本节内容:
整体结构
安装
镜像管理、容器管理
常用命令实践
containerd官网:https://containerd.io/。
基于工业标准。2019年2月28日在CNCF毕业。
守护进程,在windows和Linux都能正常运行。
负责管理容器的完整的生命周期、镜像的传输和存储、容器的执行。
更多信息内容参考官网。
架构如下:
注意:以后所有的虚拟机配置都必须先参考:
此台虚拟机的前置设置内容(学习务必一致):
hostname docker-containerd
hostnamectl set-hostname docker-containerd
[root@XX network-scripts]# pwd
/etc/sysconfig/network-scripts
#IP后缀都改成11
[root@XX network-scripts]# vim ifcfg-ens33
[root@XX network-scripts]# vim ifcfg-ens37
[root@XX network-scripts]# systemctl restart network
vim /etc/hosts
127.0.0.1 localhost
172.16.1.11 docker-containerd
安装containerd
[root@docker-containerd ~]# mkdir containerd
[root@docker-containerd ~]# cd containerd
[root@docker-containerd containerd]# wget https://github.com/containerd/containerd/releases/download/v1.4.3/cri-containerd-cni-1.4.3-linux-amd64.tar.gz
[root@docker-containerd containerd]# tar -zxf cri-containerd-cni-1.4.3-linux-amd64.tar.gz
[root@docker-containerd containerd]# ll
total 96868
-rw-r--r-- 1 root root 99176835 Dec 1 2020 cri-containerd-cni-1.4.3-linux-amd64.tar.gz
drwxr-xr-x 4 root root 4096 Dec 1 2020 etc
drwxr-xr-x 4 root root 4096 Dec 1 2020 opt
drwxr-xr-x 3 root root 4096 Dec 1 2020 usr
[root@docker-containerd containerd]# find . -type f
#下面这俩目录和文件是不需要的,要删掉
[root@docker-containerd containerd]# rm -rf opt/
[root@docker-containerd containerd]# find . -type f
[root@docker-containerd containerd]# rm -rf ./etc/cni
[root@docker-containerd containerd]# find . -type f
./usr/local/bin/crictl
./usr/local/bin/containerd-shim-runc-v2
./usr/local/bin/containerd-shim
./usr/local/bin/containerd
./usr/local/bin/critest
./usr/local/bin/ctr
./usr/local/bin/containerd-shim-runc-v1
./usr/local/sbin/runc
./cri-containerd-cni-1.4.3-linux-amd64.tar.gz
#crictl命令的配置文件
./etc/crictl.yaml
#containerd的服务文件
./etc/systemd/system/containerd.service
[root@docker-containerd containerd]# cp -r usr/ /
#这里最好都加软链接
[root@docker-containerd containerd]# cp -r etc/ /
#可以看下containerd的服务配置
[root@docker-containerd containerd]# vim /etc/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
#这是刚才拷贝过去的usr目录的命令
ExecStart=/usr/local/bin/containerd
[root@docker-containerd containerd]# ll /etc/|grep containerd
[root@docker-containerd containerd]# containerd -h
#可以看到containerd的一些公共信息
VERSION:
v1.4.3
#containerd默认是有配置文件的
[root@docker-containerd containerd]# containerd config default
#当然containerd也可以自己生成一个配置文件,生成到默认的读取位置。
[root@docker-containerd containerd]# mkdir -p /etc/containerd
[root@docker-containerd containerd]# containerd config default > /etc/containerd/config.toml
[root@docker-containerd containerd]# vim /etc/containerd/config.toml
#如果是docker,那么是/var/lib/docker。这个目录修改为磁盘空间比较充足的位置,软链接也可以。
root = "/var/lib/containerd"
#这里从0改为比较小的值,系统内存不足的时候更不容易被杀掉,毕竟是守护进程,更不应该容易被杀掉。
oom_score = -999
#其他配置暂不关注,一下学习太多细节的东西,学习没好处,不好消化。
[root@docker-containerd containerd]# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /etc/systemd/system/containerd.service.
[root@docker-containerd containerd]# systemctl status containerd
? containerd.service - containerd container runtime
Loaded: loaded (/etc/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: https://containerd.io
#ctr可以看做是直接照着containerd的API设计的客户端工具
[root@docker-containerd containerd]# ctr -h
#可以看到containerd的一些公共信息
VERSION:
v1.4.3
[root@docker-containerd containerd]# ctr i -h
#查看镜像列表,先启动containerd再运行
[root@docker-containerd containerd]# ctr i ls
ctr: failed to dial "/run/containerd/containerd.sock": context deadline exceeded
[root@docker-containerd containerd]# systemctl restart containerd
[root@docker-containerd containerd]# systemctl status containerd
#下面可以做下containerd的练习
#containerd自带的命令ctr
#看containerd的一些功能
[root@docker-containerd containerd]# ctr -h
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.4.3
COMMANDS:
#以下是比较重要的
version print the client and server versions
#管理容器
containers, c, container manage containers
#管理镜像
images, image, i manage images
#命名空间
namespaces, namespace, ns manage namespaces
#启动容器
run run a container
#任务
tasks, t, task manage tasks
[root@docker-containerd containerd]# ctr i -h
[root@docker-containerd containerd]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
#这样无法解析地址,不是合法地址,如果是docker,那么在前面会默认加上地址
[root@docker-containerd containerd]# ctr i pull redis:alpine
ctr: failed to resolve reference "redis:alpine": parse "dummy://redis:alpine": invalid port ":alpine" after host
#在使用containerd时,一定要把地址写全。
[root@docker-containerd containerd]# ctr i pull docker.io/library/redis:alpine
#可以看到下载的镜像
[root@docker-containerd containerd]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/redis:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:40b02b7a48829317e973114d07968d28eaaf75ec6b80ddef20f3999238aad7c8 11.3 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
#命名空间
[root@docker-containerd containerd]# ctr ns -h
[root@docker-containerd containerd]# ctr ns ls
NAME LABELS
#一个默认的命名空间default
default
[root@docker-containerd containerd]# ll /var/lib/containerd/
total 32
drwxr-xr-x 4 root root 4096 Dec 14 14:06 io.containerd.content.v1.content
drwx--x--x 2 root root 4096 Dec 14 14:04 io.containerd.metadata.v1.bolt
drwx--x--x 2 root root 4096 Dec 14 14:04 io.containerd.runtime.v1.linux
drwx--x--x 2 root root 4096 Dec 14 14:04 io.containerd.runtime.v2.task
drwxr-xr-x 2 root root 4096 Dec 14 14:04 io.containerd.snapshotter.v1.btrfs
drwx------ 3 root root 4096 Dec 14 14:04 io.containerd.snapshotter.v1.native
drwx------ 3 root root 4096 Dec 14 14:06 io.containerd.snapshotter.v1.overlayfs
drwx------ 2 root root 4096 Dec 14 14:06 tmpmounts
安装docker
[root@docker-containerd containerd]# uname -r
#返回值大于3.10
3.10.0-1160.el7.x86_64
#参考安装docker步骤
http://www.imooc.com/article/16448
[root@docker-containerd containerd]# cat docker.sh
------------卸载旧版本
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
------------安装需要的软件包
#yum-util提供yum-config-manager功能
#另外两个是devicemapper驱动依赖的
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
------------设置yum源
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
------------安装最新版本。作者安装的好的是:docker-ce.x86_64 3:20.10.2-3.el7
yum install -y docker-ce
[root@docker-containerd containerd]# chmod +x docker.sh
[root@docker-containerd containerd]# /bin/sh docker.sh
#我这里安装好的版本是
Installed:
docker-ce.x86_64 3:20.10.21-3.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7
container-selinux.noarch 2:2.119.2-1.911c772.el7_8 containerd.io.x86_64 0:1.6.9-3.1.el7
docker-ce-cli.x86_64 1:20.10.21-3.el7 docker-ce-rootless-extras.x86_64 0:20.10.21-3.el7
docker-scan-plugin.x86_64 0:0.21.0-3.el7 fuse-overlayfs.x86_64 0:0.7.2-6.el7_8
fuse3-libs.x86_64 0:3.6.1-4.el7 libcgroup.x86_64 0:0.41-21.el7
libseccomp.x86_64 0:2.3.1-4.el7 libsemanage-python.x86_64 0:2.5-14.el7
policycoreutils-python.x86_64 0:2.5-34.el7 python-IPy.noarch 0:0.75-6.el7
setools-libs.x86_64 0:3.3.8-4.el7 slirp4netns.x86_64 0:0.4.3-4.el7_8
------------另外附上安装指定docker-ce版本的方式
#查询版本列表
$ yum list docker-ce --showduplicates | sort -r
#发现这个命令只有安装完docker后才有下述可安装列表
已加载插件:fastestmirror, langpacks
已安装的软件包
可安装的软件包
* updates: mirrors.163.com
Loading mirror speeds from cached hostfile
* extras: mirrors.163.com
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
...
#指定版本安装(这里的例子是安装上面列表中的第二个)
$ yum install -y docker-ce-17.09.0.ce
------------
#操作docker
[root@docker-containerd containerd]# systemctl status docker
? docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: https://docs.docker.com
[root@docker-containerd containerd]# systemctl start docker
Active: active (running) since Tue 2021-12-14 14:25:26 CST; 1s ago
[root@docker-containerd containerd]# systemctl status docker
[root@docker-containerd containerd]# ll /var/lib/docker/
total 44
drwx--x--x 4 root root 4096 Dec 14 14:25 buildkit
drwx--x--- 2 root root 4096 Dec 14 14:25 containers
drwx------ 3 root root 4096 Dec 14 14:25 image
drwxr-x--- 3 root root 4096 Dec 14 14:25 network
drwx--x--- 3 root root 4096 Dec 14 14:25 overlay2
drwx------ 4 root root 4096 Dec 14 14:25 plugins
drwx------ 2 root root 4096 Dec 14 14:25 runtimes
drwx------ 2 root root 4096 Dec 14 14:25 swarm
drwx------ 2 root root 4096 Dec 14 14:25 tmp
drwx------ 2 root root 4096 Dec 14 14:25 trust
drwx-----x 2 root root 4096 Dec 14 14:25 volumes
[root@docker-containerd containerd]# docker version
Client: Docker Engine - Community
Version: 20.10.21
API version: 1.41
Go version: go1.18.7
Git commit: baeda1f
Built: Tue Oct 25 18:04:24 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.21
API version: 1.41 (minimum version 1.12)
Go version: go1.18.7
Git commit: 3056208
Built: Tue Oct 25 18:02:38 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.3
GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b
runc:
Version: 1.0.0-rc92
GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@docker-containerd containerd]# docker pull redis:alpine
alpine: Pulling from library/redis
213ec9aee27d: Pull complete
fb541f77610a: Pull complete
dc2e3041aaa5: Pull complete
aadae582a31f: Pull complete
996b5def1876: Pull complete
bed3be2507e6: Pull complete
Digest: sha256:40b02b7a48829317e973114d07968d28eaaf75ec6b80ddef20f3999238aad7c8
Status: Downloaded newer image for redis:alpine
docker.io/library/redis:alpine
[root@docker-containerd containerd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis alpine d29f18e8bc92 3 weeks ago 28.4MB
验证镜像存储目录不同
#Containerd有命名空间、查看镜像、容器的方式。如果系统里还有个docker,Docker pull下载之后,containerd的default命名空间中是否可以看到?
[root@docker-containerd containerd]# ctr ns ls
NAME LABELS
default
#如果未显示containerd的default命名空间,那么就拉取一个镜像.
#这个时候未显示docker的moby命名空间,那么就拉取一个镜像.
#containerd已经下载过redis了,docker又下载了一遍,说明它俩存储的目录并不是一样的,它俩的目录并不是共享的
[root@docker-containerd containerd]# ctr ns ls
NAME LABELS
default
moby
#显示docker的moby命名空间.当卸载了docker后,moby命名空间如何删除?
#这里使用K8S的话,会生成K8S.IO的命名空间,并且只使用 K8S.IO 的命名空间。
#核实containerd默认命名空间default下的镜像
[root@docker-containerd containerd]# ctr -n default i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/redis:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:40b02b7a48829317e973114d07968d28eaaf75ec6b80ddef20f3999238aad7c8 11.3 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
#通过containerd查看docker命名空间moby下载的镜像是空的。
[root@docker-containerd containerd]# ctr -n moby i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
#用docker下载redis,还需要重新下载,说明存储的目录不同,和containerd的底层存储目录并不是共享的。
[root@docker-containerd containerd]# ll /var/lib/containerd/
[root@docker-containerd containerd]# ll /var/lib/docker/
#查看存储目录大小
[root@docker-containerd containerd]# du -sh /var/lib/containerd
45M /var/lib/containerd
[root@docker-containerd containerd]# du -sm /var/lib/containerd
45 /var/lib/containerd
[root@docker-containerd containerd]# du -sh /var/lib/docker/
35M /var/lib/docker/
[root@docker-containerd containerd]# du -sm /var/lib/docker/
35 /var/lib/docker/
共享镜像存储目录
[root@docker-containerd containerd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis alpine 3900abf41552 2 weeks ago 32.4MB
#使用阿里云镜像中心,创建个人镜像,创建命名空间。
#登录阿里云镜像库
[root@docker-containerd containerd]# docker login --username=XX registry.cn-beijing.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#一种比较优雅的方式,给仓库打tag
[root@docker-containerd containerd]# docker tag redis:alpine registry.cn-beijing.aliyuncs.com/yazong/redis:alpine
#推送给仓库
[root@docker-containerd containerd]# docker push registry.cn-beijing.aliyuncs.com/yazong/redis:alpine
The push refers to repository [registry.cn-beijing.aliyuncs.com/yazong/redis]
1cabea1f4937: Pushed
799b2ec874e0: Pushed
9ab3e89e2c97: Pushed
566910633016: Pushed
6dbd9594c43d: Pushed
994393dc58e7: Pushed
alpine: digest: sha256:f0d4e9e7a59a94e096e22b825545d8dc1a04f501a9fff9dbb25c9d15dad19d16 size: 1571
[root@docker-containerd containerd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-beijing.aliyuncs.com/yazong/redis alpine d29f18e8bc92 3 weeks ago 28.4MB
redis alpine d29f18e8bc92 3 weeks ago 28.4MB
#核实阿里云个人镜像仓库是否推送上去yazong/redis:alpine
#测试ctr拉取docker推送到阿里云仓库的镜像
[root@docker-containerd containerd]# ctr i pull registry.cn-beijing.aliyuncs.com/yazong/redis:alpine
registry.cn-beijing.aliyuncs.com/yazong/redis:alpine: resolving |--------------------------------------|
elapsed: 0.4 s total: 0.0 B (0.0 B/s)
#发现这个问题,其实应该考虑的是阿里云镜像的权限问题,而不是其他的情况,因为此时你并没有操作过别的权限内容。
ctr: failed to resolve reference "registry.cn-beijing.aliyuncs.com/yazong/redis:alpine": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
#修改镜像权限为公开,而不是修改命名空间为公开!
#说明containerd和docker的镜像是可以通用的
[root@docker-containerd containerd]# ctr i pull registry.cn-beijing.aliyuncs.com/yazong/redis:alpine
registry.cn-beijing.aliyuncs.com/yazong/redis:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:f0d4e9e7a59a94e096e22b825545d8dc1a04f501a9fff9dbb25c9d15dad19d16: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:bed3be2507e6c47aa154ced68ba7f7d2f8f455ac36d73a898af748663ebbe42f: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:d29f18e8bc92c5bd50db90a1dd37d8c62bb26220088ae9d97b4b07691f4e5641: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:213ec9aee27d8be045c6a92b7eac22c9a64b44558193775a1a7f626352392b49: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:fb541f77610a7550755893b11853752742e9b173e4e9967f4db6b02c2e51ce4a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:dc2e3041aaa57579fe87bf26fbb56fcf7aef49b3f5a0e0ee37eab519855dd37e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:aadae582a31f5fd67d2286cecf95c4045d2c9828c73dd7ffe8a866d7df916cff: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:996b5def187670b227d8b6c6081c0d35a03d4d95bbfd96c005fa9fd9204b97af: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.5 s total: 0.0 B (0.0 B/s)
unpacking linux/amd64 sha256:f0d4e9e7a59a94e096e22b825545d8dc1a04f501a9fff9dbb25c9d15dad19d16...
done
#ctr拉取docker的镜像到ctr的命名空间存储目录中
[root@docker-containerd containerd]# ctr -n default i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/redis:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:40b02b7a48829317e973114d07968d28eaaf75ec6b80ddef20f3999238aad7c8 11.3 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
registry.cn-beijing.aliyuncs.com/yazong/redis:alpine application/vnd.docker.distribution.manifest.v2+json sha256:f0d4e9e7a59a94e096e22b825545d8dc1a04f501a9fff9dbb25c9d15dad19d16 11.3 MiB linux/amd64
#容器管理:启动redis容器,镜像名,最后的redis名称是自己起的标识
[root@docker-containerd containerd]# ctr run -t -d registry.cn-beijing.aliyuncs.com/yazong/redis:alpine redis
#启动redis容器后的运行状态
[root@docker-containerd containerd]# ctr c ls
CONTAINER IMAGE RUNTIME
#启动的是containerd的runc的v2版本
redis registry.cn-beijing.aliyuncs.com/yazong/redis:alpine io.containerd.runc.v2
#containerd还有一个任务的概念,task,启动redis容器后的任务状态
[root@docker-containerd containerd]# ctr t ls
TASK PID STATUS
#redis这个进程的运行状态
redis 5018 RUNNING
#查看进程
[root@docker-containerd containerd]# ps -ef|grep redis
root 4999 1 0 22:58 ? 00:00:00 /usr/local/bin/containerd-shim-runc-v2 -namespace default -id redis -address /run/containerd/containerd.sock
polkitd 5018 4999 0 22:58 pts/0 00:00:01 redis-server *:6379
root 5073 1468 0 23:09 pts/0 00:00:00 grep --color=auto redis
#必须先停任务,再删任务.
[root@docker-containerd containerd]# ctr t rm redis
ERRO[0000] unable to delete redis error="task must be stopped before deletion: running: failed precondition"
ctr: task must be stopped before deletion: running: failed precondition
#杀掉任务
[root@docker-containerd containerd]# ctr t kill redis
[root@docker-containerd containerd]# ctr t ls
TASK PID STATUS
redis 5018 STOPPED
[root@docker-containerd containerd]# ps -ef|grep redis
root 4999 1 0 22:58 ? 00:00:00 /usr/local/bin/containerd-shim-runc-v2 -namespace default -id redis -address /run/containerd/containerd.sock
root 5096 1468 0 23:10 pts/0 00:00:00 grep --color=auto redis
#删除任务
[root@docker-containerd containerd]# ctr t rm redis
#只有删除任务后才不显示任务列表
[root@docker-containerd containerd]# ctr t ls
TASK PID STATUS
[root@docker-containerd containerd]# ps -ef|grep redis
root 5119 1468 0 23:14 pts/0 00:00:00 grep --color=auto redis
#任务不在了,但是容器依然会存在,这里的容器是指刚启动的容器,而不是镜像.
[root@docker-containerd containerd]# ctr c ls
CONTAINER IMAGE RUNTIME
redis registry.cn-beijing.aliyuncs.com/yazong/redis:alpine io.containerd.runc.v2
#删除容器
[root@docker-containerd containerd]# ctr c rm redis
[root@docker-containerd containerd]# ctr c ls
CONTAINER IMAGE RUNTIME
容器关系
#考虑一下containerd中的容器和docker中的容器是什么关系
[root@docker-containerd containerd]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#运行docker容器的redis,加d后台运行
[root@docker-containerd containerd]# docker run -idt redis:alpine
ad89695bea6057258e6b545c4b65285aa2c676ed93966169ee87461af84579c7
[root@docker-containerd containerd]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad89695bea60 redis:alpine "docker-entrypoint.s…" 2 seconds ago Up 1 second 6379/tcp serene_hermann
#看一下docker启动的这个容器跟containerd的关系
#查看docker容器的命名空间default下的task任务
[root@docker-containerd containerd]# ctr -n moby t ls
TASK PID STATUS
#对应上面ad89695bea60
ad89695bea6057258e6b545c4b65285aa2c676ed93966169ee87461af84579c7 5203 RUNNING
#这里可以说明docker和containerd的本质区别:只是命名空间的不同!
#这里如果使用K8S的话,会生成K8S.IO的命名空间,并且只使用 K8S.IO 的命名空间。
#不是看containerd容器的默认命名空间default下的task任务
[root@docker-containerd containerd]# ctr -n default t ls
TASK PID STATUS
K8S的crictl命令(二进制)
#用cri命令有点不太顺手,K8S提供了一个工具
#查看镜像
[root@docker-containerd containerd]# crictl images
IMAGE TAG IMAGE ID SIZE
#查看容器
[root@docker-containerd containerd]# crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
#查看PODS,这是docker所不具备的。
[root@docker-containerd containerd]# crictl pods
POD ID CREATED STATE NAME NAMESPACE ATTEMPT RUNTIME
#上述都是空,没有容器,没有镜像,没有POD,因为这里连K8S.IO的命名空间都没有,而crictl是为K8S而生的,命令格式大部分与docker相同。
#可以在K8S的node节点上去使用这个工具。类似于替代docker。
#其中的命令基本上和docker是相通的,减少了命令切换到学习成本。K8S的操作大都使用这个命令。
[root@docker-containerd containerd]# crictl -h|less
[root@docker-containerd containerd]# which crictl
/usr/local/bin/crictl
小总结
ctr是containerd自带的客户端工具,可以对各种命名空间进行操作,几乎是照着containerd的API设计的客户端工具。
Docker底层仅使用containerd的moby的命名空间,但这个使用仅限用容器而没有镜像,因为镜像存储的是不同的目录,完全是物理隔离的。
crictl是K8S的专用命名,用了containerd的k8s.io这个命名空间去处理其容器和镜像。
命名空间(namespace)-->任务(task)-->镜像(image)
| 命令 | 命名空间(namespace) | 任务(task) | 镜像(image) |
|---|---|---|---|
| ctr | default | ctr -n default t ls | ctr i ls |
| ctr | moby | ctr -n moby t ls | ctr i ls |
| docker | moby | docker ps | docker images |
[root@docker-containerd containerd]# ctr -n default t ls
TASK PID STATUS
[root@docker-containerd containerd]# ctr -n moby t ls
TASK PID STATUS
ad89695bea6057258e6b545c4b65285aa2c676ed93966169ee87461af84579c7 5203 RUNNING
[root@docker-containerd containerd]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/redis:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:40b02b7a48829317e973114d07968d28eaaf75ec6b80ddef20f3999238aad7c8 11.3 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
registry.cn-beijing.aliyuncs.com/yazong/redis:alpine application/vnd.docker.distribution.manifest.v2+json sha256:f0d4e9e7a59a94e096e22b825545d8dc1a04f501a9fff9dbb25c9d15dad19d16 11.3 MiB linux/amd64 -
[root@docker-containerd containerd]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ad89695bea60 redis:alpine "docker-entrypoint.s…" 59 minutes ago Up 59 minutes 6379/tcp serene_hermann
[root@docker-containerd containerd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis alpine d29f18e8bc92 3 weeks ago 28.4MB
registry.cn-beijing.aliyuncs.com/yazong/redis alpine d29f18e8bc92 3 weeks ago 28.4MB
标题:Kubernetes(三)(3.2容器运行时)Containerd全面上手实践
作者:yazong
地址:https://blog.llyweb.com/articles/2022/10/29/1666974476226.html