Containerd 二进制安装与使用

近期行业内听到K8S用Containerd替换掉原默认的容器runtime dockerd的消息满天飞，公司同事也开始躁动起来，开始学习上手这个未来新宠containerd。这不为初次使用containerd的同学快速入坑，弄个入门的初级使用教程 ~_~

目的

1. 如何使用二进制包方式安装containerd
2. 如何使用containerd基础命令对镜像与容器操作

文件使用当前最近版本：

• containerd-1.5.2
• runc v1.0.0-rc95

1.1 运行时 Runc 安装

#下载二进制包
wget https://github.com/opencontainers/runc/releases/download/v1.0.0-rc95/runc.amd64
# 执行Path和权限设置
mv runc.amd64 /usr/local/sbin/runc 
chmod +x /usr/local/sbin/runc

1.2 Containerd 安装

#下载二进制包
wget https://github.com/containerd/containerd/releases/download/v1.5.2/containerd-1.5.2-linux-amd64.tar.gz
tar -zxvf containerd-1.5.2-linux-amd64.tar.gz 

#执行文件放置系统Path
mv ./bin/* /usr/local/bin/

# systemd 服务启动脚本文件配置
cat > /lib/systemd/system/containerd.service << EOF

# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

EOF

1.3 Containerd 配置与启动

#创建Containerd默认配置
containerd config default > /etc/containerd/config.toml

# 启动服务
systemctl start containerd.service  
#systemctl stop containerd.service

# 检测安装工具
runc -v
ctr -v

二进制安装非常简单，如果不出异常，现在containerd安装已完成，可以开始进行容器与镜像的操作了。

2.1 ctr 镜像操作

#拉取公开镜像
[console]#ctr image pull docker.io/library/busybox:latest

docker.io/library/busybox:latest:                                                 resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:f3cfc9d0dbf931d3db4685ec659b7ac68e2a578219da4aae65427886e649b06b: done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:92f8b3f0730fef84ba9825b3af6ad90de454c4c77cde732208cf84ff7dd41208:    done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:d3cd072556c21c1f1940bd536675b97d7d419a2287d6bb3bd5044ea7466db788:   done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 7.1 s                                                                    total:  4.0 Ki (572.0 B/s)
unpacking linux/amd64 sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff...
done: 67.292444ms

#查看镜像列表
[console]# ctr images list

REF                              TYPE                                                      DIGEST                                                                  SIZE      PLATFORMS                                                                                                            LABELS
docker.io/library/busybox:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:b5fc1d7b2e4ea86a06b0cf88de915a2c43a99a00b6b3c0af731e5f4c07ae8eff 752.6 KiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -

2.2 ctr 镜像操作完整命令

[console]# ctr images    #指令简写  `ctr i` 
NAME:  
   ctr images - manage images

USAGE:
   ctr images command [command options] [arguments...]

COMMANDS:
   check       check existing images to ensure all content is available locally
   export      export images
   import      import images
   list, ls    list images known to containerd
   mount       mount an image to a target path
   unmount     unmount the image from the target
   pull        pull an image from a remote
   push        push an image to a remote
   remove, rm  remove one or more images by reference
   tag         tag an image
   label       set and clear labels for an image
   convert     convert an image

2.3 ctr 容器管理

#容器创建与运行
[console]# ctr run -t -d docker.io/library/busybox:latest demo_lab /bin/sh

#查看容器列表
[console]# ctr c list
CONTAINER    IMAGE                               RUNTIME
demo_lab     docker.io/library/busybox:latest    io.containerd.runc.v2

#查看任务列表及状态
[console]# ctr t list
TASK        PID      STATUS
demo_lab    30806    RUNNING

# attach 进入容器
[console]#ctr t attach demo_lab
/ # ls
bin   dev   etc   home  proc  root  run   sys   tmp   usr   var
/ # ps
PID   USER     TIME  COMMAND
    1 root      0:00 /bin/sh
   16 root      0:00 ps

2.4 ctr 容器操作完整命令

[console]# ctr containers                #指令简写  `ctr c`
NAME:
   ctr containers - manage containers

USAGE:
   ctr containers command [command options] [arguments...]

COMMANDS:
   create           create container
   delete, del, rm  delete one or more existing containers
   info             get info about a container
   list, ls         list containers
   label            set and clear labels for a container
   checkpoint       checkpoint a container
   restore          restore a container from checkpoint

如果你有使用过 Docker 命令，那么 ctr 操作上基本没有什么太大的差别。注意在查容器运行状态和进入容器等操作时需要有 ctr task 的相关操作，大家可以自己多试试。Containerd 的使用不仅是 ctr 这个官方的 client 工具来使用的，更多是提供上层系统来集成调用如 k8s CRI 或 GRPC API 等，对于如何集成开发调用可以参考一下官方的快速指南文档内有使用代码样例。

~~ FINISH ~~