containerd配置下载镜像
使用cri-docker参见:cri-docker
containerd相关使用参见:containerd相关使用
导出镜像:
ctr image export --all-platforms nginx.tar.gz docker.io/library/nginx:alpinectr image export --platform=linux/amd64 nginx.tar.gz #加上--platform=linux/amd64就没有报错了……
导入镜像:
[root@node2 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
- 在拉取镜像、导出镜像时,都加上–all-platforms 时,最后在用ctr i import nginx.tar.gz就不会报错了;
- 在拉取镜像、导出镜像时,都加上–platform=linux/amd64时,最后在用ctr i import nginx.tar.gz时依然报错;
- 在拉起镜像时不添加任何–platform参数,最后在用ctr i import nginx.tar.gz也会报错;
很无语,那么最后再拉取任何镜像时都要加上–all-platforms参数了吗,那就加上呗,要不以后再使用import时会报错; - 配置containerd镜像源为阿里云
将文件/etc/containerd/config.toml中[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]下的endpoint换成阿里云镜像源
#endpoint=[“https://registry-1.docker.io”]
endpoint = [“https://te2osmuz.mirror.aliyuncs.com”]
参照:https://blog.csdn.net/m0_67401270/article/details/123604385
添加容器镜像加速器
[plugins][plugins."io.containerd.grpc.v1.cri".registry]...[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://xxxxxx.mirror.aliyuncs.com"][plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]endpoint = ["registry.aliyuncs.com/google_containers"]
或者
[plugins."io.containerd.grpc.v1.cri".registry][plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://------.mirror.aliyuncs.com", "https://registry-1.docker.io"]
使用私有仓库
[plugins."io.containerd.grpc.v1.cri".registry][plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://registry-1.docker.io"] //到此为配置文件默认生成,之后为需要添加的内容[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.66.4"]endpoint = ["https://192.168.66.4:443"][plugins."io.containerd.grpc.v1.cri".registry.configs][plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".tls]insecure_skip_verify = true[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".auth]username = "admin"password = "Harbor12345"
重启containerd
systemctl daemon-reload
systemctl restart containerd
systemctl status containerd
本人的实践:
[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://registry.aliyuncs.com"] # 使用阿里镜像源到此[plugins."io.containerd.grpc.v1.cri".registry.mirrors."nexus.knowdee.com"]endpoint = ["http://nexus.knowdee.com"][plugins."io.containerd.grpc.v1.cri".registry.mirrors."172.70.10.176:89"]endpoint = ["http://172.70.10.176:89"][plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
特别需要指出,如果配置了镜像代理,需要将特定ip从代理中摘除 172.70.0.0/8 ,否则后果自负
[root@node4 ~]# vim /usr/lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target[Service]
Environment="HTTP_PROXY=socks5://172.60.10.219:10808/"
Environment="HTTPS_PROXY=socks5://172.60.10.219:10808/"
Environment="NO_PROXY=10.96.0.0/12,10.244.0.0/16,127.0.0.1,172.70.0.0/8,localhost,nexus.knowdee.com"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerdType=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999[Install]
WantedBy=multi-user.target
拉取镜像:
[root@node4 ~]# crictl pull 172.70.10.176:89/chatbot/client-web:dev1657784455316
Image is up to date for sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069
[root@node4 ~]# ctr i pull 172.70.10.176:89/chatbot/client-web:dev1657784455316 --plain-http
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a405d4738aa0721b6a6f99717f5cf3963b41faa8c327d71c071d3b7c32ffad2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2482828374d87e14e888fd04b8ad96aad674ecabfb9be000c0fca0524731859f: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f6ec55d4907a8a895df5686caf5800b31d377066454ea5fcf5f4d311fd8a3727: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 1.5 s total: 0.0 B (0.0 B/s)
unpacking linux/amd64 sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11...
done: 5.375367904s
[root@node1 ~]# nerdctl pull 172.70.10.176:89/chatbot/client-web:dev1657784455316 --insecure-registry
WARN[0000] skipping verifying HTTPS certs for "172.70.10.176:89"
INFO[0000] trying next host error="failed to do request: Head \"https://172.70.10.176:89/v2/chatbot/client-web/manifests/dev1657784455316\": http: server gave HTTP response to HTTPS client" host="172.70.10.176:89"
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolving |--------------------------------------|
elapsed: 0.1 s total: 0.0 B (0.0 B/s)
WARN[0000] server "172.70.10.176:89" does not seem to support HTTPS, falling back to plain HTTP error="failed to resolve reference \"172.70.10.176:89/chatbot/client-web:dev1657784455316\": failed to do request: Head \"https://172.70.10.176:89/v2/chatbot/client-web/manifests/dev1657784455316\": http: server gave HTTP response to HTTPS client"
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a405d4738aa0721b6a6f99717f5cf3963b41faa8c327d71c071d3b7c32ffad2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f6ec55d4907a8a895df5686caf5800b31d377066454ea5fcf5f4d311fd8a3727: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2482828374d87e14e888fd04b8ad96aad674ecabfb9be000c0fca0524731859f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 24.6s total: 0.0 B (0.0 B/s)
[root@node1 ~]#[root@node4 ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
172.70.10.176:89/chatbot/client-web dev1657784455316 c8beb8759d6d 5 minutes ago linux/amd64 217.8 MiB 168.6 MiB
nginx latest 10f14ffa93f8 2 weeks ago linux/amd64 146.4 MiB 54.1 MiB
Jenkins使用buildkit参照:https://itnext.io/jenkins-k8s-buildkit-life-behind-the-corporate-proxy-cb052bd7f969
参考:containerd配置私有镜像源
nerdctl安装过程,参考链接
export NERDCTL_VERSION=0.22.0
wget https://github.com/containerd/nerdctl/releases/download/v0.22.0/nerdctl-full-${NERDCTL_VERSION}-linux-amd64.tar.gz
tar xf nerdctl-full-${NERDCTL_VERSION}-linux-amd64.tar.gz -C /usr/local
systemctl enable containerd buildkit && systemctl start containerd buildkit
运行mysql8.0
nerdctl run \
-p 3306:3306 \
--name mysql \
-v /data/mysql/conf:/etc/mysql/conf.d \
-v /data/mysql/logs:/logs \
-v /data/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 \
-d mysql:8.0.29
占用端口查看
root@node1:~# iptables -t nat -L|grep 3306
DNAT tcp – anywhere anywhere tcp dpt:mysql to:10.4.0.2:3306
##导出 导入
ctr -n k8s.io image export --platform=linux/amd64 kubesphere.tar.gz docker.io/kubesphere/ks-installer:v3.3.0ctr -n k8s.io image import kubesphere.tar.gz
注意以下Deployment配置清单和kubectl top指令查看pod资源使用率中,都有cpu和内存的两个数量单位(m和Mi),这里把这两个单位解释做个记录:
cpu单位m:代表 “千分之一核心”,譬如50m的含义是指50/1000核心,即5%
内存单位Mi:1Mi = 1024乘1024,而平时使用的单为M是1M = 1000乘1000
查看iptables规则:
[root@node5 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.0.1:30161 rr-> 10.244.33.159:31400 Masq 1 0 0
TCP 172.17.0.1:30375 rr-> 10.244.33.159:15021 Masq 1 0 0
TCP 172.17.0.1:30814 rr-> 10.244.33.142:443 Masq 1 0 0
TCP 172.17.0.1:31616 rr-> 10.244.33.142:80 Masq 1 0 0
TCP 172.17.0.1:31780 rr-> 10.244.33.159:8080 Masq 1 0 0
TCP 172.17.0.1:31923 rr-> 10.244.33.159:8443 Masq 1 0 0
TCP 172.17.0.1:31987 rr-> 10.244.33.159:15443 Masq 1 0 0
TCP 172.17.0.1:32500 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
TCP 172.17.0.1:32511 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
TCP 172.70.10.185:30161 rr-> 10.244.33.159:31400 Masq 1 0 0
TCP 172.70.10.185:30375 rr-> 10.244.33.159:15021 Masq 1 0 0
TCP 172.70.10.185:30814 rr-> 10.244.33.142:443 Masq 1 0 0
TCP 172.70.10.185:31616 rr-> 10.244.33.142:80 Masq 1 0 0
TCP 172.70.10.185:31780 rr-> 10.244.33.159:8080 Masq 1 0 0
TCP 172.70.10.185:31923 rr-> 10.244.33.159:8443 Masq 1 0 0
TCP 172.70.10.185:31987 rr-> 10.244.33.159:15443 Masq 1 0 0
TCP 172.70.10.185:32500 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
TCP 172.70.10.185:32511 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
TCP 10.96.0.1:443 rr-> 172.70.10.181:6443 Masq 1 4 0-> 172.70.10.182:6443 Masq 1 4 0-> 172.70.10.183:6443 Masq 1 6 0
TCP 10.96.0.10:53 rr-> 10.244.104.1:53 Masq 1 0 0-> 10.244.135.1:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr-> 10.244.104.1:9153 Masq 1 0 0-> 10.244.135.1:9153 Masq 1 0 0
TCP 10.96.72.189:9094 rr-> 10.244.3.65:9094 Masq 1 0 0
TCP 10.99.243.173:80 rr-> 10.244.33.142:80 Masq 1 0 0
TCP 10.99.243.173:443 rr-> 10.244.33.142:443 Masq 1 0 0
TCP 10.100.13.136:443 rr-> 10.244.3.92:5443 Masq 1 0 0-> 10.244.139.1:5443 Masq 1 0 0
TCP 10.100.25.75:8080 rr-> 172.70.10.184:8680 Masq 1 0 0-> 172.70.10.185:8680 Masq 1 0 0-> 172.70.10.186:8680 Masq 1 0 0
TCP 10.100.55.229:9080 rr-> 10.244.33.168:9080 Masq 1 0 0
TCP 10.100.187.139:50000 rr-> 10.244.139.21:50000 Masq 1 0 0
TCP 10.100.228.120:9080 rr-> 10.244.3.102:9080 Masq 1 0 0-> 10.244.33.169:9080 Masq 1 0 0-> 10.244.33.170:9080 Masq 1 0 0
TCP 10.101.145.76:80 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
TCP 10.101.246.102:80 rr
TCP 10.102.242.109:8080 rr-> 10.244.139.21:8080 Masq 1 0 0
TCP 10.103.195.183:8080 rr-> 10.244.3.69:8680 Masq 1 0 0-> 10.244.33.136:8680 Masq 1 0 0-> 10.244.139.5:8680 Masq 1 0 0
TCP 10.104.20.123:9080 rr-> 10.244.33.171:9080 Masq 1 0 0
TCP 10.104.185.143:5473 rr-> 172.70.10.184:5473 Masq 1 0 0-> 172.70.10.185:5473 Masq 1 0 0-> 172.70.10.186:5473 Masq 1 0 0
TCP 10.105.61.39:80 rr-> 10.244.33.160:8080 Masq 1 0 0
TCP 10.105.61.39:443 rr-> 10.244.33.160:8443 Masq 1 0 0
TCP 10.106.166.38:9080 rr-> 10.244.33.167:9080 Masq 1 0 0
TCP 10.107.168.148:443 rr-> 10.244.33.158:15017 Masq 1 0 0
TCP 10.107.168.148:15010 rr-> 10.244.33.158:15010 Masq 1 0 0
TCP 10.107.168.148:15012 rr-> 10.244.33.158:15012 Masq 1 7 0
TCP 10.107.168.148:15014 rr-> 10.244.33.158:15014 Masq 1 0 0
TCP 10.107.215.134:443 rr-> 10.244.33.142:8443 Masq 1 0 0
TCP 10.107.240.50:80 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
TCP 10.109.40.81:8080 rr-> 10.244.3.71:8681 Masq 1 0 0-> 10.244.33.137:8681 Masq 1 0 0-> 10.244.139.6:8681 Masq 1 0 0
TCP 10.110.88.160:80 rr-> 10.244.33.159:8080 Masq 1 0 0
TCP 10.110.88.160:443 rr-> 10.244.33.159:8443 Masq 1 0 0
TCP 10.110.88.160:15021 rr-> 10.244.33.159:15021 Masq 1 0 0
TCP 10.110.88.160:15443 rr-> 10.244.33.159:15443 Masq 1 0 0
TCP 10.110.88.160:31400 rr-> 10.244.33.159:31400 Masq 1 0 0
TCP 10.111.42.135:8080 rr-> 172.70.10.184:8681 Masq 1 0 0-> 172.70.10.185:8681 Masq 1 0 0-> 172.70.10.186:8681 Masq 1 0 0
TCP 10.244.33.128:30161 rr-> 10.244.33.159:31400 Masq 1 0 0
TCP 10.244.33.128:30375 rr-> 10.244.33.159:15021 Masq 1 0 0
TCP 10.244.33.128:30814 rr-> 10.244.33.142:443 Masq 1 0 0
TCP 10.244.33.128:31616 rr-> 10.244.33.142:80 Masq 1 0 0
TCP 10.244.33.128:31780 rr-> 10.244.33.159:8080 Masq 1 0 0
TCP 10.244.33.128:31923 rr-> 10.244.33.159:8443 Masq 1 0 0
TCP 10.244.33.128:31987 rr-> 10.244.33.159:15443 Masq 1 0 0
TCP 10.244.33.128:32500 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
TCP 10.244.33.128:32511 rr-> 10.244.3.70:80 Masq 1 0 0-> 10.244.3.72:80 Masq 1 0 0-> 10.244.3.93:80 Masq 1 0 0-> 10.244.139.7:80 Masq 1 0 0
UDP 10.96.0.10:53 rr-> 10.244.104.1:53 Masq 1 0 43-> 10.244.135.1:53 Masq 1 0 43
nerdctl是一个非常丰富的containerd cli工具,未来很可能会替换掉ctr和crictl
参考:https://www.modb.pro/db/398176
nerdctl官网:https://www.modb.pro/db/398176
对于k3s
配置containerd配置文件是不行的,需要添加k3s的仓库管理注册表,具体如下:
mkdir -p /etc/rancher/k3s/
cat >/etc/rancher/k3s/registries.yaml <<EOF
mirrors:docker.io:endpoint:- https://registry.aliyuncs.comrewrite:"(^.+\$)": "docker.io/\$1"harbor.knowdee.com:endpoint:- http://harbor.knowdee.comgcr.io:endpoint:- https://registry.aliyuncs.com/google_containersrewrite:"(^.+\$)": "gcr.io/\$1"nexus.knowdee.com:endpoint:- http://nexus.knowdee.comk8s.gcr.io:endpoint:- https://registry.aliyuncs.com/google_containers rewrite:"(^.+\$)": "k8s.gcr.io/\$1"172.70.10.176:endpoint:- http://172.70.10.176:89
EOF
参照:https://blog.csdn.net/wq1205750492/article/details/124822204
nerdctl build http
nerdctl build 如果想使用http,需要配置buildkit
具体:编辑/etc/buildkit/buildkitd.toml
[registry."nexus.knowdee.com"]http = true
dockerfile如下:
FROM nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8
USER root
WORKDIR /services
COPY target/*.jar /services/app.jar
EXPOSE 80
ENTRYPOINT java $JVM_OPTS -jar app.jar --server.port=80
root@node1:/run/containerd# systemctl daemon-reload
root@node1:/run/containerd# systemctl restart buildkit.service
root@node1:/run/containerd# systemctl status buildkit.service
● buildkit.service - BuildKitLoaded: loaded (/etc/systemd/system/buildkit.service; enabled; vendor preset: enabled)Active: active (running) since Thu 2022-08-11 18:16:13 CST; 2s agoDocs: https://github.com/moby/buildkitMain PID: 957197 (buildkitd)Tasks: 24 (limit: 57621)Memory: 14.1MCGroup: /system.slice/buildkit.service└─957197 /usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true8月 11 18:16:13 node1 systemd[1]: Started BuildKit.
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="using host network as the default"
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="found worker \"i0ta4k12ryuwr1sr0khtiuzt9\", labels=map[org.mobyproject.buildkit.worker.c>
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="platform linux/arm64 cannot pass the validation, kernel support for miscellaneous bin>
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="found 1 workers, default=\"i0ta4k12ryuwr1sr0khtiuzt9\""
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="currently, only the default worker can be used."
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="running server on /run/buildkit/buildkitd.sock"
root@node1:/home/cyxinda/workspaces/prometheus# nerdctl build -t nexus.knowdee.com/caoyong-test/prometheus:v2.0.0 -f DOCKERFILE .
[+] Building 19.0s (8/8) FINISHED => [internal] load .dockerignore 0.3s=> => transferring context: 2B 0.0s=> [internal] load build definition from DOCKERFILE 0.4s=> => transferring dockerfile: 223B 0.0s=> [internal] load metadata for nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8 0.3s=> [1/3] FROM nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8@sha256:dc067450dc60648afbc5c7e7303b4f3b186938dff814a44a0a81a0cee2dc8311 0.2s=> => resolve nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8@sha256:dc067450dc60648afbc5c7e7303b4f3b186938dff814a44a0a81a0cee2dc8311 0.2s=> [internal] load build context 0.5s=> => transferring context: 18.58MB 0.3s=> CACHED [2/3] WORKDIR /services 0.0s=> [3/3] COPY target/*.jar /services/app.jar 1.2s=> exporting to oci image format 16.4s=> => exporting layers 2.7s=> => exporting manifest sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf 0.3s=> => exporting config sha256:a2482c8619a6c63a8e4befe189df504eb015ad7fe0d55e19002dc7fce73769fe 0.2s=> => sending tarball 12.6s
unpacking nexus.knowdee.com/caoyong-test/prometheus:v2.0.0 (sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf)...done
root@node1:/home/cyxinda/workspaces/prometheus# nerdctl push nexus.knowdee.com/caoyong-test/prometheus:v2.0.0
INFO[0000] pushing as a reduced-platform image (application/vnd.docker.distribution.manifest.v2+json, sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf)
manifest-sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:a2482c8619a6c63a8e4befe189df504eb015ad7fe0d55e19002dc7fce73769fe: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 3.3 s total: 6.1 Ki (1.9 KiB/s)
root@node1:/home/cyxinda/workspaces/prometheus#
参考buildkit官网:https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
debug = true
# root is where all buildkit state is stored.
root = "/var/lib/buildkit"
# insecure-entitlements allows insecure entitlements, disabled by default.
insecure-entitlements = [ "network.host", "security.insecure" ][grpc]address = [ "tcp://0.0.0.0:1234" ]# debugAddress is address for attaching go profiles and debuggers.debugAddress = "0.0.0.0:6060"uid = 0gid = 0[grpc.tls]cert = "/etc/buildkit/tls.crt"key = "/etc/buildkit/tls.key"ca = "/etc/buildkit/tlsca.crt"[worker.oci]enabled = true# platforms is manually configure platforms, detected automatically if unset.platforms = [ "linux/amd64", "linux/arm64" ]snapshotter = "auto" # overlayfs or native, default value is "auto".rootless = false # see docs/rootless.md for the details on rootless mode.# Whether run subprocesses in main pid namespace or not, this is useful for# running rootless buildkit inside a container.noProcessSandbox = falsegc = truegckeepstorage = 9000# alternate OCI worker binary name(example 'crun'), by default either # buildkit-runc or runc binary is usedbinary = ""# name of the apparmor profile that should be used to constrain build containers.# the profile should already be loaded (by a higher level system) before creating a worker.apparmor-profile = ""# limit the number of parallel build steps that can run at the same timemax-parallelism = 4[worker.oci.labels]"foo" = "bar"[[worker.oci.gcpolicy]]keepBytes = 512000000keepDuration = 172800filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"][[worker.oci.gcpolicy]]all = truekeepBytes = 1024000000[worker.containerd]address = "/run/containerd/containerd.sock"enabled = trueplatforms = [ "linux/amd64", "linux/arm64" ]namespace = "buildkit"gc = true# gckeepstorage sets storage limit for default gc profile, in MB.gckeepstorage = 9000[worker.containerd.labels]"foo" = "bar"[[worker.containerd.gcpolicy]]keepBytes = 512000000keepDuration = 172800 # in secondsfilters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"][[worker.containerd.gcpolicy]]all = truekeepBytes = 1024000000# registry configures a new Docker register used for cache import or output.
[registry."docker.io"]mirrors = ["yourmirror.local:5000"]http = trueinsecure = trueca=["/etc/config/myca.pem"][[registry."docker.io".keypair]]key="/etc/config/key.pem"cert="/etc/config/cert.pem"# optionally mirror configuration can be done by defining it as a registry.
[registry."yourmirror.local:5000"]http = true
nerdctl push到harbor中,参考:https://blog.csdn.net/Michaelwubo/article/details/122745348
ctr容器信息
您可以使用infoin containerd 来检查 containerd 中的容器。
首先列出您要检查的容器
ctr --namespace k8s.io containers ls
备注:Containerd 有命名空间https://github.com/containerd/containerd/blob/master/README.md#namespaces,所以使用 --namespaces 标志或 ns 标志,上面k8s.io是命名空间
获取容器列表后,您可以使用以下命令获取有关您想要的特定容器的信息
句法:
ctr --namespace <namespace_name> containers info <container_id>
实践:
ctr --namespace k8s.io containers info 85ed1aeb518ff57f6cc5b80c599f0c4bfcc8e944f842c98aeed5ffceaa5e6aaa
containerd配置下载镜像相关推荐
- java下载json需要的包_jenkins 获取插件,下载插件提速,配置国内镜像
jenkins 是目前比较流行的自动化运维工具,由于 jenkins 的镜像源是国外的所以在下载插件的时候会非常慢,甚至会超时,所以本文就重点介绍如何解决这个问题. 正确的做法自然是修改为国内的镜像源 ...
- 终极解决方案——sbt配置阿里镜像源,解决sbt下载慢,dump project structure from sbt耗时问题
终极解决方案--sbt配置阿里镜像源,解决sbt下载慢,dump project structure from sbt耗时问题 参考文章: (1)终极解决方案--sbt配置阿里镜像源,解决sbt下载慢 ...
- python永久配置pip下载镜像源方法(window版本)
python永久配置pip下载镜像源方法(window版本) 背景:使用pip install 下载软件包的时候特别慢,是因为默认会请求python官网的镜像源,而官网的镜像部署在国外,网络条件不好时 ...
- maven 配置下载jar、源码等先走私服,找不到再走阿里云镜像
maven 配置下载jar.源码等先走私服,找不到再走阿里云镜像 如果配置了不起作用请重启Idea <?xml version="1.0" encoding="UT ...
- containerd 配置镜像仓库完全攻略
一.前言 Kubernetes 在 Changelog 中宣布自 Kubernetes 1.20 之后将弃用 Docker 作为容器运行时之后,containerd 成为下一个容器运行时的热门选项.虽 ...
- docker配置国内镜像源下载镜像
1 docker配置163镜像 vi /etc/docker/daemon.json(Linux) {"registry-mirrors": ["http://hub-m ...
- Docker配置了国内镜像仍然无法下载镜像
错误描述 错误信息: Error response from daemon: Get https://registry-1.docker.io/v2/library/nginx/manifests/l ...
- Docker安装 下载镜像 部署容器 备份 创建私服
Docker 学习目标: 掌握Docker基础知识,能够理解Docker镜像与容器的概念 完成Docker安装与启动 掌握Docker镜像与容器相关命令 掌握Tomcat Nginx 等软件的常用应用 ...
- CentOS7安装Docker及配置国内镜像源
环境CentOS7 一.Docker docker安装 https://docs.docker.com/get-docker/ https://docs.docker.com/engine/insta ...
最新文章
- 哥伦比亚大学「机械手」无需提前了解抓握物体,也能灵活适应形状!
- iostat相关参数说明——await:平均每次设备I/O操作的等待时间 (毫秒),如果%util接近 100%,说明产生的I/O请求太多...
- Linxu 进程描述符task_struct
- valueOf()、toString()
- Android的联通性---USB主机模式(三)
- eclipse配置PHP自动提示代码
- java 查询后 jsonobject key 排序_商品品牌业务之后台Java代码的编写
- DOM方式解析XML文件实例
- 基于Lua插件化的Pcap流量监听代理
- JavaEE 保存文件获取绝对路径getResource()和servletContext.getRealPath(/)
- Django接口文档
- 含泪整理最优质相机 单反 摄影3dm犀牛模型素材,你想要的这里都有
- 最大子段和(动态规划算法)
- UVA-816 Abbott's Revenge (bfs)
- 基于Python+djangoWeb的校园信息化统计平台
- 制作web3d动态产品展示的优点
- html4诞生是哪一年,世界第一部电影是哪一年诞生的?
- 通过 GitHubPage 与 Hexo 搭建私人博客教程
- JAVA好管家,一天一个shell命令 linux好管家-进程-ps命令详解
- 网络安全专业应届生必备的几个实用工具,快收藏