补充知识点
redhat 与 rocky 1:1兼容
redhat almalinux 二进制兼容 ---- 即包通用,但是内存编译方法不用
国产三大系统: 龙蜥 欧拉 麒麟
与 redhat的区别:redhat 8 --- 麒麟v1
redhat9 ---- 龙蜥 23.x
redhat 8.x ---- openeuler 22.x 龙蜥8.x
openeuler24.x 欧拉自己的分支
注意点:如何在 x86 安装arm系统 如何模拟
数据库:人大金仓 oceanbase polardb tidb 达梦 Gbase opengauss tdsql goldenDB
实验操作
安装contained
# 更换源
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list | grep containerd
yum -y install containerd.io
# 创建默认配置文件
mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/config.toml
# 修改 containerd的配置文件
sed -i "s#SystemdCgroup\ \=\ false#SystemdCgroup \=\ true#g" /etc/containerd/config.toml
cat /etc/containerd/config.toml | grep SystemdCgroup
sed -i "s#registry.k8s.io#registry.aliyuncs.com/google_containers#g" /etc/containerd/config.toml
cat /etc/containerd/config.toml | grep sandbox_image
sed -i "s#config_path\ \=\ \"\"#config_path\ \=\ \"/etc/containerd/certs.d\"#g" /etc/containerd/config.toml
cat /etc/containerd/config.toml | grep certs.d
mkdir -pv /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://docker.1panel.live"]
capabilities = ["pull","resolve"]
EOF
##上次的作业
mkdir containerd
mv cri-containerd-cni-1.7.21-linux-amd64.tar.gz containerd/
tar -zxvf cri-containerd-cni-1.7.21-linux-amd64.tar.gz
cp -p /root/containerd/usr/local/bin/* /usr/local/bin/
cp -p /root/containerd/etc/systemd/system/containerd.service /usr/lib/systemd/system/
chmod +x /usr/lib/systemd/system/containerd.service
生成配置文件
创建配置文件目录
mkdir /etc/containerd
生成配置文件
containerd config default > /etc/containerd/config.toml
## containerd config default > /etc/containerd/config.toml命令创建一份模块配置文件
查看配置文件
cat /etc/containerd/config.toml
备份默认配置文件
cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
修改配置文件
vim /etc/containerd/config.toml
--------------
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = -999
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[plugins]
[plugins.cgroups]
no_prometheus = false
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_selinux = false
sandbox_image = "easzlab/pause-amd64:3.2" #配置了沙箱镜像
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
[plugins.cri.containerd]
snapshotter = "overlayfs"
no_pivot = false
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.cni]
bin_dir = "/opt/kube/bin"
conf_dir = "/etc/cni/net.d"
conf_template = "/etc/cni/net.d/10-default.conf"
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"] #endpoint表示配置镜像地址
endpoint = [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
]
[plugins.cri.registry.mirrors."gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."k8s.gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn/google-containers/"
]
[plugins.cri.registry.mirrors."quay.io"]
endpoint = [
"https://quay.mirrors.ustc.edu.cn"
]
[plugins.cri.x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins.diff-service]
default = ["walking"]
[plugins.linux]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins.opt]
path = "/opt/containerd"
[plugins.restart]
interval = "10s"
[plugins.scheduler]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
--------------
#验证是否安装
rpm -qa | grep containerd
开机启动
systemctl enable containerd
systemctl start containerd
# 查看运行状态
systemctl is-active containerd
查看版本
ctr version
ctr --help
查看镜像、下载镜像
ctr images ls
ctr images check
# 下载镜像不一定下的下来 ps;--platform 是带平台的意思
ctr images pull --platform linux/amd64 docker.io/library/nginx:alpine
# 下载不了 就开启clash
## 可以在service 文件中增加以下 vim /etc/systemd/system/containerd.service
Environment="HTTP_PROXY=http://127.0.0.1:7890"
Environment="HTTPS_PROXY=http://127.0.0.1:7890"
Environment="NO_PROXY=localhost,127.0.0.1,containerd"
ctr images ls
# 查看镜像,你会发现很长很长的一列,一般是用ctr下载 用crictl 去看镜像
# 因为 crictl pull nginx 是不具备武功的
# 这个时候你可以选择集成crictl
/etc/crictl.yaml 中写入
集成 crictl
挂载
ctr images mount docker.io/library/nginx:alpine /mnt
umount /mnt
下载全平台的某个镜像
ctr images pull --all-platforms docker.io/library/nginx:alpine
## 有几个平台
linux/amd64
linux/arm/v6
linux/arm/v7
linxu/arm64/v8
linux/386
linux/ppc64le
linux/s390x
导出、导入
ctr images export --all-platforms nginx-alpine.img docker.io/library/nginx:alpine
ctr images import
删除
ctr images rm docker.io/library/nginx:1.14
打标记
ctr images tag docker.io/library/nginx:alpine nginx:alpine
查看命令
# 查看容器
ctr container ls = ctr c ls
# 查看任务
ctr task ls = ctr t ls
创建静态容器
ctr c create docker.io/library/nginx:alpine nginx1
# 查看详细信息
ctr container info nginx1
创建动态容器
ctr task start -d nginx1
系统的区别
# 如果是centos7的系统 就要去拷贝runc
如果是8的rock 或者almalinux 就不用动
cat /etc/redhat-release
进入容器操作
ctr -n default task exec --exec-id $RANDOM -t nginx1 sh
# 这个也是自嗨模式 没有网络的
# containerd和docker 不一样的地方在与containerd有命名空间
# 创建一个动态的容器 和宿主机公用一个网络
ctr run -d --net-host docker.io/library/nginx:alpine nginx2
# 可以看到containerd的容器运行时就是runc
docker 的就是 containerd
#底层运行时不一样,其实本质核心是 内核不一样
拓展docker和containerd
我们查看docker的容器,会发现docker其实也在containerd的命名空间下
# 如何集成containerd docker?后面扩展
暂停容器、恢复容器
ctr tasks pause nginx1
crt tasks resume nginx1
删除容器
# 先停止容器
ctr tasks kill nginx1
ctr tasks delete nginx1
## 先停止tasks再删除c --- 静态
pause -- delete
# 或者 直接删除容器
ctr tasks puase nginx1
ctr c rm nginx1
与harbor的集成