containerd离线快速部署脚本
前言
本脚本旨在提供一个简洁有效的离线方法来安装containerd。将通过一份易于理解的脚本步骤完成安装。后续可根据您的实际需求,适当调整containerd版本及其相关依赖。
注意: 本安装脚本已在
containerd 1.7.18版本上基于Centos7测试验证🛠️。请注意,尽管本脚本主要面向该版本,不同版本的安装步骤可能存在差异。建议您在实施前,对脚本进行必要的调整以适应特定版本。
脚本如下
使用依赖版本如下:
- CONTAINERD_VERSION=1.7.18
- NERDCTL_VERSION=1.7.6
- RUNC_VERSION=1.1.12
- BUILDKIT_VERSION=v0.13.2
清单如下:
[root@localhost containerd_install]# tree
.
├── buildkit-v0.13.2.linux-amd64.tar.gz
├── cri-containerd-cni-1.7.18-linux-amd64.tar.gz
├── install_containerd.sh
├── nerdctl-1.7.6-linux-amd64.tar.gz
├── runc.amd64
脚本如下:
#!/bin/bash
DIR=`pwd`
# https://github.com/containerd/containerd
CONTAINERD_VERSION=1.7.18
# https://github.com/containerd/nerdctl
NERDCTL_VERSION=1.7.6
# https://github.com/opencontainers/runc
RUNC_VERSION=1.1.12
# https://github.com/moby/buildkit
BUILDKIT_VERSION=v0.13.2
install_containerd(){
tar -xvzf cri-containerd-cni-*-linux-amd64.tar.gz -C /
#rm -f cri-containerd-cni-*-linux-amd64.tar.gz
# 创建默认配置文件
mkdir -p /etc/containerd
# 创建containerd默认配置文件
containerd config default | tee /etc/containerd/config.toml
cp /etc/containerd/config.toml /etc/containerd/config.toml.init
# 修改Containerd的配置文件
sed -i "s#SystemdCgroup\ \=\ false#SystemdCgroup\ \=\ true#g" /etc/containerd/config.toml
cat /etc/containerd/config.toml | grep SystemdCgroup
sed -i "s#registry.k8s.io#m.daocloud.io/registry.k8s.io#g" /etc/containerd/config.toml
cat /etc/containerd/config.toml | grep sandbox_image
# 配置加速
sed -i "s#config_path\ \=\ \"\"#config_path\ \=\ \"/etc/containerd/certs.d\"#g" /etc/containerd/config.toml
cat /etc/containerd/config.toml | grep certs.d
# 创建相应目录
mkdir /etc/containerd/certs.d/docker.io -pv
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://docker.199604.com"]
capabilities = ["pull", "resolve"]
EOF
#生成配置文件
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
systemctl daemon-reload
systemctl enable --now containerd.service
systemctl restart containerd.service
# 验证containerd是否安装成功
crictl info
}
# 覆盖containerd的runc工具
install_runc(){
mv runc.amd64 runc && chmod +x runc && mv -f runc /usr/local/sbin/
ln -s /usr/local/sbin/runc /usr/bin/runc
runc -version
}
install_nerdctl(){
cd ${DIR}
mkdir nerdctl
tar -xf nerdctl-${NERDCTL_VERSION}-linux-amd64.tar.gz -C nerdctl/
mv nerdctl/nerdctl /usr/local/bin/
rm -rf nerdctl
cat << 'EOF' > /usr/local/bin/docker
#!/bin/bash
/usr/local/bin/nerdctl $@
EOF
chmod +x /usr/local/bin/docker
nerdctl --version
}
install_buildkit(){
mkdir -p /usr/local/buildkit
tar -xf buildkit-${BUILDKIT_VERSION}.linux-amd64.tar.gz -C /usr/local/buildkit
echo 'export PATH=/usr/local/buildkit/bin:$PATH' >> /etc/profile
source /etc/profile
# 创建buildkitd自启动服务
cat > /etc/systemd/system/buildkitd.service << 'EOF'
[Unit]
Documentation=https://github.com/moby/buildkit
Description=buildkitd
After=network.target
[Service]
ExecStart=/usr/local/buildkit/bin/buildkitd --oci-worker=false --containerd-worker=true
[Install]
WantedBy=multi-user.target
EOF
# 重新加载Unit file
systemctl daemon-reload
# 启动服务
systemctl start buildkitd
# 开机自启动
systemctl enable buildkitd
}
install(){
install_containerd
install_runc
install_nerdctl
install_buildkit
}
install
为了解决国内下载Docker镜像的速度和无法下载镜像问题,
/etc/containerd/certs.d/docker.io/hosts.toml下的加速地址请自行替换。通过这一配置,可以显著加快从Docker Hub下载镜像的速度,有效缓解等待时间。自建docker加速可参考:利用cloudflare的worker服务搭建DockerHub镜像加速
注意
crictl默认配置文件在/etc/containerd/config.toml文件,所以docker拉取和私有镜像配置在K8S环境需要在/etc/containerd/config.toml配置!否则nodes节点全是NotReady
