轻量级容器运行时containerd安装

1、yum安装
1.1、获取阿里云YUM源

wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

1.2、查看YUM源中Containerd软件

yum list | grep containerd
containerd.io.aarch64                                                                    1.6.28-3.2.el9                                 @docker-ce-stable  

1.3、使用yum命令安装

yum -y install containerd.io

1.4、验证安装及启动服务

rpm -qa | grep containerd
containerd.io-1.6.28-3.2.el9.aarch64

1.5、启动containerd服务及开机自启动

systemctl start containerd
systemctl enable containerd

1.6、查看containerd服务状态

systemctl status containerd

1.7、验证服务是否安装正常

ctr version
Client:
  Version:  1.6.28
  Revision: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
  Go version: go1.21.8

Server:
  Version:  1.6.28
  Revision: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
  UUID: c29fa413-0060-4fe3-a127-fb43ffac94c8

2、查看containerd系统启动文件

cat /usr/lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd  # 系统启动命令

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

3、安装runc
3.1、下载runc

wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64 #amd版本
wget https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.arm64 # arm版本

3.2、查看已下载的文件

[root@192 ~]# ls
runc.amd64

3.3、移动可执行文件到指定目录

mv runc.arm64 /usr/sbin/runc

3.4、为runC添加可执行权限

chmod +x /usr/sbin/runc

3.5、验证runc是否安装成功

runc -v
runc version 1.1.12
commit: v1.1.12-0-g51d5e946
spec: 1.0.2-dev
go: go1.20.13
libseccomp: 2.5.4

4、拉取镜像

ctr images pull docker.io/library/nginx:latest

5、查看镜像列表

ctr image ls
REF                            TYPE                                    DIGEST                                                                  SIZE     PLATFORMS                                                                                                               LABELS 
docker.io/library/nginx:latest application/vnd.oci.image.index.v1+json sha256:6db391d1c0cfb30588ba0bf72ea999404f2764febf0f1f196acd5867ac7efa7e 64.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x,unknown/unknown - 

6、运行一个镜像

ctr run -d --net-host docker.io/library/nginx:latest nginx1
--net-host # 使用主机网络
nginx1 启动容器的名称

7、查看正在运行的镜像

ctr container ls
CONTAINER    IMAGE                             RUNTIME                  
nginx1       docker.io/library/nginx:latest    io.containerd.runc.v2  

8、查看已运行容器中运行的进程既tasks

ctr tasks ls
TASK      PID      STATUS    
nginx1    24731    RUNNING

9、进入容器

ctr task exec --exec-id 1 -t nginx1 /bin/bash

9.1、测试是否启动成功

echo "nginx2" > /usr/share/nginx/html/index.html
curl localhost
nginx2 # 显示此名称表示成功请求

10、查看containerd配置文件

cat /etc/containerd/config.toml 
#   Copyright 2018-2022 Docker Inc.

#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at

#       http://www.apache.org/licenses/LICENSE-2.0

#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

disabled_plugins = ["cri"]

#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0

#[grpc]
#  address = "/run/containerd/containerd.sock"
#  uid = 0
#  gid = 0

#[debug]
#  address = "/run/containerd/debug.sock"
#  uid = 0
#  gid = 0
#  level = "info"

二、containerd常用命令
2.1、只打印镜像名称

ctr image ls -q 
docker.io/library/nginx:alpine
docker.io/library/nginx:latest

2.2、重新打标签

ctr image tag docker.io/library/nginx:alpine harbor.test.com/library/nginx:alpine
harbor.test.com/library/nginx:alpine

2.3、只显示镜像名称

ctr image ls -q
docker.io/library/nginx:alpine
docker.io/library/nginx:latest
harbor.test.com/library/nginx:alpine

2.4、删除镜像（加上 --sync 选项可以同步删除镜像和所有相关的资源）

ctr image rm harbor.test.com/library/nginx:alpine
harbor.test.com/library/nginx:alpine

2.5、验证是否正常删除

ctr image ls -q
docker.io/library/nginx:alpine
docker.io/library/nginx:latest

2.6、查看容器详细配置

ctr container info nginx1

2.7、删除容器

tr container rm nginx
ctr container ls

2.8、创建命名空间

ctr ns create test
ctr ns ls
NAME    LABELS 
default        
test    

2.9、使用 remove 或者 rm 可以删除 namespace

ctr ns rm test
test

2.10、指定命名空间查看容器资源

ctr -n test image ls