阅读需要一定功力
# 安装containerd.io
1 安装
## 削除旧的版本
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
## 安装相关支持
sudo apt-get install
apt-transport-https
ca-certificates
curl
gnupg
lsb-release
### 添加证书
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
$ echo
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
## 安装
$ sudo apt-get update
$ sudo apt-get install containerd.io
#### 生成containerd默认配置文件
mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
#### 修改配置文件 开启SystemdCgroup
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml &&
grep 'SystemdCgroup' -B 11 /etc/containerd/config.toml
##### 老版本要手动追加这个参数SystemdCgroup = true
###### 显示内容
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
#### 配置容器镜像加速器
sed -i 's#endpoint = ""#endpoint = "https://1e60esib.mirror.aliyuncs.com"#g' /etc/containerd/config.toml &&
grep 'endpoint' -B 5 /etc/containerd/config.toml
#### 配置pause加速器
sed -i 's#sandbox_image = "k8s.gcr.io/pause#sandbox_image = "registry.aliyuncs.com/google_containers/pause#g' /etc/containerd/config.toml &&
grep 'sandbox_image' /etc/containerd/config.toml
#### 重启服务器加载配置
systemctl daemon-reload
systemctl restart containerd.service
## 配置harbor免证书拉取镜像、
### 配置containerd免证书拉取镜像
#### 配置ctr选择配置文件路径免证书拉取镜像
#通过ctr使用--hosts-dir选项来拉取容器映像时,告诉ctr 查找并使用位于指定路径中的主机配置文件,配置文件在下面
ctr image pull --hosts-dir /home/xingkong/ 192.168.0.226/library/nginx:latest
### 安装crictl
#1.24.0 k8s版本自己选择对应的
VERSION="v1.24.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz
#### 配置crtctl的sock
tee /etc/crictl.yaml <<-'EOF'
{
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
}
EOF
### containred官方文档
https://github.com/containerd/containerd/blob/main/docs/hosts.md#ctr
#### 设置配置文件路径
#config_path = "/home/xingkong" 这个路径为注册表指向文件所在的路径
vi /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/home/xingkong"
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.226".auth]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.226".tls]
##### 配置完之后重启
systemctl daemon-reload
systemctl restart containerd.service
ctr image pull --hosts-dir /home/xingkong/ 192.168.0.226/library/nginx:latest
crictl pull 192.168.0.226/library/nginx:latest
### containerd免密证书拉取配置
#### IP配置
cat /home/xingkong/192.168.0.226/hosts.toml
server = "https://192.168.0.226"
[host."https://192.168.0.226"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
#### 域名配置
server = "https://hb.cn"
[host."https://hb.cn"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
#### hosts.toml配置完之后不需要重启
ctr image pull --hosts-dir /home/xingkong/ 192.168.0.226/library/nginx:latest
### 拉取测试
crictl pull 192.168.0.226/library/nginx:latest
#### 拉取没有报错拉取成功,已经存在镜像不会在拉取
Image is up to date for sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85
