Foreword:
Runtime runtime is divided into high-level runtime and low-level runtime, following the oci standard.
Low-level runtime: runc, lxc, gvisor, kata... (pure container management, unable to manage images)
High-level runtime: docker, containerd, podman, cri-o, rkt... (can manage not only containers but also images)
setterm -blank 0 turn off the screen saver
1. Install and configure Docker
rm -rf /etc/yum.repos.d/* ; wget ftp://ftp.rhce.cc/k8s/* -P /etc/yum.repo
Delete the original source and replace the source.
Install Docker
yum -y install docker-ce
In the practice environment, use the following command to install
#yum -y install /root/soft/docker-rpm/*
#systemctl enable docker --now
Where does the mirror image come from?
Build it yourself, pull it. Pulling foreign mirrors is very slow, so you need to configure an accelerator.
Configure Docker Accelerator:
cat > /etc/docker/daemon.json <<EOF
{ "registry-mirrors": ["https://frz7i079.mirror.aliyuncs.com"]
}
EOF
systemctl restart docker
#配置完json文件后重启dockerAs long as it is not the last line in this file, it must end with a comma. And the last line does not need to end with a comma.
You can use the docker info command to view docker system-level information.
Where runtimes shows the supported low-level runtimes
docker is the command name, docker is the service name, and a process named dockerd will run when docker is started.
2. Install containerd
Delete the original source, replace the source, and install containerd
rm -rf /etc/yum.repos.d/* ; wget ftp://ftp.rhce.cc/k8s/* -P /etc/yum.repos.d/
yum -y install containerd.io cri-tools
In the practice environment, use the following command to install:
#yum -y install /root/soft/containerd-rpm/*
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
#连接到客户端
#安装crictl客户端工具
containerd config default > /etc/containerd/config.toml
#初始化Containerd配置
配置containerd:
第一:搜索mirrors,把
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
改成
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io
"]
endpoint = ["https://frz7i079.mirror.aliyuncs.com
"]
第二:搜索sandbox,把
sandbox_image = "k8s.gcr.io/pause:3.6"
改为
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"
第三:搜索SystemdCgroup,把
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = false
改成
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
You can use crictl info to view crictl information
The default low-level runtime is runc
(2) Install nerdctl
Under /root/soft/nerdctl:
tar zxf nerdctl-0.23.0-linux-amd64.tar.gz -C /usr/bin/
mkdir -p /opt/cni/bin/
tar zxf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
Create a namespace:
mkdir /etc/nerdctl
cat > /etc/nerdctl/nerdctl.toml <<EOF
debug = false
debug_full = false
address = "unix:///var/run/containerd/containerd.sock"
namespace = "default"
#snapshotter = "stargz"
cgroup_manager = "systemd"
#hosts_dir = ["/etc/containerd/certs.d","/etc/nerdctl/certs.d"]
insecure_registry = false
EOFThe accelerator needs to be configured separately for nerdctl:
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
# server = "https://docker.io
"
[host."https://frz7i079.mirror.aliyuncs.com
"]
capabilities = ["
pull"
,
"
resolve
"]
override_path = true
EOF(3) Namespace in containerd (namespace)
Can be changed in the configuration file /etc/nerdctl/nerdctl.toml
The default is default. Modify nerdctl to use the k8s.io namespace. It is understood that nerdctl also looks at the content in k8s.io.