k8s安装nerdctl和buildctl,配置containerd镜像加速
参考
背景
自从k8s 1.24,Dockershim 组件正式从 kubelet 中移除后,containerd作为运行时成为更多人的选择。虽然 containerd 自带的 crictl 和 ctr 命令能够进行一些简单的管理,但是并不好用,比如说不支持build镜像。因此使用nerdctl + buildkitd 来管理镜像更为合适。
BuildKit 是由 Docker 公司开发的 下一代 docker build 工具,具有更高效、更安全、易于扩展等特点。BuildKit 是由 buildkitd 守护程序和 buildctl 客户端组成。buildkitd 作为服务端,连接容器运行时,目前支持 runc(or crun)和 containerd 作为镜像构建环境,默认是 runc。
buildctl 作为客户端,负责解析Dockerfile文件,并向buildkitd发出构建请求。由于命令较为复杂,使用 nerdclt 替代。
安装nerdctl
前提是containerd都已安装并启动完成。
nerdctl下载链接:https://github.com/containerd/nerdctl/releases/tag/v1.7.6
nerdctl 官方发布包含两个安装版本:
- Minimal:仅包含 nerdctl 二进制文件及 rootless 模式下的辅助安装脚本; Full:全量包,其中包含了
- Containerd、CNI、runc、BuildKit 等完整组件。
下载nerdctl
github上提供了Mnimal和Full两个版本,Full版本包括了Containerd、CNI、runc、BuildKit 等完整组件。因为我的项目已经安装了Containerd、CNI、runc,这个笔记里记录的是安装nerdctl和BuildKit,GitHub上的下载速度比较慢,我是用迅雷下载后,通过FileZilla上传云服务器的。
wget https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-full-1.7.6-linux-amd64.tar.gz
解压安装nerdctl
2.1、mkdir -p /usr/local/containerd/bin/ && tar -zxvf nerdctl-1.7.6-linux-amd64.tar.gz nerdctl && mv nerdctl /usr/local/containerd/bin/
nerdctl
2.2、ln -s /usr/local/containerd/bin/nerdctl /usr/local/bin/nerdctl
2.3、nerdctl version
查看版本信息,确认安装,系统提示找不到buildctl;后面安装
[root@master ~]# mkdir -p /usr/local/containerd/bin/ && tar -zxvf nerdctl-1.7.6-linux-amd64.tar.gz nerdctl && mv nerdctl /usr/local/containerd/bin/
nerdctl
[root@master ~]# ln -s /usr/local/containerd/bin/nerdctl /usr/local/bin/nerdctl
[root@master ~]# nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH
Client:
Version: v1.5.0
OS/Arch: linux/amd64
Git commit: b33a58f288bc42351404a016e694190b897cd252
buildctl:
Version:
Server:
containerd:
Version: v1.7.20
GitCommit: 8fc6bcff51318944179630522a095cc9dbf9f353
runc:
Version: 1.1.13
GitCommit: v1.1.13-0-g58aa9203-dirty
安装buildctl
ctr命令不支持镜像构建,nerdctl通过安装buildkit可以支持镜像构建。
buildkit组成部分:
-
buildkitd(服务端),目前支持runc和containerd作为镜像构建环境,默认是runc,可以更换containerd。
-
buildctl(客户端),负责解析Dockerfile文件、并向服务端buildkitd发出构建请求。
下载buildctl
buildkit仓库:https://github.com/moby/buildkit
1.1、wget https://github.com/moby/buildkit/releases/download/v0.12.2/buildkit-v0.12.2.linux-amd64.tar.gz
安装buildctl
1.2、mkdir -p /usr/local/buildctl -p && tar -zxvf buildkit-v0.12.2.linux-amd64.tar.gz -C /usr/local/buildctl
1.3、ln -s /usr/local/buildctl/bin/buildkitd /usr/local/bin/buildkitd
1.4、ln -s /usr/local/buildctl/bin/buildctl /usr/local/bin/buildctl
[root@master ~]# mkdir -p /usr/local/buildctl -p && tar -zxvf buildkit-v0.12.2.linux-amd64.tar.gz -C /usr/local/buildctl
bin/
bin/buildctl
bin/buildkit-qemu-aarch64
bin/buildkit-qemu-arm
bin/buildkit-qemu-i386
bin/buildkit-qemu-mips64
bin/buildkit-qemu-mips64el
bin/buildkit-qemu-ppc64le
bin/buildkit-qemu-riscv64
bin/buildkit-qemu-s390x
bin/buildkit-runc
bin/buildkitd
[root@master ~]# ln -s /usr/local/buildctl/bin/buildkitd /usr/local/bin/buildkitd
[root@master ~]# ln -s /usr/local/buildctl/bin/buildctl /usr/local/bin/buildctl
使用nerdctl
nerdctl 是 containerd 的命令行界面的工具。nerdctl 兼容 docker ,如果会使用 docker-cli 就等于掌握了 nerdctl 80% 的使用方法。nerdctl 不但兼容docker-cli 甚至还兼容了 docker-compose的功能点。
更名docker
[root@master ~]# cat << 'EOF' > /usr/local/bin/docker
> #!/bin/bash
> /usr/local/bin/nerdctl $@
> EOF
[root@master ~]# chmod +x /usr/local/bin/docker
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
nerdctl bash自动补全
[root@master ~]# yum install bash-completion -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel | 4.3 kB 00:00:00
extras | 2.9 kB 00:00:00
kubernetes | 1.7 kB 00:00:00
os | 3.6 kB 00:00:00
updates | 2.9 kB 00:00:00
Package 1:bash-completion-2.1-8.el7.noarch already installed and latest version
Nothing to do
[root@master ~]# nerdctl completion bash > /etc/bash_completion.d/nerdctl
[root@master ~]# source /etc/bash_completion.d/nerdctl
[root@master ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
添加 docker 别名的自动补全
[root@master ~]# nerdctl completion bash > /etc/bash_completion.d/docker
[root@master ~]# source /etc/bash_completion.d/nerdctl
[root@master ~]# source /etc/bash_completion.d/docker
[root@master ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
[root@master ~]# docker -v
nerdctl version 1.5.0
为containerd配置镜像加速(docker)
参考:解决镜像加速问题
1、编辑/etc/containerd/config.toml文件,插入如下 config_path:
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
2、在步骤1中指定的 **config_path **路径中创建 docker.io/hosts.toml 文件
server = "https://docker.io"
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
[host."https://reg-mirror.qiniu.com"]
capabilities = ["pull", "resolve"]
3、更多的镜像加速,需要逐一添加
# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"
[host."https://k8s.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"
[host."https://elastic.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"
[host."https://gcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"
[host."https://ghcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"
[host."https://k8s-gcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"
[host."https://mcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"
[host."https://nvcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"
[host."https://quay.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF'
server = "https://registry.jujucharms.com"
[host."https://jujucharms.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF'
server = "https://rocks.canonical.com"
[host."https://rocks-canonical.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
扫一扫
383
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
