containerd基本使用

随着kubernetes的新版本的更新迭代，docker已经被containerd替换掉了，containerd的优势这里就不过多的描述，这里主要说一下containerd的基本使用，containerd和docker一样都是容器，只是在使用的时候命令不太一样，这里主要说一下containerd使用的常用命令。安装就不做过多的描述了，看一下下面安装方法：

[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ yum makecache fast
# 2.安装containerd
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ yum install containerd -y
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ containerd --version # 查看containerd版本
# 3.启动containerd
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ systemctl start containerd && systemctl enable containerd && systemctl status containerd

Containerd和docker一样也有镜像源，也需要在containerd的配置文件中进行修改。

# 直接生产默认配置文件：containerd config default > /etc/containerd/config.toml
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ vim /etc/containerd/config.toml
[plugins]
  [plugins.cri]
    [plugins.cri.registry]
      [plugins.cri.registry.mirrors]
        [plugins.cri.registry.mirrors."docker.io"]
          endpoint = ["https://pft7f97f.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"]
        [plugins.cri.registry.mirrors."gcr.io"]
          endpoint = [
            "https://gcr.mirrors.ustc.edu.cn"
          ]
        [plugins.cri.registry.mirrors."k8s.gcr.io"]
          endpoint = [
            "https://gcr.mirrors.ustc.edu.cn/google-containers/"
          ]
        [plugins.cri.registry.mirrors."quay.io"]
          endpoint = [
            "https://quay.mirrors.ustc.edu.cn"
          ]
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ systemctl daemon-reload && systemctl restart containerd && systemctl status containerd
 # 5.开启包转发功能和修改内核参数
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ net.ipv4.ip_forward = 1
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ net.bridge.bridge-nf-call-ip6tables = 1
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ net.bridge.bridge-nf-call-iptables = 1
 
参数生效：sysctl -p
查看： lsmod | grep br_netfilter

如果需要使用私有镜像可以在containerd的配置里设置镜像仓库的用户名和密码即可。

[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry.auths]
        username = "admin"
        password = "Harbor12345"
 
      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        insecure_skip_verify = true
 
      [plugins."io.containerd.grpc.v1.cri".registry.headers]
 
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://pft7f97f.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.10.12"]
          endpoint = ["https://192.168.10.12/"]
第二中方式：
[plugins]
  [plugins.cri]
    [plugins.cri.registry]
      [plugins.cri.registry.mirrors]
        [plugins.cri.registry.mirrors."docker.io"]
          endpoint = ["https://pft7f97f.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"]
        [plugins.cri.registry.mirrors."gcr.io"]
          endpoint = [
            "https://gcr.mirrors.ustc.edu.cn"
          ]
        [plugins.cri.registry.mirrors."k8s.gcr.io"]
          endpoint = [
            "https://gcr.mirrors.ustc.edu.cn/google-containers/"
          ]
        [plugins.cri.registry.mirrors."quay.io"]
          endpoint = [
            "https://quay.mirrors.ustc.edu.cn"
          ]
        [plugins.cri.registry.mirrors."192.168.10.12"]
          endpoint = ["http://192.168.10.12"]
        [plugins.cri.registry.configs."192.168.10.12".auth]
          username = "admin"
          password = "Harbor12345"

containerd基本操作命令

命令介绍：
ctr：是containerd本身的CLI
crictl ：是Kubernetes社区定义的专门CLI工具
1.查看本地镜像列表
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr images list  或者 crictl images
查看导入的镜像
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr images ls 
列表名称：
REF TYPE DIGEST SIZE PLATFORMS LABELS
2.下载镜像命令
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr images pull docker.io/rancher/mirrored-pause
# 3.上传命令
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr images tag  docker.io/docker/alpine:latest  host/test/alping:v1
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr images pull host/test/alping:v1
# 4.导入/导出本地镜像
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr images import app.tarctr images exporter
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr i ls -q
docker.io/library/busybox:1.28
docker.io/library/tomcat:8.5-jre8-alpine
# 导出
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr i export busybox-1.28.tar.gz docker.io/library/busybox:1.28
# 删除
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr i rm docker.io/library/busybox:1.28
docker.io/library/busybox:1.28
# 导入
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr i import busybox-1.28.tar.gz 
unpacking docker.io/library/busybox:1.28 (sha256:585093da3a716161ec2b2595011051a90d2f089bc2a25b4a34a18e2cf542527c)...done
# 查看容器名称列表
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr i ls -q
docker.io/library/busybox:1.28
docker.io/library/tomcat:8.5-jre8-alpine
# 5.显示运行的容器列表
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ crictl ps
# 6.删除本地镜像ctr images ls
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ crictl rmi  # 没生效可以使用下面这个ctr i rm REF名称# 7. 查看容器资源情况
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ crictl stats# 8.登录容器平台crictl exec# 9.容器启动和停止crictl start/stop# 10.查看容器日志crictl logs
[wolf@wulaoer.org 🔥🔥🔥🔥 ~ ]$ ctr image --help
NAME:
   ctr images - manage images
 
USAGE:
   ctr images command [command options] [arguments...]
 
COMMANDS:
   check                    check existing images to ensure all content is available locally
   export                   export images
   import                   import images
   list, ls                 list images known to containerd
   mount                    mount an image to a target path
   unmount                  unmount the image from the target
   pull                     pull an image from a remote
   push                     push an image to a remote
   delete, del, remove, rm  remove one or more images by reference
   tag                      tag an image
   label                    set and clear labels for an image
   convert                  convert an image

containerd的使用方法目前就介绍这么多了，后期如果有更新就在补充，这里总结一下docker和containerd的使用是一样的，只是命令不太一样，只需要记住区别之处即可，后面如果经常使用的话就会慢慢的习惯。