安装版本（在2024年9月10日是新版）

containerd 1.7.22

runc 1.1.12

cni 1.5.1

方式1：yum安装（不推荐）

设置主机名

hostnamectl set-hostname node1 

设置IP

vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
重点设置以下几项

BOOTPROTO="static"
IPADDR=192.168.3.31
NETMASK=255.255.255.0
GATEWAY=192.168.3.1
DNS1=223.5.5.5

获取阿里YUM源

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

containerd_35">查询containerd

yum list | grep containerd

安装

yum install -y containerd.io

验证与启动服务

rpm -qa | grep containerd
systemctl enable containerd
systemctl start containerd
systemctl status containerd

测试命令

ctr version

方式2：二进制安装（推荐）

containerdcnirunc_64">安装之前先了解containerd、cni、runc三者的关系

containerd 作为容器运行时，负责管理容器的生命周期和资源分配。它调用 RunC 来创建和运行容器，并通过调用 CNI 插件为容器配置网络。

设置主机名

hostnamectl set-hostname node1 

设置IP

vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
重点设置以下几项

BOOTPROTO="static"
IPADDR=192.168.3.31
NETMASK=255.255.255.0
GATEWAY=192.168.3.1
DNS1=223.5.5.5

下载文件

containerd 1.7.22
runc 1.1.12
cni 1.5.1

containerd_94">containerd安装

$ tar Cxzvf /usr/local containerd-1.7.22-linux-amd64.tar.gz
bin/
bin/containerd-shim-runc-v2
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress

containerd_105">创建containerd服务

mkdir -p /usr/local/lib/systemd/system/
touch /usr/local/lib/systemd/system/containerd.service
vim /usr/local/lib/systemd/system/containerd.service

将官方配置文件写入

官方配置文件

# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerdType=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999[Install]
WantedBy=multi-user.target

设置开机自启

systemctl daemon-reload
systemctl enable --now containerd

runc_162">runc安装

# runc安装
install -m 755 runc.amd64 /usr/local/sbin/runc

cni_169">cni安装

mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.5.1.tgz

旧版本配置config.toml

生成默认配置

mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml

修改

"https://xxxxxx.mirror.aliyuncs.com"自己登录阿里云换成自己的链接

# 原来是这样registry.k8s.io/pause:3.8
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.8"
# 原来是false
SystemdCgroup = true# 镜像配置
[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://xxxxxxxxx.mirror.aliyuncs.com"][plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]endpoint = ["registry.aliyuncs.com/google_containers"]
或者是这样
[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://xxxxxxxxx.mirror.aliyuncs.com","registry.aliyuncs.com/google_containers"]

高版本hostpath问题

WARN[0000] DEPRECATION: The `mirrors` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.1. Use `config_path` instead.

官方原文
原文解决方案链接

生成默认配置文件

mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml

创建镜像源配置文件

mkdir -p /etc/containerd/certs.d/docker.io/
mkdir -p /etc/containerd/certs.d/k8s.gcr.io/
cat<<EOF > /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://docker.io"[host."https://xxxxxxxxx.mirror.aliyuncs.com"]capabilities = ["pull", "resolve"]
EOFcat<<EOF > /etc/containerd/certs.d/docker.io/hosts.toml
server = "https://docker.io"[host."registry.aliyuncs.com/google_containers"]capabilities = ["pull", "resolve"]
EOF

设置配置文件位置

[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"

重启启动

systemctl restart containerd
systemctl status containerd

测试

# docker.io
ctr images pull docker.io/library/ubuntu:latest
ctr images del docker.io/library/ubuntu:latest# k8s的镜像仓库叫k8s.gcr.io，没配镜像就要指定registry.cn-hangzhou.aliyuncs.com/google_containers
ctr images pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
ctr images del registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2

成功

[root@node3 containerd]# ctr images pull docker.io/library/ubuntu:latest
docker.io/library/ubuntu:latest:                                                  resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:8a37d68f4f73ebf3d4efafbcf66379bf3728902a8038616808f04e34a9ab63ee:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:d35dfc2fe3ef66bcc085ca00d3152b482e6cafb23cdda1864154caf3b19094ba: done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:31e907dcc94a592a57796786399eb004dcbba714389fa615f5efa05a91316356:    done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:edbfe74c41f8a3501ce542e137cf28ea04dd03e6df8c9d66519b6ad761c2598a:   done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 9.9 s                                                                    total:  28.3 M (2.9 MiB/s)
unpacking linux/amd64 sha256:8a37d68f4f73ebf3d4efafbcf66379bf3728902a8038616808f04e34a9ab63ee...
done: 672.496318ms