一.镜像管理
1.下载指定镜像
[root@docker202 ~]# ctr images pull docker.io/library/nginx:1.21.6-alpine
docker.io/library/nginx:1.21.6-alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:529db430e042ecef071f2e88267cee6da18f8ab44d66a0c44348886fdc2e60fc: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9da77f8e409edbb2c42db3d6a70f31754ac6e35c9ae981555b9f42ea42008a80: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:b1c3acb28882519cf6d3a4d7fe2b21d0ae20bde9cfd2c08a7de057f8cfccff15: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:df9b9388f04ad6279a7410b85cedfdcb2208c0a003da7ab5613af71079148139: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a285f0f83eed13cf71ccb560c31dd31b5eb7be0cadb4f43319d6de59aa4e3c70: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e00351ea626cd356c69e58d33181233b47a904d3b6ee508948d6cc221d7b9cfa: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:06f5cb628050fa03f0928769c767bba57656e84312961cc39fbff63ae48c2f3e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:32261d4e220f3a41084ad35886169f9d753ffca4f8824ad934a43b1cddbad86c: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 42.3s total: 8.7 Mi (210.6 KiB/s)
unpacking linux/amd64 sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989...
done: 451.108658ms
[root@docker202 ~]#
温馨提示:
下载镜像必须指定镜像的仓库地址,不能向我们之前docker那样使用,可以省略镜像服务器地址。
因为docker服务我们不写镜像服务器地址默认就是docker HUB的官方仓库。而ctr工具一视同仁,并没有对docker的hub官方镜像地址做特殊处理。
2.查看镜像列表
[root@docker202 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@docker202 ~]#
3.挂载镜像以查看镜像内容
[root@docker202 ~]# ll /mnt/
total 8
drwxr-xr-x 2 root root 4096 Aug 10 2023 ./
drwxr-xr-x 19 root root 4096 Jan 23 22:56 ../
[root@docker202 ~]#
[root@docker202 ~]# ctr images mount docker.io/library/nginx:1.21.6-alpine /mnt
sha256:1e82c6d6bb97ec37fdaf16a3578db9f79efc2a7fa987875e259148857265b410
/mnt
[root@docker202 ~]#
[root@docker202 ~]# ll /mnt/
total 84
drwxr-xr-x 1 root root 4096 Mar 6 22:57 ./
drwxr-xr-x 19 root root 4096 Jan 23 22:56 ../
drwxr-xr-x 2 root root 4096 Apr 5 2022 bin/
drwxr-xr-x 2 root root 4096 Apr 5 2022 dev/
drwxr-xr-x 1 root root 4096 May 18 2022 docker-entrypoint.d/
-rwxrwxr-x 1 root root 1202 May 18 2022 docker-entrypoint.sh*
drwxr-xr-x 1 root root 4096 May 18 2022 etc/
drwxr-xr-x 2 root root 4096 Apr 5 2022 home/
drwxr-xr-x 1 root root 4096 Apr 5 2022 lib/
drwxr-xr-x 5 root root 4096 Apr 5 2022 media/
drwxr-xr-x 2 root root 4096 Apr 5 2022 mnt/
drwxr-xr-x 2 root root 4096 Apr 5 2022 opt/
dr-xr-xr-x 2 root root 4096 Apr 5 2022 proc/
drwx------ 2 root root 4096 Apr 5 2022 root/
drwxr-xr-x 2 root root 4096 Apr 5 2022 run/
drwxr-xr-x 2 root root 4096 Apr 5 2022 sbin/
drwxr-xr-x 2 root root 4096 Apr 5 2022 srv/
drwxr-xr-x 2 root root 4096 Apr 5 2022 sys/
drwxrwxrwt 1 root root 4096 May 18 2022 tmp/
drwxr-xr-x 1 root root 4096 Apr 5 2022 usr/
drwxr-xr-x 1 root root 4096 Apr 5 2022 var/
[root@docker202 ~]#
[root@docker202 ~]# umount /mnt/
[root@docker202 ~]#
[root@docker202 ~]# ll /mnt/
total 8
drwxr-xr-x 2 root root 4096 Aug 10 2023 ./
drwxr-xr-x 19 root root 4096 Jan 23 22:56 ../
[root@docker202 ~]#
4.镜像导出
[root@docker202 ~]# ctr images export --platform linux/amd64 yinzhengjie-nginx-1.26.1.tar.gz docker.io/library/nginx:1.21.6-alpine
[root@docker202 ~]#
[root@docker202 ~]# ll -h yinzhengjie-nginx-1.26.1.tar.gz
-rw-r--r-- 1 root root 9.8M Mar 6 23:17 yinzhengjie-nginx-1.26.1.tar.gz
[root@docker202 ~]#
温馨提示:
此处我导出镜像指定平台为"linux/amd64",将来导入镜像也必须指定为该平台哟。
5.删除镜像
[root@docker202 ~]# ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@docker202 ~]#
[root@docker202 ~]# ctr image rm docker.io/library/nginx:1.21.6-alpine
docker.io/library/nginx:1.21.6-alpine
[root@docker202 ~]#
[root@docker202 ~]# ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@docker202 ~]#
6.导入镜像
[root@docker202 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@docker202 ~]#
[root@docker202 ~]# ctr images import --platform linux/amd64 yinzhengjie-nginx-1.26.1.tar.gz
unpacking docker.io/library/nginx:1.21.6-alpine (sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989)...done
[root@docker202 ~]#
[root@docker202 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@docker202 ~]#
7.给镜像打tag
[root@docker202 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@docker202 ~]#
[root@docker202 ~]# ctr images tag docker.io/library/nginx:1.21.6-alpine nginx:1.21.6-alpine
nginx:1.21.6-alpine
[root@docker202 ~]#
[root@docker202 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
[root@docker202 ~]#
8.检查现有镜像以确保所有内容在本地可用
[root@docker202 ~]# ctr images check
REF TYPE DIGEST STATUS SIZE UNPACKED
docker.io/library/nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 complete (7/7) 9.7 MiB/9.7 MiB true
nginx:1.21.6-alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 complete (7/7) 9.7 MiB/9.7 MiB true
[root@docker202 ~]#
二.容器管理
1.创建容器并指定容器名称
[root@docker202 ~]# ctr containers create docker.io/library/nginx:1.21.6-alpine c1
2.查看现有容器列表
[root@docker202 ~]# ctr containers ls
CONTAINER IMAGE RUNTIME
c1 docker.io/library/nginx:1.21.6-alpine io.containerd.runc.v2
[root@docker202 ~]#
3.查看容器的详细信息
[root@docker202 ~]# ctr container info c1
{
"ID": "c1",
"Labels": {
"io.containerd.image.config.stop-signal": "SIGQUIT",
"maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e"
},
"Image": "docker.io/library/nginx:1.21.6-alpine",
"Runtime": {
"Name": "io.containerd.runc.v2",
"Options": {
"type_url": "containerd.runc.v1.Options"
}
},
"SnapshotKey": "c1",
"Snapshotter": "overlayfs",
"CreatedAt": "2024-03-06T15:27:04.695175506Z",
"UpdatedAt": "2024-03-06T15:27:04.695175506Z",
"Extensions": {},
"SandboxID": "",
...
}
}
[root@docker202 ~]#
4.启动容器
[root@docker202 ~]# ctr containers ls # 注意观察,c1容器的运行时为"io.containerd.runc.v2"
CONTAINER IMAGE RUNTIME
c1 docker.io/library/nginx:1.21.6-alpine io.containerd.runc.v2
[root@docker202 ~]#
[root@docker202 ~]#
[root@docker202 ~]# ll /usr/bin/containerd-shim-runc-v2
-rwxr-xr-x 1 root root 12189696 Mar 6 23:32 /usr/bin/containerd-shim-runc-v2*
[root@docker202 ~]#
[root@docker202 ~]# ctr task start -d c1 # 请确保"/usr/bin/containerd-shim-runc-v2"文件存在,否则无法启动容器
温馨提示:
"-d"表示后台运行容器容器。
5.查看容器运行的PID
[root@docker202 ~]# ctr task ls
TASK PID STATUS
c1 21975 RUNNING
[root@docker202 ~]#
6.查看容器对应宿主机的PID
[root@docker202 ~]# ctr task ps c1
PID INFO
21975 -
22014 -
22015 -
[root@docker202 ~]#
[root@docker202 ~]# ps -ef | egrep "21975|22014|22015" | grep -v grep
root 21975 21953 0 23:32 ? 00:00:00 nginx: master process nginx -g daemon off;
systemd+ 22014 21975 0 23:32 ? 00:00:00 nginx: worker process
systemd+ 22015 21975 0 23:32 ? 00:00:00 nginx: worker process
[root@docker202 ~]#
7.在容器中执行命令
[root@docker202 ~]# ctr task exec --exec-id 1 c1 ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[root@docker202 ~]#
[root@docker202 ~]# ctr task exec --exec-id 2 c1 ls -l
total 68
drwxr-xr-x 2 root root 4096 Apr 4 2022 bin
drwxr-xr-x 5 root root 340 Mar 6 15:32 dev
drwxr-xr-x 1 root root 4096 May 17 2022 docker-entrypoint.d
-rwxrwxr-x 1 root root 1202 May 17 2022 docker-entrypoint.sh
drwxr-xr-x 1 root root 4096 May 17 2022 etc
drwxr-xr-x 2 root root 4096 Apr 4 2022 home
drwxr-xr-x 1 root root 4096 Apr 4 2022 lib
drwxr-xr-x 5 root root 4096 Apr 4 2022 media
drwxr-xr-x 2 root root 4096 Apr 4 2022 mnt
drwxr-xr-x 2 root root 4096 Apr 4 2022 opt
dr-xr-xr-x 284 root root 0 Mar 6 15:32 proc
drwx------ 2 root root 4096 Apr 4 2022 root
drwxr-xr-x 2 root root 60 Mar 6 15:32 run
drwxr-xr-x 2 root root 4096 Apr 4 2022 sbin
drwxr-xr-x 2 root root 4096 Apr 4 2022 srv
dr-xr-xr-x 13 root root 0 Mar 6 15:32 sys
drwxrwxrwt 1 root root 4096 May 17 2022 tmp
drwxr-xr-x 1 root root 4096 Apr 4 2022 usr
drwxr-xr-x 1 root root 4096 Apr 4 2022 var
[root@docker202 ~]#
[root@docker202 ~]# ctr task exec --exec-id 3 --tty c1 sh
/ # ls /
bin etc mnt run tmp
dev home opt sbin usr
docker-entrypoint.d lib proc srv var
docker-entrypoint.sh media root sys
/ #
温馨提示:
和docker相似,但是我们想要在容器中执行命令,需要使用"--exec-id"选项手动指定一个ID,此ID可以理解为其在容器运行中的进程ID。
一定要注意的是,我们使用"--exec-id"定义的ID不能同时运行多个进程,只能同时运行一个进程哟。这一点你可以用一个"sleep"命令来验证。
8.启动新容器
[root@docker202 ~]# ctr task ls
TASK PID STATUS
c1 21975 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr run -d --net-host docker.io/library/nginx:1.21.6-alpine c2
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
[root@docker202 ~]#
[root@docker202 ~]# ctr task ls
TASK PID STATUS
c1 21975 RUNNING
c2 22694 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr task exec --exec-id 1 c2 ifconfig
ens33 Link encap:Ethernet HWaddr 00:0C:29:6E:C3:7E
inet addr:10.0.0.202 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe6e:c37e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:848981 errors:0 dropped:0 overruns:0 frame:0
TX packets:575792 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:603324493 (575.3 MiB) TX bytes:63965896 (61.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1936 errors:0 dropped:0 overruns:0 frame:0
TX packets:1936 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:213137 (208.1 KiB) TX bytes:213137 (208.1 KiB)
[root@docker202 ~]#
9.暂停容器
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c1 21975 RUNNING
c2 22694 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks pause c1
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c1 21975 PAUSED
c2 22694 RUNNING
[root@docker202 ~]#
10.恢复容器
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c1 21975 PAUSED
c2 22694 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks resume c1
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c1 21975 RUNNING
c2 22694 RUNNING
[root@docker202 ~]#
11.停止容器
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c2 22694 RUNNING
c1 21975 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks kill c1
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c1 21975 STOPPED
c2 22694 RUNNING
[root@docker202 ~]#
12.删除容器
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c2 22694 RUNNING
c1 21975 STOPPED
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks rm c1
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c2 22694 RUNNING
[root@docker202 ~]#
三. Containerd NameSpace管理
1.namespace概述
containerd中namespace的作用是为了隔离运行的容器,可以实现在不同的名称空间运行多个同名的容器。
2.查看现有的namespace
[root@docker202 ~]# ctr namespace ls
NAME LABELS
default
[root@docker202 ~]#
3.创建namespace
[root@docker202 ~]# ctr namespace ls
NAME LABELS
default
[root@docker202 ~]# ctr namespace create yinzhengjie
[root@docker202 ~]#
[root@docker202 ~]# ctr namespace ls
NAME LABELS
default
yinzhengjie
[root@docker202 ~]#
4.删除namespace
[root@docker202 ~]# ctr namespace ls
NAME LABELS
default
yinzhengjie
[root@docker202 ~]#
[root@docker202 ~]# ctr namespace rm yinzhengjie
yinzhengjie
[root@docker202 ~]#
[root@docker202 ~]# ctr namespace ls
NAME LABELS
default
[root@docker202 ~]#
5.在指定namespace中下载容器镜像,如果namespace不存在则会直接创建
[root@docker202 ~]# ctr -n yinzhengjie image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@docker202 ~]#
[root@docker202 ~]# ctr -n yinzhengjie images pull docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1
docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:eac6c50d80c7452db54871790fb26a6ca4d63dd3d4c98499293b3bab90832259: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:d2167fa4e83529449c552337c6310c1ab15542a31d5cbe3c2e88c49365bc0d6a: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:da6fdb7c9168278f1f455522fcd2f88b5ed2d240a89feca10e7eda3f8ffacd5e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cdc010c9a8492436224fd138b6758bdbb4930f7fed029d4a992f61a84c058c38: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:bac97e2f09ed597756380324f551dc1d63d44bc3ce2fd8bebd98af413896f006: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 17.4s total: 2.2 Mi (131.5 KiB/s)
unpacking linux/amd64 sha256:eac6c50d80c7452db54871790fb26a6ca4d63dd3d4c98499293b3bab90832259...
done: 129.683493ms
[root@docker202 ~]#
[root@docker202 ~]# ctr -n yinzhengjie image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1 application/vnd.docker.distribution.manifest.v2+json sha256:eac6c50d80c7452db54871790fb26a6ca4d63dd3d4c98499293b3bab90832259 2.7 MiB linux/amd64 -
[root@docker202 ~]#
6.在指定namespace中运行容器
[root@docker202 ~]# ctr containers ls
CONTAINER IMAGE RUNTIME
c1 docker.io/library/nginx:1.21.6-alpine io.containerd.runc.v2
c2 docker.io/library/nginx:1.21.6-alpine io.containerd.runc.v2
[root@docker202 ~]#
[root@docker202 ~]# ctr -n yinzhengjie run -d --net-host docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1 c1
[root@docker202 ~]#
[root@docker202 ~]# ctr -n yinzhengjie containers ls
CONTAINER IMAGE RUNTIME
c1 docker.io/jasonyin2020/oldboyedu-linux-tools:v0.1 io.containerd.runc.v2
[root@docker202 ~]#
7.与其它Containerd容器共享命名空间
7.1 终端1执行
[root@docker202 ~]# ctr -n yinzhengjie task ls
TASK PID STATUS
c1 23103 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr -n yinzhengjie tasks exec --exec-id $RANDOM -t c1 sh
/usr/local/stress # ps -ef
PID USER TIME COMMAND
1 root 0:00 /bin/sh
53 root 0:00 sh
59 root 0:00 ps -ef
/usr/local/stress #
/usr/local/stress # exit
[root@docker202 ~]#
[root@docker202 ~]# ctr container create --with-ns "pid:/proc/23103/ns/pid" docker.io/library/nginx:1.21.6-alpine c4
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c2 22694 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks start -d c4
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks ls
TASK PID STATUS
c2 22694 RUNNING
c4 23723 RUNNING
[root@docker202 ~]#
[root@docker202 ~]# ctr tasks exec --exec-id $RANDOM c4 sleep 300
7.2 终端2执行
[root@docker202 ~]# ctr tasks exec --exec-id $RANDOM -t c4 sh
/ # ps -ef
PID USER TIME COMMAND
1 root 0:00 /bin/sh
94 root 0:00 nginx: master process nginx -g daemon off;
125 nginx 0:00 nginx: worker process
126 nginx 0:00 nginx: worker process
127 root 0:00 sleep 300
134 root 0:00 sh
141 root 0:00 ps -ef
/ #
四.容器数据持久化
1.下载镜像
[root@elk92 ~]# ctr -n yinzhengjie images pull docker.io/jasonyin2020/oldboyedu-games:v0.5
docker.io/jasonyin2020/oldboyedu-games:v0.5: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f88a297910ba36d446d32295af8de26195418c6aa905a5048a2406bd001015c7: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ff9c6add3f30f658b4f44732bef1dd44b6d3276853bba31b0babc247f3eba0dc: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:dcc43d9a97b44cf3b3619f2c185f249891b108ab99abcc58b19a82879b00b24b: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:189859b883c4866961fd23ea2e51e72c1a20841c447f59fa910e469fb89d5335: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:5dcfac0f2f9ca3131599455f5e79298202c7e1b5e0eb732498b34e9fe4cb1173: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:5758d4e389a3f662e94a85fb76143dbe338b64f8d2a65f45536a9663b05305ad: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2c6e86e57dfd729d8240ceab7c18bd1e5dd006b079837116bc1c3e1de5e1971a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:51d66f6290217acbf83f15bc23a88338819673445804b1461b2c41d4d0c22f94: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:939ecaac3e9c05b4e248e75d1b141c8a344bd45987eaba06387b7cd83cd105b7: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 484.3s total: 226.6 (479.1 KiB/s)
unpacking linux/amd64 sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a...
done: 22.056641291s
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/jasonyin2020/oldboyedu-games:v0.5 application/vnd.docker.distribution.manifest.v2+json sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a 226.6 MiB linux/amd64 -
[root@elk92 ~]#
2.创建容器
[root@elk92 ~]# ctr -n yinzhengjie container create --mount type=bind,src=/yinzhengjie/games,dst=/usr/local/nginx/html,options=rbind:rw docker.io/jasonyin2020/oldboyedu-games:v0.5 games
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie container ls
CONTAINER IMAGE RUNTIME
games docker.io/jasonyin2020/oldboyedu-games:v0.5 io.containerd.runc.v2
[root@elk92 ~]#
3.启动容器
[root@elk92 ~]# mkdir -pv /yinzhengjie/games
mkdir: created directory ‘/yinzhengjie’
mkdir: created directory ‘/yinzhengjie/games’
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie tasks start -d games
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie tasks ls
TASK PID STATUS
games 4674 RUNNING
[root@elk92 ~]#
4.进入容器,查看是否挂载成功,并写入测试数据
[root@elk92 ~]# cp /etc/os-release /yinzhengjie/games/
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie tasks exec --exec-id $RANDOM -t games sh
/ #
/ #
/ # ls -l /usr/local/nginx/html/
total 4
-rw-r--r-- 1 root root 393 Mar 7 03:06 os-release
/ #
/ # echo "https://www.cnblogs.com/yinzhengjie" > /usr/local/nginx/html/blog.txt
/ #
/ #
/ # ls -l /usr/local/nginx/html/
total 8
-rw-r--r-- 1 root root 36 Mar 7 03:07 blog.txt
-rw-r--r-- 1 root root 393 Mar 7 03:06 os-release
/ #
/ # exit
[root@elk92 ~]#
5.查看宿主机的目录,观察数据是否持久化
[root@elk92 ~]# ll -h /yinzhengjie/games/
total 8.0K
-rw-r--r--. 1 root root 36 Mar 6 19:07 blog.txt
-rw-r--r--. 1 root root 393 Mar 6 19:06 os-release
[root@elk92 ~]#
[root@elk92 ~]# cat /yinzhengjie/games/blog.txt
https://www.cnblogs.com/yinzhengjie
[root@elk92 ~]#
6.删除容器,验证存储卷的数据是否存在
[root@elk92 ~]# ctr -n yinzhengjie container ls
CONTAINER IMAGE RUNTIME
games docker.io/jasonyin2020/oldboyedu-games:v0.5 io.containerd.runc.v2
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie task ls
TASK PID STATUS
games 4674 RUNNING
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie task kill games
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie task ls
TASK PID STATUS
games 4674 STOPPED
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie container rm games
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie container ls
CONTAINER IMAGE RUNTIME
[root@elk92 ~]#
[root@elk92 ~]# ll -h /yinzhengjie/games/
total 8.0K
-rw-r--r--. 1 root root 36 Mar 6 19:07 blog.txt
-rw-r--r--. 1 root root 393 Mar 6 19:06 os-release
[root@elk92 ~]#
五.containerd实现镜像推送到harbor仓库
1.查看containerd的配置
http配置案例
[root@worker243 ~]# cat download/config.toml-http
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2
[cgroup]
path = ""
[debug]
address = ""
format = ""
gid = 0
level = ""
uid = 0
[grpc]
address = "/run/containerd/containerd.sock"
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
tcp_address = ""
tcp_tls_ca = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
[metrics]
address = ""
grpc_histogram = false
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
deletion_threshold = 0
mutation_threshold = 100
pause_threshold = 0.02
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
device_ownership_from_security_context = false
disable_apparmor = false
disable_cgroup = false
disable_hugetlb_controller = true
disable_proc_mount = false
disable_tcp_service = true
drain_exec_sync_io_timeout = "0s"
enable_cdi = false
enable_selinux = false
enable_tls_streaming = false
enable_unprivileged_icmp = false
enable_unprivileged_ports = false
ignore_image_defined_volumes = false
image_pull_progress_timeout = "5m0s"
max_concurrent_downloads = 3
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8"
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
systemd_cgroup = false
tolerate_missing_hugetlb_controller = true
unset_seccomp_profile = ""
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
ip_pref = ""
max_conf_num = 1
setup_serially = false
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
disable_snapshot_annotations = true
discard_unpacked_layers = false
ignore_blockio_not_enabled_errors = false
ignore_rdt_not_enabled_errors = false
no_pivot = false
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
privileged_without_host_devices_all_devices_allowed = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
sandbox_mode = ""
snapshotter = ""
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
privileged_without_host_devices_all_devices_allowed = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
sandbox_mode = "podsandbox"
snapshotter = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
privileged_without_host_devices_all_devices_allowed = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
sandbox_mode = ""
snapshotter = ""
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = "node"
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.yinzhengjie.com"]
endpoint = [
"http://harbor.yinzhengjie.com"
]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.internal.v1.tracing"]
sampling_ratio = 1.0
service_name = "containerd"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.nri.v1.nri"]
disable = true
disable_connections = false
plugin_config_path = "/etc/nri/conf.d"
plugin_path = "/opt/nri/plugins"
plugin_registration_timeout = "5s"
plugin_request_timeout = "2s"
socket_path = "/var/run/nri/nri.sock"
[plugins."io.containerd.runtime.v1.linux"]
no_shim = false
runtime = "runc"
runtime_root = ""
shim = "containerd-shim"
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
sched_core = false
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.service.v1.tasks-service"]
blockio_config_file = ""
rdt_config_file = ""
[plugins."io.containerd.snapshotter.v1.aufs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.blockfile"]
fs_type = ""
mount_options = []
root_path = ""
scratch_file = ""
[plugins."io.containerd.snapshotter.v1.btrfs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.devmapper"]
async_remove = false
base_image_size = ""
discard_blocks = false
fs_options = ""
fs_type = ""
pool_name = ""
root_path = ""
[plugins."io.containerd.snapshotter.v1.native"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.overlayfs"]
mount_options = []
root_path = ""
sync_remove = false
upperdir_label = false
[plugins."io.containerd.snapshotter.v1.zfs"]
root_path = ""
[plugins."io.containerd.tracing.processor.v1.otlp"]
endpoint = ""
insecure = false
protocol = ""
[plugins."io.containerd.transfer.v1.local"]
config_path = ""
max_concurrent_downloads = 3
max_concurrent_uploaded_layers = 3
[[plugins."io.containerd.transfer.v1.local".unpack_config]]
differ = ""
platform = "linux/amd64"
snapshotter = "overlayfs"
[proxy_plugins]
[stream_processors]
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar"
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar+gzip"
[timeouts]
"io.containerd.timeout.bolt.open" = "0s"
"io.containerd.timeout.metrics.shimstats" = "2s"
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[ttrpc]
address = ""
gid = 0
uid = 0
[root@worker243 ~]#
https配置案例
[root@worker243 ~]# cat download/config.toml
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2
[cgroup]
path = ""
[debug]
address = ""
format = ""
gid = 0
level = ""
uid = 0
[grpc]
address = "/run/containerd/containerd.sock"
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
tcp_address = ""
tcp_tls_ca = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
[metrics]
address = ""
grpc_histogram = false
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
deletion_threshold = 0
mutation_threshold = 100
pause_threshold = 0.02
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
device_ownership_from_security_context = false
disable_apparmor = false
disable_cgroup = false
disable_hugetlb_controller = true
disable_proc_mount = false
disable_tcp_service = true
drain_exec_sync_io_timeout = "0s"
enable_cdi = false
enable_selinux = false
enable_tls_streaming = false
enable_unprivileged_icmp = false
enable_unprivileged_ports = false
ignore_image_defined_volumes = false
image_pull_progress_timeout = "5m0s"
max_concurrent_downloads = 3
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8"
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
systemd_cgroup = false
tolerate_missing_hugetlb_controller = true
unset_seccomp_profile = ""
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
ip_pref = ""
max_conf_num = 1
setup_serially = false
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
disable_snapshot_annotations = true
discard_unpacked_layers = false
ignore_blockio_not_enabled_errors = false
ignore_rdt_not_enabled_errors = false
no_pivot = false
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
privileged_without_host_devices_all_devices_allowed = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
sandbox_mode = ""
snapshotter = ""
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
privileged_without_host_devices_all_devices_allowed = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
sandbox_mode = "podsandbox"
snapshotter = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
privileged_without_host_devices_all_devices_allowed = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
sandbox_mode = ""
snapshotter = ""
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = "node"
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.yinzhengjie.com:443".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.yinzhengjie.com:443".auth]
username = "admin"
password = "1"
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.yinzhengjie.com:443"]
endpoint = [
"https://harbor.yinzhengjie.com:443"
]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.internal.v1.tracing"]
sampling_ratio = 1.0
service_name = "containerd"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.nri.v1.nri"]
disable = true
disable_connections = false
plugin_config_path = "/etc/nri/conf.d"
plugin_path = "/opt/nri/plugins"
plugin_registration_timeout = "5s"
plugin_request_timeout = "2s"
socket_path = "/var/run/nri/nri.sock"
[plugins."io.containerd.runtime.v1.linux"]
no_shim = false
runtime = "runc"
runtime_root = ""
shim = "containerd-shim"
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
sched_core = false
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.service.v1.tasks-service"]
blockio_config_file = ""
rdt_config_file = ""
[plugins."io.containerd.snapshotter.v1.aufs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.blockfile"]
fs_type = ""
mount_options = []
root_path = ""
scratch_file = ""
[plugins."io.containerd.snapshotter.v1.btrfs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.devmapper"]
async_remove = false
base_image_size = ""
discard_blocks = false
fs_options = ""
fs_type = ""
pool_name = ""
root_path = ""
[plugins."io.containerd.snapshotter.v1.native"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.overlayfs"]
mount_options = []
root_path = ""
sync_remove = false
upperdir_label = false
[plugins."io.containerd.snapshotter.v1.zfs"]
root_path = ""
[plugins."io.containerd.tracing.processor.v1.otlp"]
endpoint = ""
insecure = false
protocol = ""
[plugins."io.containerd.transfer.v1.local"]
config_path = ""
max_concurrent_downloads = 3
max_concurrent_uploaded_layers = 3
[[plugins."io.containerd.transfer.v1.local".unpack_config]]
differ = ""
platform = "linux/amd64"
snapshotter = "overlayfs"
[proxy_plugins]
[stream_processors]
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar"
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar+gzip"
[timeouts]
"io.containerd.timeout.bolt.open" = "0s"
"io.containerd.timeout.metrics.shimstats" = "2s"
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[ttrpc]
address = ""
gid = 0
uid = 0
[root@worker243 ~]#
2.下载镜像
[root@elk92 ~]# ctr -n yinzhengjie images pull --platform linux/amd64 docker.io/library/nginx:1.25.4-alpine
docker.io/library/nginx:1.25.4-alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a85ccd8c07bd7090e8a37ab878413b035a370e872367b145a0c0aaaaf60ccbdf: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c3ea3344e711fd7111dee02f17deebceb725ed1d0ee998f7fb472114dc1399ce: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a101c9a82b88a3fa561030af162d98a130ca3bc0501b2e70594410dd426f2c9b: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:d6a456492aaa4c003389fec3da0939f31c505232fcf1925db314815a196c444f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c7059f3102784cd05dc96fff74a52bce9fa50fea724ece08748507fa3455999b: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e1c681003a03fff277ecf90fccf526881bcc2e006c9e371b58f45680d54c1954: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:018b9065ed0dfedff48bbd11f6014960bb496e71c395f772bfad123ab33a1800: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 56.4s total: 17.1 M (310.2 KiB/s)
unpacking linux/amd64 sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9...
done: 3.508862s
[root@elk92 ~]#
3.重新生成新的tag
[root@elk92 ~]# ctr -n yinzhengjie images tag docker.io/library/nginx:1.25.4-alpine harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
[root@elk92 ~]#
[root@elk92 ~]# ctr -n yinzhengjie images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/jasonyin2020/oldboyedu-games:v0.5 application/vnd.docker.distribution.manifest.v2+json sha256:e75f2040ecf526ccc14a2f8ce7ca31729cebe67b4620d83bbbbff080372e314a 226.6 MiB linux/amd64 -
docker.io/library/nginx:1.25.4-alpine application/vnd.oci.image.index.v1+json sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9 17.1 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine application/vnd.oci.image.index.v1+json sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9 17.1 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x,unknown/unknown -
[root@elk92 ~]#
4.推送容器镜像至Harbor
[root@elk92 ~]# ctr -n yinzhengjie images push --platform linux/amd64 --plain-http -u admin:1 harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 2.1 s total: 13.9 K (6.6 KiB/s)
[root@elk92 ~]#
温馨提示:
1.如果咱们的harbor仓库是基于https配置的,只需要多加一个跳过认证的参数"--skip-verify"即可。
2.如果说你的harbor是基于http配置的,则需要使用"--plain-http"选项声明你是http协议;
推送https的镜像案例,harbor的效果如下图所示:
[root@worker243 ~]# ctr -n yinzhengjie images push --platform linux/amd64 -u admin:1 --skip-verify harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.8 s total: 13.9 K (17.3 KiB/s)
[root@worker243 ~]#
5.查看harbor的WebUI
http://harbor.yinzhengjie.com/harbor/projects/1/repositories/nginx/artifacts-tab
6.拉取私有仓库镜像
[root@elk91 ~]# ctr -n yinzhnegjie images pull --plain-http harbor.yinzhengjie.com/library/nginx:1.25.4-alpine
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine: resolving |--------------------------------------|
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:018b9065ed0dfedff48bbd11f6014960bb496e71c395f772bfad123ab33a1800: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a85ccd8c07bd7090e8a37ab878413b035a370e872367b145a0c0aaaaf60ccbdf: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:6913ed9ec8d009744018c1740879327fe2e085935b2cce7a234bf05347b670d7: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c3ea3344e711fd7111dee02f17deebceb725ed1d0ee998f7fb472114dc1399ce: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c7059f3102784cd05dc96fff74a52bce9fa50fea724ece08748507fa3455999b: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:619be1103602d98e1963557998c954c892b3872986c27365e9f651f5bc27cab8: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a101c9a82b88a3fa561030af162d98a130ca3bc0501b2e70594410dd426f2c9b: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:d6a456492aaa4c003389fec3da0939f31c505232fcf1925db314815a196c444f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e1c681003a03fff277ecf90fccf526881bcc2e006c9e371b58f45680d54c1954: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.3 s total: 13.9 M (46.2 MiB/s)
unpacking linux/amd64 sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b...
done: 3.533122482s
[root@elk91 ~]#
[root@elk91 ~]# ctr -n yinzhnegjie images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
harbor.yinzhengjie.com/library/nginx:1.25.4-alpine application/vnd.oci.image.manifest.v1+json sha256:cb0953165f59b5cf2227ae979a49a2284956d997fad4ed7a338eebc6aef3e70b 17.1 MiB linux/amd64 -
[root@elk91 ~]#
六.Docker集成Containerd实现容器管理
1.为什么要使用Docker集成Containerd实现容器管理
目前Containerd主要任务还在于解决容器运行时的问题,对于其周边生态还不完善。
所以可以借助Docker结合Containerd来实现Docker完整的功能应用。
2.修改docker启动脚本
[root@docker202 ~]# systemctl cat docker
# /lib/systemd/system/docker.service
[Unit]
Description=Jason Yin's Docke Engine
Documentation=https://www.cnblogs.com/yinzhengjie
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd --containerd /run/containerd/containerd.sock --debug
[Install]
WantedBy=multi-user.target
[root@docker202 ~]#
[root@docker202 ~]# ll /run/containerd/containerd.sock
srw-rw---- 1 root root 0 Mar 4 22:53 /run/containerd/containerd.sock=
[root@docker202 ~]#
[root@docker202 ~]# systemctl daemon-reload
[root@docker202 ~]#
[root@docker202 ~]# systemctl restart docker
[root@docker202 ~]#
[root@docker202 ~]# ps aux | grep docker | grep -v grep
root 24480 0.1 1.3 1279136 52696 ? Ssl 01:06 0:00 /usr/bin/dockerd --containerd /run/containerd/containerd.sock --debug
[root@docker202 ~]#
3.基于docker启动容器
[root@docker202 ~]# ctr namespace ls
NAME LABELS
default
yinzhengjie
[root@docker202 ~]#
[root@docker202 ~]# docker run --restart unless-stopped -dp 88:80 --name yinzhengjie-games jasonyin2020/oldboyedu-games:v0.5
9eb21c1fd72ce888de95b95de7fd8da0a4c8b1ba8aaa2c759ba487ba279946d3
[root@docker202 ~]#
[root@docker202 ~]# ctr namespace ls
NAME LABELS
default
moby
yinzhengjie
[root@docker202 ~]#
4.查看容器的运行信息及查看container对应的关系
[root@docker202 ~]# docker ps -l --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b jasonyin2020/oldboyedu-games:v0.5 "/docker-entrypoint.sh nginx -g 'daemon off;'" 30 seconds ago Up 29 seconds 0.0.0.0:88->80/tcp, :::88->80/tcp yinzhengjie-games
[root@docker202 ~]#
[root@docker202 ~]# ctr -n moby container ls
CONTAINER IMAGE RUNTIME
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b - io.containerd.runc.v2
[root@docker202 ~]#
5.docker删除容器查看containerd的对应关系
[root@docker202 ~]# ctr -n moby tasks ls
TASK PID STATUS
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b 25139 RUNNING
[root@docker202 ~]#
[root@docker202 ~]#
[root@docker202 ~]# docker rm -f ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b
ec70594c77bc0c842456d99a32df0a25671cc18b15bd52d9d9af5202d317bf5b
[root@docker202 ~]#
[root@docker202 ~]# ctr -n moby tasks ls
TASK PID STATUS
[root@docker202 ~]#
6.docker实现数据持久化
[root@docker202 ~]# docker volume ls
DRIVER VOLUME NAME
[root@docker202 ~]#
[root@docker202 ~]# docker run --restart unless-stopped -dp 88:80 --name yinzhengjie-games -v oldboyedu:/data jasonyin2020/oldboyedu-games:v0.5
7d42ff46f78eeed91cc0480b9333cbd5863301543bbdf97e329dfa853f84c6cf
[root@docker202 ~]#
[root@docker202 ~]# docker volume ls
DRIVER VOLUME NAME
local oldboyedu
[root@docker202 ~]#
[root@docker202 ~]# docker volume inspect oldboyedu
[
{
"CreatedAt": "2024-03-07T01:14:18+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/oldboyedu/_data",
"Name": "oldboyedu",
"Options": null,
"Scope": "local"
}
]
[root@docker202 ~]#
七.扩展作业
1.在不集成docker环境的前提下,独立完成containerd的网络插件部署,让其创建的容器能够有自己的网卡。
2.完善containerd的二进制一件部署脚本;
参考连接:
https://www.cnblogs.com/yinzhengjie/p/18030527
