1. 安装

配置yum源安装

1
2
3
wget ftp://ftp.rhce.cc/k8s/* -P /etc/yum.repos.d/

yum install containerd.io cri-tools -y

生成默认配置文件

1
containerd config default > /etc/containerd/config.toml

修改配置文件

1
2
3
4
5
6
7
8
 [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
	[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
		endpoint = ["https://frz7i079.mirror.aliyuncs.com"]

sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
	SystemdCgroup = true

添加源

1
2
3
4
5
6
7
mkdir -p /etc/containerd/certs.d/docker.io 
cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF 
# server = "https://docker.io" 
[host."https://frz7i079.mirror.aliyuncs.com"] 
  capabilities = ["pull", "resolve"] 
  override_path = true 
EOF

容器开机启动
containerd默认创建的容器不会开机自启

1
2
loginctl enable-linger root
loginctl show-user root | grep Linger

添加内核参数

1
2
3
4
5
cat <<EOF > /etc/sysctl.d/containerd.conf 
net.bridge.bridge-nf-call-ip6tables = 1 
net.bridge.bridge-nf-call-iptables = 1 
net.ipv4.ip_forward = 1 
EOF

查看生效配置

1
containerd config dump

启动服务

1
systemctl enable containerd --now

安装nerdctl

1
2
3
4
curl -OL https://github.com/containerd/nerdctl/releases/download/v0.22.0/nerdctl-0.22.0-linux-amd64.tar.gz
curl -OL https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
tar xf nerdctl-0.22.0-linux-amd64.tar.gz -C /opt/kube/bin/
tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/

添加命令补全

1
2
/etc/profile
	source <(nerdctl completion bash)

创建客户端配置文件
nerdctl不读取/etc/containerd/config.toml

1
2
3
4
5
6
7
8
9
10
11
12
mkdir /etc/nerdctl

cat > /etc/nerdctl/nerdctl.toml <<EOF 
debug = false 
debug_full = false 
address = "unix:///var/run/containerd/containerd.sock" 
namespace = "default" 
#snapshotter = "stargz" 
cgroup_manager = "systemd" 
#hosts_dir = ["/etc/containerd/certs.d", "/etc/nerdctl/certs.d"] 
insecure_registry = true 
EOF

查看运行容器

1
2
3
4
[root@k8s-master001 ~]# nerdctl ps
CONTAINER ID    IMAGE                                  COMMAND                   CREATED         STATUS    PORTS                     NAMES
2eaf94dd7455    hub.c.163.com/library/centos:latest    "tail -f /dev/null"       33 hours ago    Up                                  c1
3c78be6431c2    hub.c.163.com/library/mysql:latest     "docker-entrypoint.s…"    5 days ago      Up        0.0.0.0:3307->3306/tcp    db

2. 镜像管理

自定义tag

1
nerdctl tag nginx:latest renmcc/nginx:v1

导入导出

1
2
3
4
# 导出镜像
nerdctl save nginx -o nginx.tar
# 倒入镜像
nerdctl load -i nginx.tar

查看容器构建

1
nerdctl history nginx --no-trunc

3. 容器管理

运行容器

1
2
3
4
nerdctl run --name centos -it hub.c.163.com/library/centos /bin/bash
nerdctl run --name centos -it --rm hub.c.163.com/library/centos /bin/bash
nerdctl run --name=nginx -d --restart=always -p 80:80 nginx
nerdctl run --name=db -d --restart=always -e MYSQL_ROOT_PASSWORD=910202 -e MYSQL_DATABASE=blog -p 3307:3306 hub.c.163.com/library/mysql:latest

查看容器配置

1
2
3
4
5
6
7
[root@k8s-master001 ~]# nerdctl inspect db|grep Address
            "GlobalIPv6Address": "",
            "IPAddress": "10.4.0.13",
            "MacAddress": "3a:9c:d8:5d:55:37",
                    "IPAddress": "10.4.0.13",
                    "GlobalIPv6Address": "",
                    "MacAddress": "3a:9c:d8:5d:55:37"

查看容器中运行程序

1
2
3
[root@k8s-master001 ~]# nerdctl top db
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
polkitd             1579                1528                0                   20:11               ?                   00:00:01            mysqld

4. 数据卷使用

映射data数据卷

1
nerdctl run -d --name=nginx -v /data:/data nginx:alpine

查看所有数据卷

1
2
3
4
5
6
[root@k8s-master001 ~]# nerdctl volume ls
VOLUME NAME                                                         DIRECTORY
23080f5296e127cf1534050e0a04318ac2791d49ee361291522fb4a2ec9819b8    /var/lib/nerdctl/1935db59/volumes/default/23080f5296e127cf1534050e0a04318ac2791d49ee361291522fb4a2ec9819b8/_data
4c8ae79c628da515a738593d8fdcd90b3942957885da54be9b6f5890eb283b01    /var/lib/nerdctl/1935db59/volumes/default/4c8ae79c628da515a738593d8fdcd90b3942957885da54be9b6f5890eb283b01/_data
e3f5c53ba515831cc5a51642c209da3079345e0139750bcec812c3f687e9bcc7    /var/lib/nerdctl/1935db59/volumes/default/e3f5c53ba515831cc5a51642c209da3079345e0139750bcec812c3f687e9bcc7/_data
00dc7812fc9149ab6f6af3d862b9c32a1675234ccb54bd9f227c88f75d71eec8    /var/lib/nerdctl/1935db59/volumes/default/00dc7812fc9149ab6f6af3d862b9c32a1675234ccb54bd9f227c88f75d71eec8/_data

宿主机和容器数据复制

1
2
3
4
# 拷贝宿主机文件到容器
nerdctl cp /etc/hosts nginx:/tmp
# 拷贝容器内文件到宿主机
nerdctl cp nginx:/etc/hosts .

5. 网络管理

容器采用nat进行流量转发

列出所有网络

1
nerdctl network ls

创建一个网络

1
nerdctl network create -d bridge --subnet 10.0.0.0/24 mynet

使用自建容器网络

1
nerdctl run -d --name=c1 --restart=always --network=mynet hub.c.163.com/library/centos:latest -- tail -f /dev/null

使用宿主机网络空间

1
nerdctl run -d --name=c1 --restart=always --network host nginx:alpine

不使用网络

1
nerdctl run -d --name=c1 --restart=always --network noneåß nginx:alpine

删除网络

1
nerdctl network rm mynet

练习

1
2
3
4
5
6
7
8
9
10
11
12
[root@k8s-master001 ~]# nerdctl run -d --name=db --restart=always -v /db:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=910202 -e MYSQL_DATABASE=wordpress hub.c.163.com/library/mysql:latest
c735dbc12c6a513910af18a93aba7d6bb18b6ddfc766317041a7017d1d507cfd

[root@k8s-master001 ~]# nerdctl inspect db |grep Address
            "GlobalIPv6Address": "",
            "IPAddress": "10.4.0.15",
            "MacAddress": "b6:6d:ae:b1:ce:c7",
                    "IPAddress": "10.4.0.15",
                    "GlobalIPv6Address": "",
                    "MacAddress": "b6:6d:ae:b1:ce:c7"

[root@k8s-master001 ~]# nerdctl run -d --name=blog --restart=always -v /blog:/var/www/html -p 80:80 -e WORDPRESS_DB_HOST=10.4.0.15 -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=910202 -e WORDPRESS_DB_NAME=wordpress hub.c.163.com/library/wordpress:latest