docker-Containerd
基础命令对比
| 命令 | docker | ctr(containerd) | crictl(k8s) |
|---|---|---|---|
| 查看运行的容器 | docker ps | ctr task ls/ctr container ls | crictl ps |
| 查看镜像 | docker images | ctr image ls | crictl images |
| 查看容器日志 | docker logs | 无 | crictl logs |
| 查看容器数据信息 | docker inspect | ctr container info | crictl inspect |
| 查看容器资源 | docker stats | 无 | crictl stats |
| 启动/关闭已有的容器 | docker start/stop | ctr task start/kill | crictl start/stop |
| 运行一个新的容器 | docker run | ctr run | 无 |
| 修改镜像标签 | docker tag | ctr image tag | 无 |
| 创建一个新的容器 | docker create | ctr container create | crictl create |
| 导入镜像 | docker load | ctr image import | 无 |
| 导出镜像 | docker save | ctr image export | 无 |
| 删除容器 | docker rm | ctr container rm | crictl rm |
| 删除镜像 | docker rmi | ctr image rm | crictl rmi |
| 拉取镜像 | docker pull | ctr image pull | crictl pull |
| 推送镜像 | docker push | ctr image push | 无 |
| 在容器内部执行命令 | docker exec | 无 | crictl exec |
配置镜像加速
方案零
采用镜像代理服务商,一般直接将原镜像更名即可,例如:docker pull gcr.io/kaniko-project/executor:debug修改成docker pull gcr.lank8s.cn/kaniko-project/executor:debug
-
原始仓库 lank8s服务 registry.k8s.io(原k8s.gcr.io) registry.lank8s.cn registry.k8s.io lank8s.cn gcr.io gcr.lank8s.cn
方案一(采用)
修改
/etc/containerd/config.toml文件,在endpoint = ["https://registry-1.docker.io"]添加"https://xxx.mirror.aliyuncs.com"得到endpoint = ["https://xxx.mirror.aliyuncs.com","https://registry-1.docker.io"],添加在前面,优先用阿里云加速仓库。1
2
3
4
5
6
7.......
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
systemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://xxx.mirror.aliyuncs.com","https://registry-1.docker.io"]重启服务
systemctl daemon-reload和systemctl restart containerd
方案二(报错)
- 修改
/etc/containerd/config.toml文件,在[plugins."io.containerd.grpc.v1.cri".registry]一行下面添加config_path = "/etc/containerd/certs.d"。示例如下
1 | ....... |
- 创建目录
/etc/containerd/certs.d/docker.io,创建/etc/containerd/certs.d/docker.io/hosts.toml文件。
1 | [root@exxk ~]# cat /etc/containerd/certs.d/docker.io/hosts.toml |
重启服务
systemctl daemon-reload和systemctl restart containerd其他加速同理
1
2
3
4
5
6
7
8
9
10
11
12
13
14$ tree /etc/containerd/certs.d
/etc/containerd/certs.d/
├── docker.io
│ └── hosts.toml
└── quay.io
└── hosts.toml
$ cat /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://docker.io"
[host."https://xxxx.mirror.aliyuncs.com"]
$ cat /etc/containerd/certs.d/quay.io/hosts.toml
server = "https://quay.io"
[host."https://xxx.mirrors.ustc.edu.cn"]执行
crictl pull nacos/nacos-server:v2.2.3报错1
2
3
4[root@exxk ~]# crictl pull docker.io/nacos/nacos-server:v2.2.3
FATA[0000] validate service connection: CRI v1 image API is not implemented for endpoint "unix:///var/run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService
[root@exxk ~]# crictl pull nacos/nacos-server:v2.2.3
FATA[0000] validate service connection: CRI v1 image API is not implemented for endpoint "unix:///var/run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService
配置私有仓库
修改
/etc/hosts,映射harbor.exxktech.dev到harbor内网服务ip。修改
/etc/containerd/config.toml文件,重启服务systemctl daemon-reload和systemctl restart containerd
1 | [plugins."io.containerd.grpc.v1.cri".registry] |