【实验环境】

1
2
root@ubuntu22-231:~# cat /etc/issue
Ubuntu 22.04.2 LTS \n \l

【实验步骤】

1、准备 containerd 二进制文件与 service 文件

下载地址:https://github.com/containerd/containerd/releases/download/v1.7.10/containerd-1.7.10-linux-amd64.tar.gz

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# 准备好文件
root@ubuntu22-231:~# ls 
containerd-1.7.2-linux-amd64.tar.gz

# 解压缩到指定目录
root@ubuntu22-231:~# tar xvf containerd-1.7.2-linux-amd64.tar.gz -C /usr/local/src/
root@ubuntu22-231:~# cp -a /usr/local/src/bin/* /usr/local/bin/

root@ubuntu22-231:~# containerd -v
containerd github.com/containerd/containerd v1.7.2 0cae528dd6cb557f7201036e9f43420650207b58

# 创建 service 启动文件
root@ubuntu22-231:~# vim /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

2、准备配置文件并修改相关参数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 生成默认的配置文件
root@ubuntu22-231:~# mkdir /etc/containerd
root@ubuntu22-231:~# containerd config default > /etc/containerd/config.toml

# 修改相关参数
## 使用国内的基础镜像
65     sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
···
## 当访问docker.io这个域名的时候,使用 endpoint 中的镜像地址进行加速访问
168       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
169         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
170           endpoint = ["https://frncu3gx.mirror.aliyuncs.com"]

# 启动服务
root@ubuntu22-231:~# systemctl enable --now containerd.service 
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
root@ubuntu22-231:~# systemctl status containerd.service 
● containerd.service - containerd container runtime
     Loaded: loaded (/lib/systemd/system/containerd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-12-06 08:27:35 UTC; 8s ago
       Docs: https://containerd.io
    Process: 1437 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
   Main PID: 1440 (containerd)
      Tasks: 8
     Memory: 13.9M
        CPU: 96ms
     CGroup: /system.slice/containerd.service
             └─1440 /usr/local/bin/containerd

3、部署 runc

runc 下载地址:https://github.com/opencontainers/runc/releases/download/v1.1.8/runc.amd64

1
2
3
4
5
6
7
8
9
10
11
root@ubuntu22-231:~# ls
containerd-1.7.2-linux-amd64.tar.gz  runc.amd64

root@ubuntu22-231:~# chmod +x runc.amd64 
root@ubuntu22-231:~# mv runc.amd64 /usr/bin/runc
root@ubuntu22-231:~# runc -v
runc version 1.1.8
commit: v1.1.8-0-g82f18fe0
spec: 1.0.2-dev
go: go1.20.3
libseccomp: 2.5.4

4、安装 CNI 组件

下载地址:https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz

1
2
3
4
5
6
root@ubuntu22-231:~# ls
cni-plugins-linux-amd64-v1.3.0.tgz

# 插件的存放路径,此路径为 containerd 的配置文件中指定,可修改存放到其它路径
root@ubuntu22-231:~# mkdir -p /opt/cni/bin
root@ubuntu22-231:~# tar xvf cni-plugins-linux-amd64-v1.3.0.tgz -C /opt/cni/bin/

5、配置 nerdctl 工具来管理容器

下载地址:https://github.com/containerd/nerdctl/releases/download/v1.4.0/nerdctl-1.4.0-linux-amd64.tar.gz

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
root@ubuntu22-231:~# ls
cni-plugins-linux-amd64-v1.3.0.tgz  containerd-1.7.2-linux-amd64.tar.gz  nerdctl-1.4.0-linux-amd64.tar.gz

root@ubuntu22-231:~# tar xvf nerdctl-1.4.0-linux-amd64.tar.gz -C /usr/local/bin/
root@ubuntu22-231:~# nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH 
Client:
 Version:	v1.4.0
 OS/Arch:	linux/amd64
 Git commit:	7e8114a82da342cdbec9a518c5c6a1cce58105e9
 buildctl:
  Version:	

Server:
 containerd:
  Version:	v1.7.2
  GitCommit:	0cae528dd6cb557f7201036e9f43420650207b58
 runc:
  Version:	1.1.8
  GitCommit:	v1.1.8-0-g82f18fe0

root@ubuntu22-231:~# mkdir /etc/nerdctl
root@ubuntu22-231:~# cat >> /etc/nerdctl/nerdctl.toml << EOF
> namespace = "k8s.io"
> debug = false
> debug_full = false
> insecure_registry = true
> EOF