containerd容器运行时快速入门使用指南

简介: 关于containerd容器运行时的快速入门使用指南,涵盖了镜像管理、容器管理、NameSpace管理、数据持久化、镜像推送至Harbor仓库以及Docker与Containerd集成等内容。

一.镜像管理

1.下载指定镜像

[root@docker202 ~]# ctr images pull  docker.io/library/nginx:1.21.6-alpine
docker.io/library/nginx:1.21.6-alpine:                                            resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:529db430e042ecef071f2e88267cee6da18f8ab44d66a0c44348886fdc2e60fc: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:9da77f8e409edbb2c42db3d6a70f31754ac6e35c9ae981555b9f42ea42008a80:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:b1c3acb28882519cf6d3a4d7fe2b21d0ae20bde9cfd2c08a7de057f8cfccff15:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:df9b9388f04ad6279a7410b85cedfdcb2208c0a003da7ab5613af71079148139:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:a285f0f83eed13cf71ccb560c31dd31b5eb7be0cadb4f43319d6de59aa4e3c70:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:e00351ea626cd356c69e58d33181233b47a904d3b6ee508948d6cc221d7b9cfa:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:06f5cb628050fa03f0928769c767bba57656e84312961cc39fbff63ae48c2f3e:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:32261d4e220f3a41084ad35886169f9d753ffca4f8824ad934a43b1cddbad86c:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 42.3s                                                                    total:  8.7 Mi (210.6 KiB/s)                                     
unpacking linux/amd64 sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989...
done: 451.108658ms    
[root@docker202 ~]# 

温馨提示:
    下载镜像必须指定镜像的仓库地址,不能向我们之前docker那样使用,可以省略镜像服务器地址。
    因为docker服务我们不写镜像服务器地址默认就是docker HUB的官方仓库。而ctr工具一视同仁,并没有对docker的hub官方镜像地址做特殊处理。

2.查看镜像列表

[root@docker202 ~]# ctr images ls
REF                                   TYPE                                                      DIGEST                                                                  SIZE    PLATFORMS                                                                                LABELS 
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -      
[root@docker202 ~]#

3.挂载镜像以查看镜像内容

[root@docker202 ~]# ll /mnt/
total 8
drwxr-xr-x  2 root root 4096 Aug 10  2023 ./
drwxr-xr-x 19 root root 4096 Jan 23 22:56 ../
[root@docker202 ~]# 
[root@docker202 ~]# ctr images mount docker.io/library/nginx:1.21.6-alpine /mnt
sha256:1e82c6d6bb97ec37fdaf16a3578db9f79efc2a7fa987875e259148857265b410
/mnt
[root@docker202 ~]# 
[root@docker202 ~]# ll /mnt/
total 84
drwxr-xr-x  1 root root 4096 Mar  6 22:57 ./
drwxr-xr-x 19 root root 4096 Jan 23 22:56 ../
drwxr-xr-x  2 root root 4096 Apr  5  2022 bin/
drwxr-xr-x  2 root root 4096 Apr  5  2022 dev/
drwxr-xr-x  1 root root 4096 May 18  2022 docker-entrypoint.d/
-rwxrwxr-x  1 root root 1202 May 18  2022 docker-entrypoint.sh*
drwxr-xr-x  1 root root 4096 May 18  2022 etc/
drwxr-xr-x  2 root root 4096 Apr  5  2022 home/
drwxr-xr-x  1 root root 4096 Apr  5  2022 lib/
drwxr-xr-x  5 root root 4096 Apr  5  2022 media/
drwxr-xr-x  2 root root 4096 Apr  5  2022 mnt/
drwxr-xr-x  2 root root 4096 Apr  5  2022 opt/
dr-xr-xr-x  2 root root 4096 Apr  5  2022 proc/
drwx------  2 root root 4096 Apr  5  2022 root/
drwxr-xr-x  2 root root 4096 Apr  5  2022 run/
drwxr-xr-x  2 root root 4096 Apr  5  2022 sbin/
drwxr-xr-x  2 root root 4096 Apr  5  2022 srv/
drwxr-xr-x  2 root root 4096 Apr  5  2022 sys/
drwxrwxrwt  1 root root 4096 May 18  2022 tmp/
drwxr-xr-x  1 root root 4096 Apr  5  2022 usr/
drwxr-xr-x  1 root root 4096 Apr  5  2022 var/
[root@docker202 ~]# 
[root@docker202 ~]# umount /mnt/
[root@docker202 ~]# 
[root@docker202 ~]# ll /mnt/
total 8
drwxr-xr-x  2 root root 4096 Aug 10  2023 ./
drwxr-xr-x 19 root root 4096 Jan 23 22:56 ../
[root@docker202 ~]#

4.镜像导出

[root@docker202 ~]# ctr images export --platform linux/amd64 yinzhengjie-nginx-1.26.1.tar.gz docker.io/library/nginx:1.21.6-alpine
[root@docker202 ~]# 
[root@docker202 ~]# ll -h yinzhengjie-nginx-1.26.1.tar.gz 
-rw-r--r-- 1 root root 9.8M Mar  6 23:17 yinzhengjie-nginx-1.26.1.tar.gz
[root@docker202 ~]# 

温馨提示:
    此处我导出镜像指定平台为"linux/amd64",将来导入镜像也必须指定为该平台哟。

5.删除镜像

[root@docker202 ~]# ctr image ls
REF                                   TYPE                                                      DIGEST                                                                  SIZE    PLATFORMS                                                                                LABELS 
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -      
[root@docker202 ~]# 
[root@docker202 ~]# ctr image rm docker.io/library/nginx:1.21.6-alpine
docker.io/library/nginx:1.21.6-alpine
[root@docker202 ~]# 
[root@docker202 ~]# ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS 
[root@docker202 ~]#

6.导入镜像

[root@docker202 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS 
[root@docker202 ~]# 
[root@docker202 ~]# ctr images import --platform linux/amd64 yinzhengjie-nginx-1.26.1.tar.gz 
unpacking docker.io/library/nginx:1.21.6-alpine (sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989)...done
[root@docker202 ~]# 
[root@docker202 ~]# ctr images ls
REF                                   TYPE                                                      DIGEST                                                                  SIZE    PLATFORMS                                                                                LABELS 
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -      
[root@docker202 ~]#

7.给镜像打tag

[root@docker202 ~]# ctr images ls
REF                                   TYPE                                                      DIGEST                                                                  SIZE    PLATFORMS                                                                                LABELS 
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -      
[root@docker202 ~]# 
[root@docker202 ~]# ctr images tag docker.io/library/nginx:1.21.6-alpine nginx:1.21.6-alpine
nginx:1.21.6-alpine
[root@docker202 ~]# 
[root@docker202 ~]# ctr images ls
REF                                   TYPE                                                      DIGEST                                                                  SIZE    PLATFORMS                                                                                LABELS 
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -      
nginx:1.21.6-alpine                   application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -      
[root@docker202 ~]#

8.检查现有镜像以确保所有内容在本地可用

[root@docker202 ~]# ctr images check 
REF                                   TYPE                                                      DIGEST                                                                  STATUS         SIZE            UNPACKED 
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 complete (7/7) 9.7 MiB/9.7 MiB true
nginx:1.21.6-alpine                   application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 complete (7/7) 9.7 MiB/9.7 MiB true
[root@docker202 ~]#

二.容器管理

1.创建容器并指定容器名称

[root@docker202 ~]# ctr containers create docker.io/library/nginx:1.21.6-alpine c1

2.查看现有容器列表

[root@docker202 ~]# ctr containers ls
CONTAINER    IMAGE                                    RUNTIME                  
c1           docker.io/library/nginx:1.21.6-alpine    io.containerd.runc.v2    
[root@docker202 ~]#

3.查看容器的详细信息

[root@docker202 ~]# ctr container info c1
{
    "ID": "c1",
    "Labels": {
        "io.containerd.image.config.stop-signal": "SIGQUIT",
        "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e"
    },
    "Image": "docker.io/library/nginx:1.21.6-alpine",
    "Runtime": {
        "Name": "io.containerd.runc.v2",
        "Options": {
            "type_url": "containerd.runc.v1.Options"
        }
    },
    "SnapshotKey": "c1",
    "Snapshotter": "overlayfs",
    "CreatedAt": "2024-03-06T15:27:04.695175506Z",
    "UpdatedAt": "2024-03-06T15:27:04.695175506Z",
    "Extensions": {},
    "SandboxID": "",
     ...
    }
}
[root@docker202 ~]#

4.启动容器

[root@docker202 ~]# ctr containers ls  # 注意观察,c1容器的运行时为"io.containerd.runc.v2"
CONTAINER    IMAGE                                    RUNTIME                  
c1           docker.io/library/nginx:1.21.6-alpine    io.containerd.runc.v2    
[root@docker202 ~]# 
[root@docker202 ~]# 
[root@docker202 ~]# ll /usr/bin/containerd-shim-runc-v2 
-rwxr-xr-x 1 root root 12189696 Mar  6 23:32 /usr/bin/containerd-shim-runc-v2*
[root@docker202 ~]# 
[root@docker202 ~]# ctr task start -d c1  # 请确保"/usr/bin/containerd-shim-runc-v2"文件存在,否则无法启动容器


温馨提示:
    "-d"表示后台运行容器容器。

5.查看容器运行的PID

[root@docker202 ~]# ctr task ls
TASK    PID      STATUS    
c1      21975    RUNNING
[root@docker202 ~]#

6.查看容器对应宿主机的PID

[root@docker202 ~]# ctr task ps c1
PID      INFO
21975    -
22014    -
22015    -
[root@docker202 ~]# 
[root@docker202 ~]# ps -ef | egrep "21975|22014|22015" | grep -v grep
root       21975   21953  0 23:32 ?        00:00:00 nginx: master process nginx -g daemon off;
systemd+   22014   21975  0 23:32 ?        00:00:00 nginx: worker process
systemd+   22015   21975  0 23:32 ?        00:00:00 nginx: worker process
[root@docker202 ~]#

7.在容器中执行命令

[root@docker202 ~]# ctr task exec --exec-id 1 c1 ifconfig -a
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

[root@docker202 ~]# 
[root@docker202 ~]# ctr task exec --exec-id 2 c1 ls -l
total 68
drwxr-xr-x    2 root     root          4096 Apr  4  2022 bin
drwxr-xr-x    5 root     root           340 Mar  6 15:32 dev
drwxr-xr-x    1 root     root          4096 May 17  2022 docker-entrypoint.d
-rwxrwxr-x    1 root     root          1202 May 17  2022 docker-entrypoint.sh
drwxr-xr-x    1 root     root          4096 May 17  2022 etc
drwxr-xr-x    2 root     root          4096 Apr  4  2022 home
drwxr-xr-x    1 root     root          4096 Apr  4  2022 lib
drwxr-xr-x    5 root     root          4096 Apr  4  2022 media
drwxr-xr-x    2 root     root          4096 Apr  4  2022 mnt
drwxr-xr-x    2 root     root          4096 Apr  4  2022 opt
dr-xr-xr-x  284 root     root             0 Mar  6 15:32 proc
drwx------    2 root     root          4096 Apr  4  2022 root
drwxr-xr-x    2 root     root            60 Mar  6 15:32 run
drwxr-xr-x    2 root     root          4096 Apr  4  2022 sbin
drwxr-xr-x    2 root     root          4096 Apr  4  2022 srv
dr-xr-xr-x   13 root     root             0 Mar  6 15:32 sys
drwxrwxrwt    1 root     root          4096 May 17  2022 tmp
drwxr-xr-x    1 root     root          4096 Apr  4  2022 usr
drwxr-xr-x    1 root     root          4096 Apr  4  2022 var
[root@docker202 ~]# 
[root@docker202 ~]# ctr task exec --exec-id 3 --tty c1 sh
/ # ls /
bin                   etc                   mnt                   run                   tmp
dev                   home                  opt                   sbin                  usr
docker-entrypoint.d   lib                   proc                  srv                   var
docker-entrypoint.sh  media                 root                  sys
/ # 


温馨提示:
    和docker相似,但是我们想要在容器中执行命令,需要使用"--exec-id"选项手动指定一个ID,此ID可以理解为其在容器运行中的进程ID。
    一定要注意的是,我们使用"--exec-id"定义的ID不能同时运行多个进程,只能同时运行一个进程哟。这一点你可以用一个"sleep"命令来验证。

8.启动新容器

[root@docker202 ~]# ctr task ls
TASK    PID      STATUS    
c1      21975    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr run -d --net-host docker.io/library/nginx:1.21.6-alpine c2
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
[root@docker202 ~]# 
[root@docker202 ~]# ctr task ls
TASK    PID      STATUS    
c1      21975    RUNNING
c2      22694    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr task exec --exec-id 1  c2 ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0C:29:6E:C3:7E  
          inet addr:10.0.0.202  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe6e:c37e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:848981 errors:0 dropped:0 overruns:0 frame:0
          TX packets:575792 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:603324493 (575.3 MiB)  TX bytes:63965896 (61.0 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1936 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1936 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:213137 (208.1 KiB)  TX bytes:213137 (208.1 KiB)

[root@docker202 ~]#

9.暂停容器

[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c1      21975    RUNNING
c2      22694    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks pause c1
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c1      21975    PAUSED
c2      22694    RUNNING
[root@docker202 ~]#

10.恢复容器

[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c1      21975    PAUSED
c2      22694    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks resume c1
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c1      21975    RUNNING
c2      22694    RUNNING
[root@docker202 ~]#

11.停止容器

[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c2      22694    RUNNING
c1      21975    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks kill c1
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c1      21975    STOPPED
c2      22694    RUNNING
[root@docker202 ~]#

12.删除容器

[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c2      22694    RUNNING
c1      21975    STOPPED
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks rm c1
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c2      22694    RUNNING
[root@docker202 ~]#

三. Containerd NameSpace管理

1.namespace概述

containerd中namespace的作用是为了隔离运行的容器,可以实现在不同的名称空间运行多个同名的容器。

2.查看现有的namespace

[root@docker202 ~]# ctr namespace ls
NAME    LABELS 
default        
[root@docker202 ~]#

3.创建namespace

[root@docker202 ~]# ctr namespace ls
NAME    LABELS 
default        
[root@docker202 ~]# ctr namespace create yinzhengjie
[root@docker202 ~]# 
[root@docker202 ~]# ctr namespace ls
NAME        LABELS 
default            
yinzhengjie        
[root@docker202 ~]#

4.删除namespace

[root@docker202 ~]# ctr namespace ls
NAME        LABELS 
default            
yinzhengjie        
[root@docker202 ~]# 
[root@docker202 ~]# ctr namespace rm yinzhengjie
yinzhengjie
[root@docker202 ~]# 
[root@docker202 ~]# ctr namespace ls
NAME    LABELS 
default        
[root@docker202 ~]#

5.在指定namespace中下载容器镜像,如果namespace不存在则会直接创建

[root@docker202 ~]# ctr -n yinzhengjie image ls 
REF TYPE DIGEST SIZE PLATFORMS LABELS 
[root@docker202 ~]# 
[root@docker202 ~]# ctr -n yinzhengjie images pull docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1
docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1:                                resolved       |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:eac6c50d80c7452db54871790fb26a6ca4d63dd3d4c98499293b3bab90832259: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:d2167fa4e83529449c552337c6310c1ab15542a31d5cbe3c2e88c49365bc0d6a:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:da6fdb7c9168278f1f455522fcd2f88b5ed2d240a89feca10e7eda3f8ffacd5e:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:cdc010c9a8492436224fd138b6758bdbb4930f7fed029d4a992f61a84c058c38:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:bac97e2f09ed597756380324f551dc1d63d44bc3ce2fd8bebd98af413896f006:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 17.4s                                                                    total:  2.2 Mi (131.5 KiB/s)                                     
unpacking linux/amd64 sha256:eac6c50d80c7452db54871790fb26a6ca4d63dd3d4c98499293b3bab90832259...
done: 129.683493ms    
[root@docker202 ~]# 
[root@docker202 ~]# ctr -n yinzhengjie image ls 
REF                                               TYPE                                                 DIGEST                                                                  SIZE    PLATFORMS   LABELS 
docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1 application/vnd.docker.distribution.manifest.v2+json sha256:eac6c50d80c7452db54871790fb26a6ca4d63dd3d4c98499293b3bab90832259 2.7 MiB linux/amd64 -      
[root@docker202 ~]#

6.在指定namespace中运行容器

[root@docker202 ~]# ctr containers ls
CONTAINER    IMAGE                                    RUNTIME                  
c1           docker.io/library/nginx:1.21.6-alpine    io.containerd.runc.v2    
c2           docker.io/library/nginx:1.21.6-alpine    io.containerd.runc.v2    
[root@docker202 ~]# 
[root@docker202 ~]# ctr -n yinzhengjie run -d --net-host docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1 c1  
[root@docker202 ~]#
[root@docker202 ~]# ctr -n yinzhengjie containers ls
CONTAINER    IMAGE                                                RUNTIME                  
c1           docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1    io.containerd.runc.v2    
[root@docker202 ~]#

7.与其它Containerd容器共享命名空间

        7.1 终端1执行
[root@docker202 ~]# ctr -n yinzhengjie task ls
TASK    PID      STATUS    
c1      23103    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr -n yinzhengjie tasks exec --exec-id $RANDOM -t c1 sh
/usr/local/stress # ps -ef
PID   USER     TIME  COMMAND
    1 root      0:00 /bin/sh
   53 root      0:00 sh
   59 root      0:00 ps -ef
/usr/local/stress # 
/usr/local/stress # exit
[root@docker202 ~]# 
[root@docker202 ~]# ctr container create --with-ns "pid:/proc/23103/ns/pid" docker.io/library/nginx:1.21.6-alpine  c4
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c2      22694    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks start -d c4 
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks ls
TASK    PID      STATUS    
c2      22694    RUNNING
c4      23723    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# ctr tasks exec --exec-id $RANDOM c4 sleep 300

        7.2 终端2执行
[root@docker202 ~]# ctr tasks exec --exec-id $RANDOM -t c4 sh
/ # ps -ef
PID   USER     TIME  COMMAND
    1 root      0:00 /bin/sh
   94 root      0:00 nginx: master process nginx -g daemon off;
  125 nginx     0:00 nginx: worker process
  126 nginx     0:00 nginx: worker process
  127 root      0:00 sleep 300
  134 root      0:00 sh
  141 root      0:00 ps -ef
/ #

四.容器数据持久化

1.下载镜像

[root@elk92 ~]# ctr -n yinzhengjie images pull docker.io/jasonyin2020/oldboyedu-games:v0.5
docker.io/jasonyin2020/oldboyedu-games:v0.5:                                      resolved       |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:f88a297910ba36d446d32295af8de26195418c6aa905a5048a2406bd001015c7:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:ff9c6add3f30f658b4f44732bef1dd44b6d3276853bba31b0babc247f3eba0dc:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:dcc43d9a97b44cf3b3619f2c185f249891b108ab99abcc58b19a82879b00b24b:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:189859b883c4866961fd23ea2e51e72c1a20841c447f59fa910e469fb89d5335:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:5dcfac0f2f9ca3131599455f5e79298202c7e1b5e0eb732498b34e9fe4cb1173:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:5758d4e389a3f662e94a85fb76143dbe338b64f8d2a65f45536a9663b05305ad:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:2c6e86e57dfd729d8240ceab7c18bd1e5dd006b079837116bc1c3e1de5e1971a:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:51d66f6290217acbf83f15bc23a88338819673445804b1461b2c41d4d0c22f94:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:939ecaac3e9c05b4e248e75d1b141c8a344bd45987eaba06387b7cd83cd105b7:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 484.3s                                                                   total:  226.6  (479.1 KiB/s)                                     
unpacking linux/amd64 sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a...
done: 22.056641291s    
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie images ls
REF                                         TYPE                                                 DIGEST                                                                  SIZE      PLATFORMS   LABELS 
docker.io/jasonyin2020/oldboyedu-games:v0.5 application/vnd.docker.distribution.manifest.v2+json sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a 226.6 MiB linux/amd64 -      
[root@elk92 ~]#

2.创建容器

[root@elk92 ~]# ctr -n yinzhengjie container create  --mount type=bind,src=/yinzhengjie/games,dst=/usr/local/nginx/html,options=rbind:rw docker.io/jasonyin2020/oldboyedu-games:v0.5   games
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie container ls
CONTAINER    IMAGE                                          RUNTIME                  
games        docker.io/jasonyin2020/oldboyedu-games:v0.5    io.containerd.runc.v2    
[root@elk92 ~]#

3.启动容器

[root@elk92 ~]# mkdir -pv /yinzhengjie/games
mkdir: created directory ‘/yinzhengjie’
mkdir: created directory ‘/yinzhengjie/games’
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie tasks start -d games
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie tasks ls
TASK     PID     STATUS    
games    4674    RUNNING
[root@elk92 ~]#

4.进入容器,查看是否挂载成功,并写入测试数据

[root@elk92 ~]# cp /etc/os-release /yinzhengjie/games/
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie tasks exec --exec-id $RANDOM -t games sh
/ # 
/ # 
/ # ls -l /usr/local/nginx/html/
total 4
-rw-r--r--    1 root     root           393 Mar  7 03:06 os-release
/ # 
/ # echo "https://www.cnblogs.com/yinzhengjie" > /usr/local/nginx/html/blog.txt
/ # 
/ # 
/ # ls -l /usr/local/nginx/html/
total 8
-rw-r--r--    1 root     root            36 Mar  7 03:07 blog.txt
-rw-r--r--    1 root     root           393 Mar  7 03:06 os-release
/ # 
/ # exit 
[root@elk92 ~]#

5.查看宿主机的目录,观察数据是否持久化

[root@elk92 ~]# ll -h /yinzhengjie/games/
total 8.0K
-rw-r--r--. 1 root root  36 Mar  6 19:07 blog.txt
-rw-r--r--. 1 root root 393 Mar  6 19:06 os-release
[root@elk92 ~]# 
[root@elk92 ~]# cat /yinzhengjie/games/blog.txt 
https://www.cnblogs.com/yinzhengjie
[root@elk92 ~]#

6.删除容器,验证存储卷的数据是否存在

[root@elk92 ~]# ctr -n yinzhengjie container ls
CONTAINER    IMAGE                                          RUNTIME                  
games        docker.io/jasonyin2020/oldboyedu-games:v0.5    io.containerd.runc.v2    
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie task ls
TASK     PID     STATUS    
games    4674    RUNNING
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie task kill games
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie task ls
TASK     PID     STATUS    
games    4674    STOPPED
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie container rm games
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie container ls
CONTAINER    IMAGE    RUNTIME    
[root@elk92 ~]# 
[root@elk92 ~]# ll -h /yinzhengjie/games/
total 8.0K
-rw-r--r--. 1 root root  36 Mar  6 19:07 blog.txt
-rw-r--r--. 1 root root 393 Mar  6 19:06 os-release
[root@elk92 ~]#

五.containerd实现镜像推送到harbor仓库

1.查看containerd的配置

http配置案例

[root@worker243 ~]# cat download/config.toml-http 
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2

[cgroup]
  path = ""

[debug]
  address = ""
  format = ""
  gid = 0
  level = ""
  uid = 0

[grpc]
  address = "/run/containerd/containerd.sock"
  gid = 0
  max_recv_message_size = 16777216
  max_send_message_size = 16777216
  tcp_address = ""
  tcp_tls_ca = ""
  tcp_tls_cert = ""
  tcp_tls_key = ""
  uid = 0

[metrics]
  address = ""
  grpc_histogram = false

[plugins]

  [plugins."io.containerd.gc.v1.scheduler"]
    deletion_threshold = 0
    mutation_threshold = 100
    pause_threshold = 0.02
    schedule_delay = "0s"
    startup_delay = "100ms"

  [plugins."io.containerd.grpc.v1.cri"]
    cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
    device_ownership_from_security_context = false
    disable_apparmor = false
    disable_cgroup = false
    disable_hugetlb_controller = true
    disable_proc_mount = false
    disable_tcp_service = true
    drain_exec_sync_io_timeout = "0s"
    enable_cdi = false
    enable_selinux = false
    enable_tls_streaming = false
    enable_unprivileged_icmp = false
    enable_unprivileged_ports = false
    ignore_image_defined_volumes = false
    image_pull_progress_timeout = "5m0s"
    max_concurrent_downloads = 3
    max_container_log_line_size = 16384
    netns_mounts_under_state_dir = false
    restrict_oom_score_adj = false
    sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8"
    selinux_category_range = 1024
    stats_collect_period = 10
    stream_idle_timeout = "4h0m0s"
    stream_server_address = "127.0.0.1"
    stream_server_port = "0"
    systemd_cgroup = false
    tolerate_missing_hugetlb_controller = true
    unset_seccomp_profile = ""

    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      conf_template = ""
      ip_pref = ""
      max_conf_num = 1
      setup_serially = false

    [plugins."io.containerd.grpc.v1.cri".containerd]
      default_runtime_name = "runc"
      disable_snapshot_annotations = true
      discard_unpacked_layers = false
      ignore_blockio_not_enabled_errors = false
      ignore_rdt_not_enabled_errors = false
      no_pivot = false
      snapshotter = "overlayfs"

      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
        base_runtime_spec = ""
        cni_conf_dir = ""
        cni_max_conf_num = 0
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        privileged_without_host_devices_all_devices_allowed = false
        runtime_engine = ""
        runtime_path = ""
        runtime_root = ""
        runtime_type = ""
        sandbox_mode = ""
        snapshotter = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]

      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
          base_runtime_spec = ""
          cni_conf_dir = ""
          cni_max_conf_num = 0
          container_annotations = []
          pod_annotations = []
          privileged_without_host_devices = false
          privileged_without_host_devices_all_devices_allowed = false
          runtime_engine = ""
          runtime_path = ""
          runtime_root = ""
          runtime_type = "io.containerd.runc.v2"
          sandbox_mode = "podsandbox"
          snapshotter = ""

          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            BinaryName = ""
            CriuImagePath = ""
            CriuPath = ""
            CriuWorkPath = ""
            IoGid = 0
            IoUid = 0
            NoNewKeyring = false
            NoPivotRoot = false
            Root = ""
            ShimCgroup = ""
            SystemdCgroup = true

      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
        base_runtime_spec = ""
        cni_conf_dir = ""
        cni_max_conf_num = 0
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        privileged_without_host_devices_all_devices_allowed = false
        runtime_engine = ""
        runtime_path = ""
        runtime_root = ""
        runtime_type = ""
        sandbox_mode = ""
        snapshotter = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]

    [plugins."io.containerd.grpc.v1.cri".image_decryption]
      key_model = "node"

    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.yinzhengjie.com"]
        endpoint = [
          "http://harbor.yinzhengjie.com"
        ]

    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
      tls_cert_file = ""
      tls_key_file = ""

  [plugins."io.containerd.internal.v1.opt"]
    path = "/opt/containerd"

  [plugins."io.containerd.internal.v1.restart"]
    interval = "10s"

  [plugins."io.containerd.internal.v1.tracing"]
    sampling_ratio = 1.0
    service_name = "containerd"

  [plugins."io.containerd.metadata.v1.bolt"]
    content_sharing_policy = "shared"

  [plugins."io.containerd.monitor.v1.cgroups"]
    no_prometheus = false

  [plugins."io.containerd.nri.v1.nri"]
    disable = true
    disable_connections = false
    plugin_config_path = "/etc/nri/conf.d"
    plugin_path = "/opt/nri/plugins"
    plugin_registration_timeout = "5s"
    plugin_request_timeout = "2s"
    socket_path = "/var/run/nri/nri.sock"

  [plugins."io.containerd.runtime.v1.linux"]
    no_shim = false
    runtime = "runc"
    runtime_root = ""
    shim = "containerd-shim"
    shim_debug = false

  [plugins."io.containerd.runtime.v2.task"]
    platforms = ["linux/amd64"]
    sched_core = false

  [plugins."io.containerd.service.v1.diff-service"]
    default = ["walking"]

  [plugins."io.containerd.service.v1.tasks-service"]
    blockio_config_file = ""
    rdt_config_file = ""

  [plugins."io.containerd.snapshotter.v1.aufs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.blockfile"]
    fs_type = ""
    mount_options = []
    root_path = ""
    scratch_file = ""

  [plugins."io.containerd.snapshotter.v1.btrfs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.devmapper"]
    async_remove = false
    base_image_size = ""
    discard_blocks = false
    fs_options = ""
    fs_type = ""
    pool_name = ""
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.native"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.overlayfs"]
    mount_options = []
    root_path = ""
    sync_remove = false
    upperdir_label = false

  [plugins."io.containerd.snapshotter.v1.zfs"]
    root_path = ""

  [plugins."io.containerd.tracing.processor.v1.otlp"]
    endpoint = ""
    insecure = false
    protocol = ""

  [plugins."io.containerd.transfer.v1.local"]
    config_path = ""
    max_concurrent_downloads = 3
    max_concurrent_uploaded_layers = 3

    [[plugins."io.containerd.transfer.v1.local".unpack_config]]
      differ = ""
      platform = "linux/amd64"
      snapshotter = "overlayfs"

[proxy_plugins]

[stream_processors]

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar"

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar+gzip"

[timeouts]
  "io.containerd.timeout.bolt.open" = "0s"
  "io.containerd.timeout.metrics.shimstats" = "2s"
  "io.containerd.timeout.shim.cleanup" = "5s"
  "io.containerd.timeout.shim.load" = "5s"
  "io.containerd.timeout.shim.shutdown" = "3s"
  "io.containerd.timeout.task.state" = "2s"

[ttrpc]
  address = ""
  gid = 0
  uid = 0
[root@worker243 ~]#

https配置案例

[root@worker243 ~]# cat download/config.toml
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2

[cgroup]
  path = ""

[debug]
  address = ""
  format = ""
  gid = 0
  level = ""
  uid = 0

[grpc]
  address = "/run/containerd/containerd.sock"
  gid = 0
  max_recv_message_size = 16777216
  max_send_message_size = 16777216
  tcp_address = ""
  tcp_tls_ca = ""
  tcp_tls_cert = ""
  tcp_tls_key = ""
  uid = 0

[metrics]
  address = ""
  grpc_histogram = false

[plugins]

  [plugins."io.containerd.gc.v1.scheduler"]
    deletion_threshold = 0
    mutation_threshold = 100
    pause_threshold = 0.02
    schedule_delay = "0s"
    startup_delay = "100ms"

  [plugins."io.containerd.grpc.v1.cri"]
    cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
    device_ownership_from_security_context = false
    disable_apparmor = false
    disable_cgroup = false
    disable_hugetlb_controller = true
    disable_proc_mount = false
    disable_tcp_service = true
    drain_exec_sync_io_timeout = "0s"
    enable_cdi = false
    enable_selinux = false
    enable_tls_streaming = false
    enable_unprivileged_icmp = false
    enable_unprivileged_ports = false
    ignore_image_defined_volumes = false
    image_pull_progress_timeout = "5m0s"
    max_concurrent_downloads = 3
    max_container_log_line_size = 16384
    netns_mounts_under_state_dir = false
    restrict_oom_score_adj = false
    sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8"
    selinux_category_range = 1024
    stats_collect_period = 10
    stream_idle_timeout = "4h0m0s"
    stream_server_address = "127.0.0.1"
    stream_server_port = "0"
    systemd_cgroup = false
    tolerate_missing_hugetlb_controller = true
    unset_seccomp_profile = ""

    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      conf_template = ""
      ip_pref = ""
      max_conf_num = 1
      setup_serially = false

    [plugins."io.containerd.grpc.v1.cri".containerd]
      default_runtime_name = "runc"
      disable_snapshot_annotations = true
      discard_unpacked_layers = false
      ignore_blockio_not_enabled_errors = false
      ignore_rdt_not_enabled_errors = false
      no_pivot = false
      snapshotter = "overlayfs"

      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
        base_runtime_spec = ""
        cni_conf_dir = ""
        cni_max_conf_num = 0
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        privileged_without_host_devices_all_devices_allowed = false
        runtime_engine = ""
        runtime_path = ""
        runtime_root = ""
        runtime_type = ""
        sandbox_mode = ""
        snapshotter = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]

      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
          base_runtime_spec = ""
          cni_conf_dir = ""
          cni_max_conf_num = 0
          container_annotations = []
          pod_annotations = []
          privileged_without_host_devices = false
          privileged_without_host_devices_all_devices_allowed = false
          runtime_engine = ""
          runtime_path = ""
          runtime_root = ""
          runtime_type = "io.containerd.runc.v2"
          sandbox_mode = "podsandbox"
          snapshotter = ""

          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            BinaryName = ""
            CriuImagePath = ""
            CriuPath = ""
            CriuWorkPath = ""
            IoGid = 0
            IoUid = 0
            NoNewKeyring = false
            NoPivotRoot = false
            Root = ""
            ShimCgroup = ""
            SystemdCgroup = true

      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
        base_runtime_spec = ""
        cni_conf_dir = ""
        cni_max_conf_num = 0
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        privileged_without_host_devices_all_devices_allowed = false
        runtime_engine = ""
        runtime_path = ""
        runtime_root = ""
        runtime_type = ""
        sandbox_mode = ""
        snapshotter = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]

    [plugins."io.containerd.grpc.v1.cri".image_decryption]
      key_model = "node"

    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.yinzhengjie.com:443".tls]
          insecure_skip_verify = true

        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.yinzhengjie.com:443".auth]
          username = "admin"
          password = "1"

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.yinzhengjie.com:443"]
        endpoint = [
          "https://harbor.yinzhengjie.com:443"
        ]

    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
      tls_cert_file = ""
      tls_key_file = ""

  [plugins."io.containerd.internal.v1.opt"]
    path = "/opt/containerd"

  [plugins."io.containerd.internal.v1.restart"]
    interval = "10s"

  [plugins."io.containerd.internal.v1.tracing"]
    sampling_ratio = 1.0
    service_name = "containerd"

  [plugins."io.containerd.metadata.v1.bolt"]
    content_sharing_policy = "shared"

  [plugins."io.containerd.monitor.v1.cgroups"]
    no_prometheus = false

  [plugins."io.containerd.nri.v1.nri"]
    disable = true
    disable_connections = false
    plugin_config_path = "/etc/nri/conf.d"
    plugin_path = "/opt/nri/plugins"
    plugin_registration_timeout = "5s"
    plugin_request_timeout = "2s"
    socket_path = "/var/run/nri/nri.sock"

  [plugins."io.containerd.runtime.v1.linux"]
    no_shim = false
    runtime = "runc"
    runtime_root = ""
    shim = "containerd-shim"
    shim_debug = false

  [plugins."io.containerd.runtime.v2.task"]
    platforms = ["linux/amd64"]
    sched_core = false

  [plugins."io.containerd.service.v1.diff-service"]
    default = ["walking"]

  [plugins."io.containerd.service.v1.tasks-service"]
    blockio_config_file = ""
    rdt_config_file = ""

  [plugins."io.containerd.snapshotter.v1.aufs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.blockfile"]
    fs_type = ""
    mount_options = []
    root_path = ""
    scratch_file = ""

  [plugins."io.containerd.snapshotter.v1.btrfs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.devmapper"]
    async_remove = false
    base_image_size = ""
    discard_blocks = false
    fs_options = ""
    fs_type = ""
    pool_name = ""
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.native"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.overlayfs"]
    mount_options = []
    root_path = ""
    sync_remove = false
    upperdir_label = false

  [plugins."io.containerd.snapshotter.v1.zfs"]
    root_path = ""

  [plugins."io.containerd.tracing.processor.v1.otlp"]
    endpoint = ""
    insecure = false
    protocol = ""

  [plugins."io.containerd.transfer.v1.local"]
    config_path = ""
    max_concurrent_downloads = 3
    max_concurrent_uploaded_layers = 3

    [[plugins."io.containerd.transfer.v1.local".unpack_config]]
      differ = ""
      platform = "linux/amd64"
      snapshotter = "overlayfs"

[proxy_plugins]

[stream_processors]

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar"

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar+gzip"

[timeouts]
  "io.containerd.timeout.bolt.open" = "0s"
  "io.containerd.timeout.metrics.shimstats" = "2s"
  "io.containerd.timeout.shim.cleanup" = "5s"
  "io.containerd.timeout.shim.load" = "5s"
  "io.containerd.timeout.shim.shutdown" = "3s"
  "io.containerd.timeout.task.state" = "2s"

[ttrpc]
  address = ""
  gid = 0
  uid = 0
[root@worker243 ~]#

2.下载镜像

[root@elk92 ~]# ctr -n yinzhengjie images pull --platform linux/amd64 docker.io/library/nginx:1.25.4-alpine
docker.io/library/nginx:1.25.4-alpine:                                            resolved       |++++++++++++++++++++++++++++++++++++++| 
index-sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9:    done           |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:a85ccd8c07bd7090e8a37ab878413b035a370e872367b145a0c0aaaaf60ccbdf:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:c3ea3344e711fd7111dee02f17deebceb725ed1d0ee998f7fb472114dc1399ce:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:a101c9a82b88a3fa561030af162d98a130ca3bc0501b2e70594410dd426f2c9b:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:d6a456492aaa4c003389fec3da0939f31c505232fcf1925db314815a196c444f:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:c7059f3102784cd05dc96fff74a52bce9fa50fea724ece08748507fa3455999b:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:e1c681003a03fff277ecf90fccf526881bcc2e006c9e371b58f45680d54c1954:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:018b9065ed0dfedff48bbd11f6014960bb496e71c395f772bfad123ab33a1800:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 56.4s                                                                    total:  17.1 M (310.2 KiB/s)                                     
unpacking linux/amd64 sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9...
done: 3.508862s    
[root@elk92 ~]#

3.重新生成新的tag

[root@elk92 ~]# ctr -n yinzhengjie images tag  docker.io/library/nginx:1.25.4-alpine harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
[root@elk92 ~]# 
[root@elk92 ~]# ctr -n yinzhengjie images ls
REF                                                TYPE                                                 DIGEST                                                                  SIZE      PLATFORMS                                                                                                LABELS 
docker.io/jasonyin2020/oldboyedu-games:v0.5        application/vnd.docker.distribution.manifest.v2+json sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a 226.6 MiB linux/amd64                                                                                              -      
docker.io/library/nginx:1.25.4-alpine              application/vnd.oci.image.index.v1+json              sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9 17.1 MiB  linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -      
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine application/vnd.oci.image.index.v1+json              sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9 17.1 MiB  linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -      
[root@elk92 ~]#

4.推送容器镜像至Harbor

[root@elk92 ~]# ctr -n yinzhengjie images push --platform linux/amd64 --plain-http -u admin:1 harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7:   done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 2.1 s                                                                    total:  13.9 K (6.6 KiB/s)                                       
[root@elk92 ~]# 


温馨提示:
    1.如果咱们的harbor仓库是基于https配置的,只需要多加一个跳过认证的参数"--skip-verify"即可。
    2.如果说你的harbor是基于http配置的,则需要使用"--plain-http"选项声明你是http协议;

推送https的镜像案例,harbor的效果如下图所示:
[root@worker243 ~]# ctr -n yinzhengjie images push --platform linux/amd64 -u admin:1 --skip-verify harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7:   done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 0.8 s                                                                    total:  13.9 K (17.3 KiB/s)                                      
[root@worker243 ~]#

5.查看harbor的WebUI

http://harbor.yinzhengjie.com/harbor/projects/1/repositories/nginx/artifacts-tab

6.拉取私有仓库镜像

[root@elk91 ~]# ctr -n yinzhnegjie images pull --plain-http harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine: resolving      |--------------------------------------| 
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine:                               resolved       |++++++++++++++++++++++++++++++++++++++| 
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:018b9065ed0dfedff48bbd11f6014960bb496e71c395f772bfad123ab33a1800:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:a85ccd8c07bd7090e8a37ab878413b035a370e872367b145a0c0aaaaf60ccbdf:    done           |++++++++++++++++++++++++++++++++++++++| 
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7:   done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:c3ea3344e711fd7111dee02f17deebceb725ed1d0ee998f7fb472114dc1399ce:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:c7059f3102784cd05dc96fff74a52bce9fa50fea724ece08748507fa3455999b:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:a101c9a82b88a3fa561030af162d98a130ca3bc0501b2e70594410dd426f2c9b:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:d6a456492aaa4c003389fec3da0939f31c505232fcf1925db314815a196c444f:    done           |++++++++++++++++++++++++++++++++++++++| 
layer-sha256:e1c681003a03fff277ecf90fccf526881bcc2e006c9e371b58f45680d54c1954:    done           |++++++++++++++++++++++++++++++++++++++| 
elapsed: 0.3 s                                                                    total:  13.9 M (46.2 MiB/s)                                      
unpacking linux/amd64 sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b...
done: 3.533122482s    
[root@elk91 ~]# 
[root@elk91 ~]# ctr -n yinzhnegjie images ls
REF                                                TYPE                                       DIGEST                                                                  SIZE     PLATFORMS   LABELS 
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine application/vnd.oci.image.manifest.v1+json sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b 17.1 MiB linux/amd64 -      
[root@elk91 ~]#

六.Docker集成Containerd实现容器管理

1.为什么要使用Docker集成Containerd实现容器管理

目前Containerd主要任务还在于解决容器运行时的问题,对于其周边生态还不完善。

所以可以借助Docker结合Containerd来实现Docker完整的功能应用。

2.修改docker启动脚本

[root@docker202 ~]# systemctl cat docker
# /lib/systemd/system/docker.service
[Unit]
Description=Jason Yin's Docke Engine
Documentation=https://www.cnblogs.com/yinzhengjie
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/bin/dockerd --containerd  /run/containerd/containerd.sock --debug
[Install]
WantedBy=multi-user.target
[root@docker202 ~]# 
[root@docker202 ~]# ll /run/containerd/containerd.sock
srw-rw---- 1 root root 0 Mar  4 22:53 /run/containerd/containerd.sock=
[root@docker202 ~]# 
[root@docker202 ~]# systemctl daemon-reload
[root@docker202 ~]# 
[root@docker202 ~]# systemctl restart docker
[root@docker202 ~]# 
[root@docker202 ~]# ps aux | grep docker | grep -v grep
root       24480  0.1  1.3 1279136 52696 ?       Ssl  01:06   0:00 /usr/bin/dockerd --containerd /run/containerd/containerd.sock --debug
[root@docker202 ~]#

3.基于docker启动容器

[root@docker202 ~]# ctr namespace ls
NAME        LABELS 
default            
yinzhengjie        
[root@docker202 ~]# 
[root@docker202 ~]# docker run --restart unless-stopped -dp 88:80 --name yinzhengjie-games jasonyin2020/oldboyedu-games:v0.5
9eb21c1fd72ce888de95b95de7fd8da0a4c8b1ba8aaa2c759ba487ba279946d3
[root@docker202 ~]# 
[root@docker202 ~]# ctr namespace ls
NAME        LABELS 
default            
moby               
yinzhengjie        
[root@docker202 ~]#

4.查看容器的运行信息及查看container对应的关系

[root@docker202 ~]# docker ps -l --no-trunc
CONTAINER ID                                                       IMAGE                               COMMAND                                          CREATED          STATUS          PORTS                               NAMES
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b   jasonyin2020/oldboyedu-games:v0.5   "/docker-entrypoint.sh nginx -g 'daemon off;'"   30 seconds ago   Up 29 seconds   0.0.0.0:88->80/tcp, :::88->80/tcp   yinzhengjie-games
[root@docker202 ~]# 
[root@docker202 ~]# ctr -n moby container ls
CONTAINER                                                           IMAGE    RUNTIME                  
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b    -        io.containerd.runc.v2    
[root@docker202 ~]#

5.docker删除容器查看containerd的对应关系

[root@docker202 ~]# ctr -n moby tasks ls
TASK                                                                PID      STATUS    
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b    25139    RUNNING
[root@docker202 ~]# 
[root@docker202 ~]# 
[root@docker202 ~]# docker rm -f ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b
[root@docker202 ~]# 
[root@docker202 ~]# ctr -n moby tasks ls
TASK    PID    STATUS    
[root@docker202 ~]#

6.docker实现数据持久化

[root@docker202 ~]# docker volume ls
DRIVER    VOLUME NAME
[root@docker202 ~]# 
[root@docker202 ~]# docker run --restart unless-stopped -dp 88:80 --name yinzhengjie-games -v oldboyedu:/data jasonyin2020/oldboyedu-games:v0.5
7d42ff46f78eeed91cc0480b9333cbd5863301543bbdf97e329dfa853f84c6cf
[root@docker202 ~]# 
[root@docker202 ~]# docker volume ls
DRIVER    VOLUME NAME
local     oldboyedu
[root@docker202 ~]# 
[root@docker202 ~]# docker volume inspect oldboyedu 
[
    {
        "CreatedAt": "2024-03-07T01:14:18+08:00",
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/oldboyedu/_data",
        "Name": "oldboyedu",
        "Options": null,
        "Scope": "local"
    }
]
[root@docker202 ~]#

七.扩展作业

    1.在不集成docker环境的前提下,独立完成containerd的网络插件部署,让其创建的容器能够有自己的网卡。
    2.完善containerd的二进制一件部署脚本;

    参考连接:
        https://www.cnblogs.com/yinzhengjie/p/18030527
目录
相关文章
|
6月前
|
Kubernetes 搜索推荐 Docker
K8S容器运行时弃用Docker转型Containerd
K8S容器运行时弃用Docker转型Containerd
1030 0
|
1月前
|
存储 监控 Shell
docker的底层原理二:容器运行时环境
本文深入探讨了Docker容器运行时环境的关键技术,包括命名空间、控制组、联合文件系统、容器运行时以及分离的进程树,这些技术共同确保了容器的隔离性、资源控制和可移植性。
38 5
|
1月前
|
Kubernetes Docker 容器
容器运行时Containerd k8s
容器运行时Containerd k8s
35 2
|
2月前
|
Kubernetes API Docker
跟着iLogtail学习容器运行时与K8s下日志采集方案
iLogtail 作为开源可观测数据采集器,对 Kubernetes 环境下日志采集有着非常好的支持,本文跟随 iLogtail 的脚步,了解容器运行时与 K8s 下日志数据采集原理。
|
3月前
|
存储 Kubernetes Cloud Native
容器管理工具Containerd
容器管理工具Containerd
|
3月前
|
Kubernetes Cloud Native 开发者
OpenKruise:Kubernetes的超级插件,一键解锁容器运行时操作的超能力!
【8月更文挑战第8天】在云原生领域,Kubernetes虽已成为容器编排的标准,但仍有限制,比如批量操作不便和高级调度功能缺失。OpenKruise是一款增强工具,提供CloneSet、Advanced StatefulSet等功能,既保持Kubernetes API特性又增加了扩展性,使Pod管理更灵活。可通过Helm安装OpenKruise,并使用CloneSet轻松实现批量部署。这类增强工具让开发者能更高效地突破原生Kubernetes的限制,预计未来将更加受到欢迎。
62 8
|
3月前
|
Kubernetes 搜索推荐 Docker
Kubernetes容器运行时:Containerd vs Docke
Kubernetes容器运行时:Containerd vs Docke
78 4
|
3月前
|
Kubernetes Unix Linux
k8s将节点容器运行时从Docker迁移到Containerd
k8s将节点容器运行时从Docker迁移到Containerd
|
6天前
|
Kubernetes 监控 开发者
掌握容器化:Docker与Kubernetes的最佳实践
【10月更文挑战第26天】本文深入探讨了Docker和Kubernetes的最佳实践,涵盖Dockerfile优化、数据卷管理、网络配置、Pod设计、服务发现与负载均衡、声明式更新等内容。同时介绍了容器化现有应用、自动化部署、监控与日志等开发技巧,以及Docker Compose和Helm等实用工具。旨在帮助开发者提高开发效率和系统稳定性,构建现代、高效、可扩展的应用。
|
2天前
|
关系型数据库 MySQL API