Containerd 部署

1. 说明

此 Containerd 为 kubernetes 提供服务，主要保证兼容和稳定，仅会在出现安全问题或兼容性问题时才会更新。

2. 准备 Containerd 资源

使用如下命令准备所有需要的文件:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
set -e
## https://github.com/containerd/containerd
VERSION_CONTAINERD=1.6.8
## https://github.com/opencontainers/runc
VERSION_RUNC=1.1.4
## https://github.com/containernetworking/plugins
VERSION_CNI_PLUGIN=1.1.1
#https://github.com/containerd/nerdctl/
VERSION_NERDCTL=0.22.2

ARCH=amd64

WORK_PATH=/tmp/containerd
SRC_PATH=$WORK_PATH/src
DIST_PATH=$WORK_PATH/containerd-$VERSION_CONTAINERD
BUILD_ROOT=$DIST_PATH/rootfs
mkdir -p $SRC_PATH $DIST_PATH $BUILD_ROOT

# download
c_down() {
    if [ ! -f "$SRC_PATH/$2" ]; then
        wget "$1" -c -O "$SRC_PATH/$2.tmp" || exit 1
        mv "$SRC_PATH/$2.tmp" "$SRC_PATH/$2"
    fi
}

c_down https://github.com/containerd/containerd/releases/download/v$VERSION_CONTAINERD/containerd-$VERSION_CONTAINERD-linux-$ARCH.tar.gz containerd.tgz
c_down https://github.com/opencontainers/runc/releases/download/v$VERSION_RUNC/runc.$ARCH runc
c_down https://github.com/containernetworking/plugins/releases/download/v$VERSION_CNI_PLUGIN/cni-plugins-linux-$ARCH-v$VERSION_CNI_PLUGIN.tgz cni.tgz
c_down https://github.com/containerd/nerdctl/releases/download/v$VERSION_NERDCTL/nerdctl-$VERSION_NERDCTL-linux-amd64.tar.gz nerdctl.tgz
c_down https://raw.githubusercontent.com/containerd/containerd/main/containerd.service containerd.service
# build
rm -r $DIST_PATH
mkdir -p $BUILD_ROOT/usr/local/bin $BUILD_ROOT/usr/lib/systemd/system/ $BUILD_ROOT/etc/containerd/certs.d/ \
    $BUILD_ROOT/opt/cni/bin $BUILD_ROOT/etc/modules-load.d/ $BUILD_ROOT/etc/sysctl.d $BUILD_ROOT/usr/share/bash-completion/completions
tar zxf $SRC_PATH/containerd.tgz -C $BUILD_ROOT/usr/local
tar zxf $SRC_PATH/nerdctl.tgz -C $BUILD_ROOT/usr/local/bin
tar zxf $SRC_PATH/cni.tgz -C $BUILD_ROOT/opt/cni/bin
cp $SRC_PATH/runc $BUILD_ROOT/usr/local/bin
cp $SRC_PATH/containerd.service $BUILD_ROOT/usr/lib/systemd/system/containerd.service
$BUILD_ROOT/usr/local/bin/containerd config default |
    sed -e 's|SystemdCgroup = false|SystemdCgroup = true|' \
        -e 's|config_path = ""|config_path = "/etc/containerd/certs.d"|g' |
    tee $BUILD_ROOT/etc/containerd/config.toml >/dev/null
$BUILD_ROOT/usr/local/bin/nerdctl completion bash | tee $BUILD_ROOT/usr/share/bash-completion/completions/nerdctl >/dev/null
cat <<EOF | tee $BUILD_ROOT/etc/modules-load.d/containerd.conf >/dev/null
overlay
br_netfilter
EOF
cat <<EOF | tee $BUILD_ROOT/etc/sysctl.d/zz-containerd.conf >/dev/null
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
cat <<EOF | tee $BUILD_ROOT/etc/crictl.yaml >/dev/null
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
EOF
# =========================== package ===============================
cat <<"EOD" | tee $DIST_PATH/install.sh >/dev/null
#!/bin/bash
set -e
INSTALL_PATH=${INSTALLED_PATH:-/}
PWD_PATH=$(
    cd $(dirname ${BASH_SOURCE[0]})
    pwd
)
BUILD_ROOT_PATH=$PWD_PATH/rootfs
cd $PWD_PATH || exit 1
pre(){
    chown -Rv root:root $BUILD_ROOT_PATH
    chmod -Rv 755 $BUILD_ROOT_PATH/opt $BUILD_ROOT_PATH/usr
    chmod -Rv 644 $BUILD_ROOT_PATH/etc $BUILD_ROOT_PATH/usr/lib
}
copy(){
    cp -rvf $BUILD_ROOT_PATH/* $INSTALL_PATH
}
configure(){
    modprobe br_netfilter
    sysctl --system
    systemctl daemon-reload
    systemctl enable --now containerd
}
install(){
    pre
    copy
    configure
}
if [ ! "$1" ]; then
    install
fi
EOD

chmod +x $DIST_PATH/install.sh
(
    cd "$(dirname $DIST_PATH)" || exit 1
    tar zcvf "$(basename $DIST_PATH)".tgz "$(basename $DIST_PATH)"
)

echo "软件包准备完成，数据保存在 $(dirname $DIST_PATH)/$(basename $DIST_PATH).tgz"
exit 0

复制脚本到有网络的机器上运行，在脚本执行完成后将输出的文件上传到需要部署 Containerd 的机器上。

3. 部署 Containerd

上传完成后，使用如下命令部署 Containerd

1
2
tar zxf containerd.tgz
bash -x containerd/install.sh

4. 查看 Containerd 状态

使用如下命令查看 Containerd 状态

1
systemctl status containerd.service

如果一切无误，则 Containerd 部署完成。

5. 测试

部署完成后，使用如下步骤测试 Containerd 部署结果

5.1. 启动 nginx 容器

执行如下命令，启动 nginx 容器

1
nerdctl run -d -p 8080:80 nginx:1.21.1

此操作将会从远端拉取镜像并启动，同时转发 8080 端口

5.2. 测试部署结果

使用浏览器访问 http://127.0.0.1:8080, 如果能访问成功则表明部署成功。