容器引擎是Kubernetes最重要的组件之一,负责管理镜像和容器的生命周期。Kubelet通过Container Runtime Interface (CRI) 与容器引擎交互,以管理镜像和容器。
表1 容器引擎对比
Containerd和Docker组件常用命令对比
表2 镜像相关功能
表3 容器相关功能
表4 Pod相关功能
说明:
Containerd创建并启动的容器会被kubelet立即删除,不支持暂停、恢复、重启、重命名、等待容器,Containerd不具备docker构建、导入、导出、比较、推送、查找、打标签镜像的能力,Containerd不支持复制文件,可通过修改containerd的配置文件实现登录镜像仓库。
调用链区别
-
Docker(Kubernetes 1.23及以下版本):
kubelet --> docker shim (在kubelet 进程中) --> docker --> containerd -
Docker(Kubernetes 1.24及以上版本社区方案):
kubelet --> cri-dockerd (kubelet使用cri接口对接cri-dockerd) --> docker --> containerd -
Containerd:
kubelet --> cri plugin(在containerd进程中) --> containerd
其中Docker虽增加了swarm cluster、docker build、docker API等功能,但也会引入一些bug,并且与Containerd相比,多了一层调用,因此Containerd被认为更加节省资源且更安全。
Contianerd换源
Containerd通过在启动时指定一个配置文件夹,使后续所有镜像仓库相关的配置都可以在里面热加载,无需重启Containerd。
- 如果
/etc/containerd/config.toml配置文件中已包含config_path配置(例如"/etc/containerd/cert.d"),则无需执行此步骤;如果不存在,您可以在配置文件中添加以下config_path并重启Containerd使更改生效。
config_path = "/etc/containerd/certs.d"
- 在步骤一中指定的config_path路径中创建docker.io/hosts.toml文件。
在文件中写入如下配置。
server = "https://registry-1.docker.io"[host."$(镜像加速器地址,如https://xxx.mirror.aliyuncs.com)"]capabilities = ["pull", "resolve", "push"]
镜像加速配置:
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerproxy.com"]capabilities = ["pull", "resolve"][host."https://docker.m.daocloud.io"]capabilities = ["pull", "resolve"][host."https://reg-mirror.qiniu.com"]capabilities = ["pull", "resolve"][host."https://registry.docker-cn.com"]capabilities = ["pull", "resolve"][host."http://hub-mirror.c.163.com"]capabilities = ["pull", "resolve"]EOF# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"[host."https://k8s.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"[host."https://elastic.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"[host."https://gcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"[host."https://ghcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"[host."https://k8s-gcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"[host."https://mcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"[host."https://nvcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"[host."https://quay.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF'
server = "https://registry.jujucharms.com"[host."https://jujucharms.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF'
server = "https://rocks.canonical.com"[host."https://rocks-canonical.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF
参考:
- https://support.huaweicloud.com/usermanual-cce/cce_10_0462.html
- https://help.aliyun.com/zh/acr/user-guide/accelerate-the-pulls-of-docker-official-images?spm=5176.28426678.J_HeJR_wZokYt378dwP-lLl.11.55d25181Z6Gz74&scm=20140722.S_help@@%E6%96%87%E6%A1%A3@@60750.S_BB2@bl+RQW@ag0+BB1@ag0+os0.ID_60750-RL_etccontainerd-LOC_searchUNDhelpdocUNDitem-OR_ser-V_3-P0_0
- https://blog.csdn.net/IOT_AI/article/details/131975562
![[鸿蒙笔记-基础篇_TS语法] Harmony OS](https://img-blog.csdnimg.cn/b047c9247e9d4fd5bd1b79ce2b1d1033.png)
