common, and each manages its own image and container.
In addition, k8s also has a client command crictl, the usage is basically the same as docker, you can view the usage with crictl -h.
The default configuration file of containerd is /etc/containerd/config.toml, you can use the command:
containerd config default
Output default configuration, please refer to the document https://github.com/containerd/containerd/blob/master/docs/ops.md
root = "/var/lib/containerd" state = "/run/containerd" oom_score = 0 ……
The root key is used to store containerd persistent data.
The state key is used to store temporary data of containerd, and the data is lost after the device restarts.
Show containerd image
sudo ctr images ls
Pull the hello-world image
sudo ctr images pull docker.io/library/hello-world:latest
Note: The full path must be downloaded, and the default hello-world image is downloaded from dockerhub.
Run the container
sudo ctr run docker.io/library/hello-world:latestmy_hello-world sudo ctr run -t docker.io/library/busybox:latestmybusybox_demosh