内置Nerdctl工具

使用nerdctl代替docker管理k8e的容器和镜像

使用nerdctl代替docker管理k8e的容器和镜像

nerdctl: Docker-compatible CLI for containerd

是Docker官方团队提供的Containerd管理工具。媲美Docker客户端docker k8e默认集成带有nerdctl.当然为了用户习惯增加了alias别名,可以使用docker继续操作镜像。nerdctl增加了namespace的概念,对于k8s的镜像,都在命名空间 k8s.io 下面。

[root@ip-172-31-6-205 k8e]# nerdctl -n k8s.io images
REPOSITORY    TAG       IMAGE ID        CREATED        SIZE
nginx         latest    01c2e84120e8    2 hours ago    8.0 KiB

使用nerdctl导入离线镜像

k8e默认提供了离线镜像包,可以点击下载并使用nerdctl加载,方便k8e在没有网络的机器上直接拉起k8s集群

[root@ip-172-31-17-149 ~]# wget https://github.com/xiaods/k8e/releases/download/v1.21.11%2Bk8e1/k8e-airgap-images.tar.gz

[root@ip-172-31-17-149 ~]# /usr/local/bin/nerdctl -n k8s.io load -i /home/ec2-user/k8e-airgap-images.tar.gz --address /run/k8e/containerd/containerd.sock

unpacking quay.io/cilium/cilium:v1.11.2 (sha256:207f02b542fb95014e22ca0bd31ad81bc5c015dea22c0976b2ea92c5ac9e4a5b)...done
unpacking docker.io/rancher/klipper-helm:v0.6.6-build20211022 (sha256:d14c8ab213f41875c00a1c2e58489e6dab0bf1dc43e9722f5ac92b2c517ca933)...

done
unpacking docker.io/rancher/klipper-lb:v0.3.4 (sha256:d2dc7e524df05147fa5293f43888b5d8c0038aa1c346dc05fede74b8ee8bd65e)...done
unpacking docker.io/rancher/local-path-provisioner:v0.0.21 (sha256:e2229cac22ac98d4ab34f866f00ab61117eff5aa78e0457610385f708cff0f21)...done
unpacking docker.io/rancher/mirrored-library-busybox:1.34.1 (sha256:facc9879da52e6c6afef56655ca03412134edc91052e744a3bad3c593356566d)...done
unpacking docker.io/rancher/mirrored-coredns-coredns:1.9.1 (sha256:a45997314156ddd452a279f9d50f8a34b2dd8054569b953e6370e5de74b48098)...done
unpacking docker.io/rancher/mirrored-metrics-server:v0.5.2 (sha256:e8ac01de9bc19a6c49fc1caabf162cf1b23342188327846ee8c75b30dd72f57c)...done
unpacking docker.io/rancher/mirrored-pause:3.5 (sha256:5bbbf9e9a6665260cb3d106d54bd5fbf7ffc0630bffe7f07f30e58bb6c1523c1)...done
unpacking quay.io/cilium/operator-generic:v1.11.2 (sha256:aae8c54d364bf38b721613e4f0e24afb325fdef5b2f3160de1b18ebbb7f1d1a1)...done

containerd参数配置

containerd配置文件地址: /var/lib/k8e/etc/containerd/config.toml

这是原生的 containerd的配置文件,按官方修改配置就可以。默认不需要修改

[root@ip-172-31-6-205 containerd]# cat config.toml 

[plugins.opt]
  path = "/var/lib/k8e/containerd"
[plugins.cri]
  stream_server_address = "127.0.0.1"
  stream_server_port = "10010"
  enable_selinux = false
  sandbox_image = "registry.k8s.io/pause:3.4.1"

[plugins.cri.containerd]
  disable_snapshot_annotations = true
  snapshotter = "overlayfs"

[plugins.cri.containerd.runtimes.runc]
  runtime_type = "io.containerd.runc.v2"

私有仓库的配置

对于私有仓库的配置,对于k8e来说就是配置Containerd,当时containerd配置比较繁琐,特地在/etc/k8e/registries.yaml文件:

// registries.yaml

mirrors:
  docker.io:
    endpoint:
      - "http://mycustomreg.com:5000"
configs:
  "mycustomreg:5000":
    auth:
      username: xxxxxx # this is the registry username
      password: xxxxxx # this is the registry password

当然在启动k8e server的时候可以配置

--private-registry value                   (agent/runtime) Private registry configuration file (default: "/etc/k8e/registries.yaml")

参考:

  • https://github.com/containerd/nerdctl