1) Basic knowledge about Containerd
Starting from version 1.11 of Docker, the running of Docker containers is not simply started by Docker Daemon, but by integrating multiple components such as containerd and runc.
Although the Docker Daemon daemon module is constantly refactoring, the basic functions and positioning have not changed much. It has always been a CS architecture. The daemon is responsible for interacting with the Docker Client and managing Docker images and containers.
The component containerd in the current architecture is responsible for the lifecycle management of the containers on the cluster nodes, and provides the Docker Daemon with a gRPC interface.
Containerd-shim is a plugin for Containerd, which is used to act as a process manager, receive commands from containerd, and create and manage processes inside the container. It can work with Runc so that operations such as creating, starting, stopping, suspending, and resuming containers can be effectively handled. In a word, container creation is done by Containerd-shim.
We all know that creating a container requires some configuration of namespaces and cgroups, as well as the operation of mounting the root file system. In fact, these operations already have standard specifications, that is OCI (Open Container Standard).
OCI is essentially a specification document, which mainly stipulates the structure standard of the container image and the standard of the container receiving operation instructions, such as create, start, stop, delete and other commands. In fact, Runc implements the management container according to various specifications of this OCI.
So the containerd-shim is used to call runc to start the container. After running the container, runc will exit directly, and containerd-shim will become the parent process of the container process. It is responsible for collecting the status of the container process and reporting it to containerd. And after the process with pid 1 in the container exits, it will take over the child process in the container to clean up, so as to ensure that no zombie process will appear.
Containerd is an industry-standard container runtime that emphasizes simplicity, robustness, and portability. containerd can be responsible for the following:
-
Manage the lifecycle of containers (from creation to destruction)
-
Pull/push container images
-
Storage management (manage the storage of image and container data)
-
Call runc to run the container (interact with container runtimes such as runc)
-
Manage container network interfaces and networks
2) containerd installation
The following steps are to install containerd on Rocky8/RHEL8
Install the yum-utils tool first
yum install -y yum-utils
Configure Docker's official yum warehouse, if you have done it, you can skip it
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
Install containerd
yum install containerd.io -y
Start the service and set it to start automatically at boot
systemctl enable containerd
systemctl start containerd
3) containerd command line tool ctr
Ctr is the command line tool of containerd, which can be used to execute and manage tasks in containerd. ctr is mainly used for development and debugging, not in production environment. Common usage is as follows:
Check containerd version
ctr version
pull image
ctr images pull docker.io/library/busybox:latest #其中images可以简写为i
List local mirrors
ctr images list #或者简写
ctr i ls
modify tag
ctr i tag docker.io/library/busybox:latest busybox:latest
delete mirror
ctr i rm docker.io/library/busybox:latest
run container
ctr run -d busybox:latest busybox
List running containers
ctr containers list #或者简写为
ctr c ls
List tasks
ctr tasks ls #或者简写
ctr t ls
Execute commands in the container
ctr t exec --exec-id 1860 busybox ls #1860为任务ID
into the container
ctr t exec -t --exec-id 1860 busybox sh
Delete container
ctr t kill -s SIGKILL busybox #先杀掉进程
ctr c rm busybox #再删除容器
In short, there are still many differences between this ctr tool and docker's command line tool.