参考:https://github.com/kata-containers/documentation/blob/master/how-to/containerd-kata.md
前提条件 已安装kata container及containerd with CRI plugin
1 2 3 4 5 6 7 8 9 10 root@ubuntu-001:~# kata-runtime --version kata-runtime : 1.13.0-alpha0 commit : <<unknown>> OCI specs: 1.0.1-dev root@ubuntu-001:~# containerd --version containerd containerd.io 1.4.3 269548fa27e0089a8b8278fc4fc781d7f65a939b root@ubuntu-001:~# ctr --version ctr containerd.io 1.4.3
注意:
containerd在安装docker(新版本docker)已经作为docker依赖项安装了
ctr是containerd的命令行工具(containerd CLI)
cri is a native plugin of containerd 1.1 and above. It is built into containerd and enabled by default. You do not need to install cri if you have containerd 1.1 or above. Just remove the cri plugin from the list of disabled_plugins in the containerd configuration file (/etc/containerd/config.toml).
配置containerd配置文件 1、获取containerd默认配置
1 root@ubuntu-001:~# containerd config default > /etc/containerd/config.toml
2、修改/etc/containerd/config.toml,增加kata配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 root@ubuntu-001:~# cat /etc/containerd/config.toml version = 2 root = "/var/lib/containerd" state = "/run/containerd" plugin_dir = "" disabled_plugins = [] required_plugins = [] oom_score = 0 [grpc] address = "/run/containerd/containerd.sock" tcp_address = "" tcp_tls_cert = "" tcp_tls_key = "" uid = 0 gid = 0 max_recv_message_size = 16777216 max_send_message_size = 16777216 [ttrpc] address = "" uid = 0 gid = 0 [debug] address = "" uid = 0 gid = 0 level = "" [metrics] address = "" grpc_histogram = false [cgroup] path = "" [timeouts] "io.containerd.timeout.shim.cleanup" = "5s" "io.containerd.timeout.shim.load" = "5s" "io.containerd.timeout.shim.shutdown" = "3s" "io.containerd.timeout.task.state" = "2s" [plugins] [plugins."io.containerd.gc.v1.scheduler"] pause_threshold = 0.02 deletion_threshold = 0 mutation_threshold = 100 schedule_delay = "0s" startup_delay = "100ms" [plugins."io.containerd.grpc.v1.cri"] disable_tcp_service = true stream_server_address = "127.0.0.1" stream_server_port = "0" stream_idle_timeout = "4h0m0s" enable_selinux = false selinux_category_range = 1024 sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2" stats_collect_period = 10 systemd_cgroup = false enable_tls_streaming = false max_container_log_line_size = 16384 disable_cgroup = false disable_apparmor = false restrict_oom_score_adj = false max_concurrent_downloads = 3 disable_proc_mount = false unset_seccomp_profile = "" tolerate_missing_hugetlb_controller = true disable_hugetlb_controller = true ignore_image_defined_volumes = false [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" default_runtime_name = "runc" no_pivot = false disable_snapshot_annotations = true discard_unpacked_layers = false [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata] runtime_type = "io.containerd.kata.v2" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata.options] [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" max_conf_num = 1 conf_template = "" [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] [plugins."io.containerd.grpc.v1.cri".image_decryption] key_model = "" [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] tls_cert_file = "" tls_key_file = "" [plugins."io.containerd.internal.v1.opt"] path = "/opt/containerd" [plugins."io.containerd.internal.v1.restart"] interval = "10s" [plugins."io.containerd.metadata.v1.bolt"] content_sharing_policy = "shared" [plugins."io.containerd.monitor.v1.cgroups"] no_prometheus = false [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "runc" runtime_root = "" no_shim = false shim_debug = false [plugins."io.containerd.runtime.v2.task"] platforms = ["linux/amd64"] [plugins."io.containerd.service.v1.diff-service"] default = ["walking"] [plugins."io.containerd.snapshotter.v1.devmapper"] root_path = "" pool_name = "" base_image_size = "" async_remove = false
对于配置文件的说明,详细见:https://github.com/containerd/cri/blob/master/docs/config.md
重启containerd服务 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 root@ubuntu-001:~# systemctl restart containerd.service root@ubuntu-001:~# systemctl status containerd.service ● containerd.service - containerd container runtime Loaded: loaded (/lib/systemd/system/containerd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-02-07 14:47:19 CST; 7s ago Docs: https://containerd.io Process: 49492 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS) Main PID: 49495 (containerd) Tasks: 12 CGroup: /system.slice/containerd.service └─49495 /usr/bin/containerd Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.601885424+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.602030656+08:00" level=info msg=serving... address=/run/containerd/containerd.sock Feb 07 14:47:19 ubuntu-001 systemd[1]: Started containerd container runtime. Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.603347612+08:00" level=info msg="containerd successfully booted in 0.038926s" Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.620111786+08:00" level=info msg="Start subscribing containerd event" Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.620341044+08:00" level=info msg="Start recovering state" Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.647143755+08:00" level=info msg="Start event monitor" Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.647352452+08:00" level=info msg="Start snapshots syncer" Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.647463902+08:00" level=info msg="Start cni network conf syncer" Feb 07 14:47:19 ubuntu-001 containerd[49495]: time="2021-02-07T14:47:19.647544196+08:00" level=info msg="Start streaming server"
配置cri的命令行(crictl)配置 1 2 3 4 5 6 7 8 9 10 11 root@ubuntu-001:~# cat /etc/crictl.yaml runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 10 debug: false root@ubuntu-001:~# crictl version Version: 0.1.0 RuntimeName: containerd RuntimeVersion: 1.4.3 RuntimeApiVersion: v1alpha2
使用containerd运行容器 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 pull镜像 root@ubuntu-001:~# ctr image pull docker.io/library/busybox:latest docker.io/library/busybox:latest: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:e1488cb900233d035575f0a7787448cb1fa93bed0ccc0d4efc1963d7d72a8f17: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:56853b711255f4a0bc7c44d2158167f03f64ef75a22a0249a9fae4703ec10f61: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:4c892f00285e3ea7b8a08a03d04df2bc021a11fe838aa23d8e4ed17081ea3c18: done |++++++++++++++++++++++++++++++++++++++| config-sha256:22667f53682a2920948d19c7133ab1c9c3f745805c14125859d20cede07f11f9: done |++++++++++++++++++++++++++++++++++++++| elapsed: 12.7s total: 4.0 Ki (319.0 B/s) unpacking linux/amd64 sha256:e1488cb900233d035575f0a7787448cb1fa93bed0ccc0d4efc1963d7d72a8f17... done 查询镜像 root@ubuntu-001:~# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/busybox:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:e1488cb900233d035575f0a7787448cb1fa93bed0ccc0d4efc1963d7d72a8f17 750.7 KiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x - 运行容器 root@ubuntu-001:~# ctr run --runtime io.containerd.run.kata.v2 -t -d --rm docker.io/library/busybox:latest hello-kata root@ubuntu-001:~# ctr run -t -d --rm docker.io/library/busybox:latest hello-runc / # root@ubuntu-001:~# root@ubuntu-001:~# ps -ef|grep containerd root 42028 1725 0 14:13 ? 00:00:01 containerd root 49495 1 0 14:47 ? 00:00:04 /usr/bin/containerd root 49524 1 0 14:47 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 63129 1 0 15:43 ? 00:00:00 /usr/bin/containerd-shim-kata-v2 -namespace default -address /run/containerd/containerd.sock -publish-binary /usr/bin/containerd -id hello-kata root 63219 1 0 15:43 ? 00:00:00 /usr/bin/containerd-shim-runc-v2 -namespace default -id hello-runc -address /run/containerd/containerd.sock root 63382 58536 0 15:43 pts/2 00:00:00 grep --color=auto containerd root@ubuntu-001:~# ctr tasks list TASK PID STATUS hello-kata 63129 RUNNING hello-runc 63241 RUNNING root@ubuntu-001:~# ctr tasks exec -t --exec-id 63129 hello-kata sh / # uname -a Linux clr-84d1dc4d9ae34cad92be6e6629a4f67a 5.4.60-52.container #1 SMP Sat Jan 16 05:49:34 UTC 2021 x86_64 GNU/Linux root@ubuntu-001:~# ctr tasks exec -t --exec-id 63241 hello-runc sh / # uname -a Linux ubuntu-001 5.4.0-65-generic #73~18.04.1-Ubuntu SMP Tue Jan 19 09:02:24 UTC 2021 x86_64 GNU/Linux root@ubuntu-001:~# uname -a Linux ubuntu-001 5.4.0-65-generic #73~18.04.1-Ubuntu SMP Tue Jan 19 09:02:24 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux 停止容器 root@ubuntu-001:~# ctr tasks list TASK PID STATUS hello-kata 63129 RUNNING hello-runc 63241 RUNNING root@ubuntu-001:~# root@ubuntu-001:~# ctr tasks kill --signal 9 hello-kata root@ubuntu-001:~# ctr tasks kill --signal 9 hello-runc root@ubuntu-001:~# ctr tasks list TASK PID STATUS hello-kata 63129 STOPPED hello-runc 63241 STOPPED 删除容器 root@ubuntu-001:~# ctr container list CONTAINER IMAGE RUNTIME hello-kata docker.io/library/busybox:latest io.containerd.run.kata.v2 hello-runc docker.io/library/busybox:latest io.containerd.runc.v2 root@ubuntu-001:~# ctr container rm hello-kata root@ubuntu-001:~# ctr container rm hello-runc root@ubuntu-001:~# ctr container list CONTAINER IMAGE RUNTIME
全文完。
