安装Containerd
方式一:yum安装
# 安装系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 修改阿里源地址
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repoyum -y install containerd
systemctl enable containerd --now
containerd -v方式二:离线安装
containerd – 行业标准的容器运行时,强调简单性、健壮性和可移植性
wget https://github.com/containerd/containerd/releases/download/v1.7.14/containerd-1.7.14-linux-amd64.tar.gz
tar xvf containerd-1.7.14-linux-amd64.tar.gz
cp -rf bin/* /usr/local/bincat > /etc/systemd/system/containerd.service <<EOF
[Unit]
# 定义了服务的安装位置。这里指定为multi-user.target,表示将服务安装为多用户模式下的启动项
Description=containerd container runtime
# 指向容器运行时的文档的URL
Documentation=https://containerd.io
# 定义了在哪些依赖项之后该unit应该被启动。在网络和本地文件系统加载完成后启动,确保了容器运行时在这些依赖项可用时才会启动
After=network.target local-fs.target
[Service]
# 在启动containerd之前执行的命令。这里的命令是尝试加载内核的overlay模块,如果失败则忽略错误继续执行下面的命令
ExecStartPre=-/sbin/modprobe overlay
# 实际执行的命令,用于启动containerd容器运行时
ExecStart=/usr/local/bin/containerd
# 指定服务的通知类型。这里使用notify类型,表示当服务就绪时会通过通知的方式告知systemd
Type=notify
# 允许systemd对此服务进行重启和停止操作
Delegate=yes
# 在终止容器运行时时使用的kill模式。这里使用process模式,表示通过终止进程来停止容器运行时
KillMode=process
# 定义了当容器运行时终止后的重启策略。这里设置为always,表示无论何时终止容器运行时,都会自动重新启动
Restart=always
# 在容器运行时终止后重新启动之前等待的秒数
RestartSec=5
# 指定容器运行时可以使用的最大进程数量。这里设置为无限制
LimitNPROC=infinity
# 指定容器运行时可以使用的最大CPU核心数量。这里设置为无限制
LimitCORE=infinity
# 指定容器运行时可以打开的最大文件数。这里设置为无限制
LimitNOFILE=infinity
# 指定容器运行时可以创建的最大任务数。这里设置为无限制
TasksMax=infinity
# 指定容器运行时的OOM(Out-Of-Memory)分数调整值。负数值表示容器运行时的优先级较高
OOMScoreAdjust=-999
[Install]
# 指定容器运行时的OOM(Out-Of-Memory)分数调整值。负数值表示容器运行时的优先级较高
WantedBy=multi-user.target
EOF加载模块
cat > /etc/modules-load.d/containerd.conf << EOF
overlay
br_netfilter
EOFsystemctl restart systemd-modules-load修改内核参数
cat > /etc/sysctl.d/99-kubernetes-cri.conf << EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system修改配置文件
mkdir -p /etc/containerd
# 生成默认配置文件
containerd config default > /etc/containerd/config.toml
# SystemdCgroup参数的作用是为了确保containerd能够正确地管理容器的资源使用,以实现资源的限制、隔离和公平分配
sed -i "s#SystemdCgroup\ \=\ false#SystemdCgroup\ \=\ true#g" /etc/containerd/config.toml
# 修改镜像拉取地址为国内地址,这里是pause镜像地址
sed -i "s#registry.k8s.io#registry.aliyuncs.com/google_containers#g" /etc/containerd/config.toml
# 指定配置文件目录
sed -i "s#config_path\ \=\ \"\"#config_path\ \=\ \"/etc/containerd/registry\"#g" /etc/containerd/config.toml
sed -i 's/pause:3.6/pause:3.9/g' /etc/containerd/config.toml# 设置镜像加速
mkdir /etc/containerd/registry/docker.io -pv
cat > /etc/containerd/registry/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
[host."https://xk9ak4u9.mirror.aliyuncs.com"]
capabilities = ["pull","resolve"]
[host."https://dockerproxy.com"]
capabilities = ["pull", "resolve"]
[host."https://docker.mirrors.sjtug.sjtu.edu.cn"]
capabilities = ["pull","resolve"]
[host."https://docker.mirrors.ustc.edu.cn"]
capabilities = ["pull","resolve"]
[host."https://docker.nju.edu.cn"]
capabilities = ["pull","resolve"]
[host."https://registry-1.docker.io"]
capabilities = ["pull","resolve","push"]
EOF
mkdir /etc/containerd/registry/gcr.io -pv
cat > /etc/containerd/registry/gcr.io/hosts.toml << EOF
server = "https://gcr.io"
[host."https://gcr.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF
mkdir /etc/containerd/registry/registry.k8s.io -pv
cat > /etc/containerd/registry/registry.k8s.io/hosts.toml << EOF
server = "https://registry.k8s.io"
[host."https://k8s.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF
mkdir /etc/containerd/registry/k8s.gcr.io -pv
cat > /etc/containerd/registry/k8s.gcr.io/hosts.toml << EOF
server = "https://k8s.gcr.io"
[host."https://k8s.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF
mkdir /etc/containerd/registry/quay.io -pv
cat > /etc/containerd/registry/quay.io/hosts.toml << EOF
server = "https://quay.io"
[host."https://quay.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF镜像加速脚本
#!/usr/bin/env bash
export PS4='\[\e[35m\]+ $(basename $0):${FUNCNAME}:$LINENO: \[\e[0m\]'
[ "$debug" == "true" -o "$debug" == "yes" ] && set -x
config_file="/etc/containerd/config.toml"
config_path='/etc/containerd/registry'
if [ ! -f "${config_file}" ];then
[ ! -d "${config_file%/*}" ] && mkdir -p ${config_file%/*}
lineno="$(containerd config default | grep -n -A 1 -P '(?<=\[plugins.")io.containerd.grpc.v1.cri(?=".registry])'|tail -1)"
lineno=${lineno/-*}
containerd config default | sed -e "${lineno}s@config.*@config_path = \"${config_path}\"@" |sed '/SystemdCgroup/s/false/true/' > $config_file
fi
[ ! -d "${config_path}" ] && mkdir -p ${config_path}
params="${@:-registry.k8s.io:k8s.m.daocloud.io docker.io:docker.m.daocloud.io gcr.io:gcr.m.daocloud.io k8s.gcr.io:k8s.m.daocloud.io quay.io:quay.m.daocloud.io}"
function content(){
printf 'server = "https://%s"\n' "${registry}"
printf '[host."https://%s"]\n' "${proxy_server}"
printf ' capabilities = ["pull", "resolve"]'
}
for param in ${params}
do
registry="${param/:*/}"
proxy_server="${param/*:/}"
hosts_path="$config_path/$registry"
[ ! -d "$hosts_path" ] && mkdir -p ${hosts_path}
content > $hosts_path/hosts.toml
done启动并设置开机自启
systemctl daemon-reload
systemctl enable containerd --now
systemctl restart containerd
systemctl status containerd安装crictl
下载地址:Releases · kubernetes-sigs/cri-tools (github.com)
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.30.0/crictl-v1.30.0-linux-amd64.tar.gz
tar -zxf crictl-v1.30.0-linux-amd64.tar.gz
mv crictl /usr/local/bin/cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
pull-image-on-create: false
EOF