您的位置:首页 > 科技 > IT业 > 容器引擎说明——Contianerd与Docker的区别以及Containerd换源操作

容器引擎说明——Contianerd与Docker的区别以及Containerd换源操作

2024/12/23 12:58:04 来源:https://blog.csdn.net/LMFranK/article/details/141219783  浏览:    关键词:容器引擎说明——Contianerd与Docker的区别以及Containerd换源操作

容器引擎是Kubernetes最重要的组件之一,负责管理镜像和容器的生命周期。Kubelet通过Container Runtime Interface (CRI) 与容器引擎交互,以管理镜像和容器。

表1 容器引擎对比
在这里插入图片描述

Containerd和Docker组件常用命令对比

表2 镜像相关功能
在这里插入图片描述
表3 容器相关功能
在这里插入图片描述
表4 Pod相关功能
在这里插入图片描述
说明
Containerd创建并启动的容器会被kubelet立即删除,不支持暂停、恢复、重启、重命名、等待容器,Containerd不具备docker构建、导入、导出、比较、推送、查找、打标签镜像的能力,Containerd不支持复制文件,可通过修改containerd的配置文件实现登录镜像仓库。

调用链区别

  • Docker(Kubernetes 1.23及以下版本):
    kubelet --> docker shim (在kubelet 进程中) --> docker --> containerd

  • Docker(Kubernetes 1.24及以上版本社区方案):
    kubelet --> cri-dockerd (kubelet使用cri接口对接cri-dockerd) --> docker --> containerd

  • Containerd:
    kubelet --> cri plugin(在containerd进程中) --> containerd

其中Docker虽增加了swarm cluster、docker build、docker API等功能,但也会引入一些bug,并且与Containerd相比,多了一层调用,因此Containerd被认为更加节省资源且更安全。

Contianerd换源

Containerd通过在启动时指定一个配置文件夹,使后续所有镜像仓库相关的配置都可以在里面热加载,无需重启Containerd。

  1. 如果/etc/containerd/config.toml配置文件中已包含config_path配置(例如"/etc/containerd/cert.d"),则无需执行此步骤;如果不存在,您可以在配置文件中添加以下config_path并重启Containerd使更改生效。
config_path = "/etc/containerd/certs.d"
  1. 在步骤一中指定的config_path路径中创建docker.io/hosts.toml文件。
    在文件中写入如下配置。
server = "https://registry-1.docker.io"[host."$(镜像加速器地址,如https://xxx.mirror.aliyuncs.com)"]capabilities = ["pull", "resolve", "push"]

镜像加速配置:

# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerproxy.com"]capabilities = ["pull", "resolve"][host."https://docker.m.daocloud.io"]capabilities = ["pull", "resolve"][host."https://reg-mirror.qiniu.com"]capabilities = ["pull", "resolve"][host."https://registry.docker-cn.com"]capabilities = ["pull", "resolve"][host."http://hub-mirror.c.163.com"]capabilities = ["pull", "resolve"]EOF# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"[host."https://k8s.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"[host."https://elastic.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"[host."https://gcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"[host."https://ghcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"[host."https://k8s-gcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"[host."https://mcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"[host."https://nvcr.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"[host."https://quay.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF'
server = "https://registry.jujucharms.com"[host."https://jujucharms.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF'
server = "https://rocks.canonical.com"[host."https://rocks-canonical.m.daocloud.io"]capabilities = ["pull", "resolve", "push"]
EOF

参考:

  1. https://support.huaweicloud.com/usermanual-cce/cce_10_0462.html
  2. https://help.aliyun.com/zh/acr/user-guide/accelerate-the-pulls-of-docker-official-images?spm=5176.28426678.J_HeJR_wZokYt378dwP-lLl.11.55d25181Z6Gz74&scm=20140722.S_help@@%E6%96%87%E6%A1%A3@@60750.S_BB2@bl+RQW@ag0+BB1@ag0+os0.ID_60750-RL_etccontainerd-LOC_searchUNDhelpdocUNDitem-OR_ser-V_3-P0_0
  3. https://blog.csdn.net/IOT_AI/article/details/131975562

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com