导出镜像
1
2
|
ctr i export --all-platforms nginx.tar docker.io/library/nginx:alpine
ctr -n k8s.io i export k8s-1-23-8.tar k8s.gcr.io/coredns/coredns:v1.8.6 k8s.gcr.io/cpa/cluster-proportional-autoscaler-amd64:1.8.5 k8s.gcr.io/dns/k8s-dns-node-cache:1.21.1 k8s.gcr.io/kube-apiserver:v1.23.8 k8s.gcr.io/kube-controller-manager:v1.23.8 k8s.gcr.io/kube-proxy:v1.23.8 k8s.gcr.io/kube-scheduler:v1.23.8 k8s.gcr.io/metrics-server/metrics-server:v0.5.2 k8s.gcr.io/pause:3.6
|
导入镜像:
1
|
ctr -n k8s.io i import k8s.tar
|
在拉取镜像、导出镜像时,都加上–all-platforms 时,最后在用 ctr i import nginx.tar.gz 就不会报错了;
在拉取镜像、导出镜像时,都加上–platform=linux/amd64 时,最后在用 ctr i import nginx.tar.gz 时依然报错;
在拉起镜像时不添加任何–platform 参数,最后在用 ctr i import nginx.tar.gz 也会报错; 很无语,那么最后再拉取任何镜像时都要加上–all-platforms 参数了吗,那就加上呗,要不以后再使用 import 时会报错;
配置 containerd 镜像源为阿里云 将文件/etc/containerd/config.toml 中[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]下的 endpoint 换成阿里云镜像源
例如:
1
2
3
4
5
6
7
8
|
[plugins]
[plugins."io.containerd.grpc.v1.cri".registry]
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://xxxxxx.mirror.aliyuncs.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["registry.aliyuncs.com/google_containers"]
|
或者
1
2
3
4
|
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://------.mirror.aliyuncs.com", "https://registry-1.docker.io"]
|
使用私有仓库
1
2
3
4
5
6
7
8
9
10
11
12
|
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"] //到此为配置文件默认生成,之后为需要添加的内容
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.66.4"]
endpoint = ["https://192.168.66.4:443"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".auth]
username = "admin"
password = "Harbor12345"
|
重启 containerd
1
2
3
|
systemctl daemon-reload
systemctl restart containerd
systemctl status containerd
|
特别需要指出,如果配置了镜像代理,需要将特定 ip 从代理中摘除 172.70.0.0/8 ,否则后果自负
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
[root@node4 ~]# vim /usr/lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
Environment="HTTP_PROXY=socks5://172.60.10.219:10808/"
Environment="HTTPS_PROXY=socks5://172.60.10.219:10808/"
Environment="NO_PROXY=10.96.0.0/12,10.244.0.0/16,127.0.0.1,172.70.0.0/8,localhost,nexus.knowdee.com"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
|
拉取镜像:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[root@node4 ~]# crictl pull 172.70.10.176:89/chatbot/client-web:dev1657784455316
Image is up to date for sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069
[root@node4 ~]# ctr i pull 172.70.10.176:89/chatbot/client-web:dev1657784455316 --plain-http
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a405d4738aa0721b6a6f99717f5cf3963b41faa8c327d71c071d3b7c32ffad2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2482828374d87e14e888fd04b8ad96aad674ecabfb9be000c0fca0524731859f: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f6ec55d4907a8a895df5686caf5800b31d377066454ea5fcf5f4d311fd8a3727: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 1.5 s total: 0.0 B (0.0 B/s)
unpacking linux/amd64 sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11...
done: 5.375367904s
[root@node1 ~]# nerdctl pull 172.70.10.176:89/chatbot/client-web:dev1657784455316 --insecure-registry
WARN[0000] skipping verifying HTTPS certs for "172.70.10.176:89"
INFO[0000] trying next host error="failed to do request: Head \"https://172.70.10.176:89/v2/chatbot/client-web/manifests/dev1657784455316\": http: server gave HTTP response to HTTPS client" host="172.70.10.176:89"
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolving |--------------------------------------|
elapsed: 0.1 s total: 0.0 B (0.0 B/s)
WARN[0000] server "172.70.10.176:89" does not seem to support HTTPS, falling back to plain HTTP error="failed to resolve reference \"172.70.10.176:89/chatbot/client-web:dev1657784455316\": failed to do request: Head \"https://172.70.10.176:89/v2/chatbot/client-web/manifests/dev1657784455316\": http: server gave HTTP response to HTTPS client"
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a405d4738aa0721b6a6f99717f5cf3963b41faa8c327d71c071d3b7c32ffad2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f6ec55d4907a8a895df5686caf5800b31d377066454ea5fcf5f4d311fd8a3727: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2482828374d87e14e888fd04b8ad96aad674ecabfb9be000c0fca0524731859f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 24.6s total: 0.0 B (0.0 B/s)
[root@node1 ~]#
[root@node4 ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
172.70.10.176:89/chatbot/client-web dev1657784455316 c8beb8759d6d 5 minutes ago linux/amd64 217.8 MiB 168.6 MiB
nginx latest 10f14ffa93f8 2 weeks ago linux/amd64 146.4 MiB 54.1 MiB
|
Jenkins 使用 buildkit 参照:itnext.io/jenkins-k8s… 参考:containerd 配置私有镜像源 nerdctl 安装过程,参考链接
1
2
3
4
|
export NERDCTL_VERSION=0.22.0
wget https://github.com/containerd/nerdctl/releases/download/v0.22.0/nerdctl-full-${NERDCTL_VERSION}-linux-amd64.tar.gz
tar xf nerdctl-full-${NERDCTL_VERSION}-linux-amd64.tar.gz -C /usr/local
systemctl enable containerd buildkit && systemctl start containerd buildkit
|
运行 mysql8.0
1
2
3
4
5
6
7
8
|
nerdctl run \
-p 3306:3306 \
--name mysql \
-v /data/mysql/conf:/etc/mysql/conf.d \
-v /data/mysql/logs:/logs \
-v /data/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 \
-d mysql:8.0.29
|
占用端口查看 root@node1:~# iptables -t nat -L|grep 3306 DNAT tcp – anywhere anywhere tcp dpt:mysql to:10.4.0.2:3306
1
2
3
|
##导出 导入
ctr -n k8s.io image export --platform=linux/amd64 kubesphere.tar.gz docker.io/kubesphere/ks-installer:v3.3.0
ctr -n k8s.io image import kubesphere.tar.gz
|
注意以下 Deployment 配置清单和 kubectl top 指令查看 pod 资源使用率中,都有 cpu 和内存的两个数量单位(m 和 Mi),这里把这两个单位解释做个记录:
1
2
|
cpu单位m:代表 “千分之一核心”,譬如50m的含义是指50/1000核心,即5%
内存单位Mi:1Mi = 1024乘1024,而平时使用的单为M是1M = 1000乘1000
|
查看 iptables 规则:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
[root@node5 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.0.1:30161 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 172.17.0.1:30375 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 172.17.0.1:30814 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 172.17.0.1:31616 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 172.17.0.1:31780 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 172.17.0.1:31923 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 172.17.0.1:31987 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 172.17.0.1:32500 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 172.17.0.1:32511 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 172.70.10.185:30161 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 172.70.10.185:30375 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 172.70.10.185:30814 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 172.70.10.185:31616 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 172.70.10.185:31780 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 172.70.10.185:31923 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 172.70.10.185:31987 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 172.70.10.185:32500 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 172.70.10.185:32511 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.96.0.1:443 rr
-> 172.70.10.181:6443 Masq 1 4 0
-> 172.70.10.182:6443 Masq 1 4 0
-> 172.70.10.183:6443 Masq 1 6 0
TCP 10.96.0.10:53 rr
-> 10.244.104.1:53 Masq 1 0 0
-> 10.244.135.1:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr
-> 10.244.104.1:9153 Masq 1 0 0
-> 10.244.135.1:9153 Masq 1 0 0
TCP 10.96.72.189:9094 rr
-> 10.244.3.65:9094 Masq 1 0 0
TCP 10.99.243.173:80 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 10.99.243.173:443 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 10.100.13.136:443 rr
-> 10.244.3.92:5443 Masq 1 0 0
-> 10.244.139.1:5443 Masq 1 0 0
TCP 10.100.25.75:8080 rr
-> 172.70.10.184:8680 Masq 1 0 0
-> 172.70.10.185:8680 Masq 1 0 0
-> 172.70.10.186:8680 Masq 1 0 0
TCP 10.100.55.229:9080 rr
-> 10.244.33.168:9080 Masq 1 0 0
TCP 10.100.187.139:50000 rr
-> 10.244.139.21:50000 Masq 1 0 0
TCP 10.100.228.120:9080 rr
-> 10.244.3.102:9080 Masq 1 0 0
-> 10.244.33.169:9080 Masq 1 0 0
-> 10.244.33.170:9080 Masq 1 0 0
TCP 10.101.145.76:80 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.101.246.102:80 rr
TCP 10.102.242.109:8080 rr
-> 10.244.139.21:8080 Masq 1 0 0
TCP 10.103.195.183:8080 rr
-> 10.244.3.69:8680 Masq 1 0 0
-> 10.244.33.136:8680 Masq 1 0 0
-> 10.244.139.5:8680 Masq 1 0 0
TCP 10.104.20.123:9080 rr
-> 10.244.33.171:9080 Masq 1 0 0
TCP 10.104.185.143:5473 rr
-> 172.70.10.184:5473 Masq 1 0 0
-> 172.70.10.185:5473 Masq 1 0 0
-> 172.70.10.186:5473 Masq 1 0 0
TCP 10.105.61.39:80 rr
-> 10.244.33.160:8080 Masq 1 0 0
TCP 10.105.61.39:443 rr
-> 10.244.33.160:8443 Masq 1 0 0
TCP 10.106.166.38:9080 rr
-> 10.244.33.167:9080 Masq 1 0 0
TCP 10.107.168.148:443 rr
-> 10.244.33.158:15017 Masq 1 0 0
TCP 10.107.168.148:15010 rr
-> 10.244.33.158:15010 Masq 1 0 0
TCP 10.107.168.148:15012 rr
-> 10.244.33.158:15012 Masq 1 7 0
TCP 10.107.168.148:15014 rr
-> 10.244.33.158:15014 Masq 1 0 0
TCP 10.107.215.134:443 rr
-> 10.244.33.142:8443 Masq 1 0 0
TCP 10.107.240.50:80 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.109.40.81:8080 rr
-> 10.244.3.71:8681 Masq 1 0 0
-> 10.244.33.137:8681 Masq 1 0 0
-> 10.244.139.6:8681 Masq 1 0 0
TCP 10.110.88.160:80 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 10.110.88.160:443 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 10.110.88.160:15021 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 10.110.88.160:15443 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 10.110.88.160:31400 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 10.111.42.135:8080 rr
-> 172.70.10.184:8681 Masq 1 0 0
-> 172.70.10.185:8681 Masq 1 0 0
-> 172.70.10.186:8681 Masq 1 0 0
TCP 10.244.33.128:30161 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 10.244.33.128:30375 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 10.244.33.128:30814 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 10.244.33.128:31616 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 10.244.33.128:31780 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 10.244.33.128:31923 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 10.244.33.128:31987 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 10.244.33.128:32500 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.244.33.128:32511 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
UDP 10.96.0.10:53 rr
-> 10.244.104.1:53 Masq 1 0 43
-> 10.244.135.1:53 Masq 1 0 43
|
nerdctl 是一个非常丰富的 containerd cli 工具,未来很可能会替换掉 ctr 和 crictl 参考:www.modb.pro/db/398176 nerdctl 官网:www.modb.pro/db/398176
对于 k3s
配置 containerd 配置文件是不行的,需要添加 k3s 的仓库管理注册表,具体如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
mkdir -p /etc/rancher/k3s/
cat >/etc/rancher/k3s/registries.yaml <<EOF
mirrors:
docker.io:
endpoint:
- https://registry.aliyuncs.com
rewrite:
"(^.+\$)": "docker.io/\$1"
harbor.knowdee.com:
endpoint:
- http://harbor.knowdee.com
gcr.io:
endpoint:
- https://registry.aliyuncs.com/google_containers
rewrite:
"(^.+\$)": "gcr.io/\$1"
nexus.knowdee.com:
endpoint:
- http://nexus.knowdee.com
k8s.gcr.io:
endpoint:
- https://registry.aliyuncs.com/google_containers
rewrite:
"(^.+\$)": "k8s.gcr.io/\$1"
172.70.10.176:
endpoint:
- http://172.70.10.176:89
EOF
|
参照:blog.csdn.net/wq120575049…
nerdctl build http
nerdctl build 如果想使用 http,需要配置 buildkit 具体:编辑/etc/buildkit/buildkitd.toml
1
2
|
[registry."nexus.knowdee.com"]
http = true
|
dockerfile 如下:
1
2
3
4
5
6
|
FROM nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8
USER root
WORKDIR /services
COPY target/*.jar /services/app.jar
EXPOSE 80
ENTRYPOINT java $JVM_OPTS -jar app.jar --server.port=80
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
root@node1:/run/containerd# systemctl daemon-reload
root@node1:/run/containerd# systemctl restart buildkit.service
root@node1:/run/containerd# systemctl status buildkit.service
● buildkit.service - BuildKit
Loaded: loaded (/etc/systemd/system/buildkit.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-08-11 18:16:13 CST; 2s ago
Docs: https://github.com/moby/buildkit
Main PID: 957197 (buildkitd)
Tasks: 24 (limit: 57621)
Memory: 14.1M
CGroup: /system.slice/buildkit.service
└─957197 /usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
8月 11 18:16:13 node1 systemd[1]: Started BuildKit.
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="using host network as the default"
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="found worker \"i0ta4k12ryuwr1sr0khtiuzt9\", labels=map[org.mobyproject.buildkit.worker.c>
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="platform linux/arm64 cannot pass the validation, kernel support for miscellaneous bin>
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="found 1 workers, default=\"i0ta4k12ryuwr1sr0khtiuzt9\""
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="currently, only the default worker can be used."
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="running server on /run/buildkit/buildkitd.sock"
root@node1:/home/cyxinda/workspaces/prometheus# nerdctl build -t nexus.knowdee.com/caoyong-test/prometheus:v2.0.0 -f DOCKERFILE .
[+] Building 19.0s (8/8) FINISHED
=> [internal] load .dockerignore 0.3s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from DOCKERFILE 0.4s
=> => transferring dockerfile: 223B 0.0s
=> [internal] load metadata for nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8 0.3s
=> [1/3] FROM nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8@sha256:dc067450dc60648afbc5c7e7303b4f3b186938dff814a44a0a81a0cee2dc8311 0.2s
=> => resolve nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8@sha256:dc067450dc60648afbc5c7e7303b4f3b186938dff814a44a0a81a0cee2dc8311 0.2s
=> [internal] load build context 0.5s
=> => transferring context: 18.58MB 0.3s
=> CACHED [2/3] WORKDIR /services 0.0s
=> [3/3] COPY target/*.jar /services/app.jar 1.2s
=> exporting to oci image format 16.4s
=> => exporting layers 2.7s
=> => exporting manifest sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf 0.3s
=> => exporting config sha256:a2482c8619a6c63a8e4befe189df504eb015ad7fe0d55e19002dc7fce73769fe 0.2s
=> => sending tarball 12.6s
unpacking nexus.knowdee.com/caoyong-test/prometheus:v2.0.0 (sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf)...done
root@node1:/home/cyxinda/workspaces/prometheus# nerdctl push nexus.knowdee.com/caoyong-test/prometheus:v2.0.0
INFO[0000] pushing as a reduced-platform image (application/vnd.docker.distribution.manifest.v2+json, sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf)
manifest-sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:a2482c8619a6c63a8e4befe189df504eb015ad7fe0d55e19002dc7fce73769fe: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 3.3 s total: 6.1 Ki (1.9 KiB/s)
root@node1:/home/cyxinda/workspaces/prometheus#
|
参考 buildkit 官网:github.com/moby/buildk…
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
debug = true
# root is where all buildkit state is stored.
root = "/var/lib/buildkit"
# insecure-entitlements allows insecure entitlements, disabled by default.
insecure-entitlements = [ "network.host", "security.insecure" ]
[grpc]
address = [ "tcp://0.0.0.0:1234" ]
# debugAddress is address for attaching go profiles and debuggers.
debugAddress = "0.0.0.0:6060"
uid = 0
gid = 0
[grpc.tls]
cert = "/etc/buildkit/tls.crt"
key = "/etc/buildkit/tls.key"
ca = "/etc/buildkit/tlsca.crt"
[worker.oci]
enabled = true
# platforms is manually configure platforms, detected automatically if unset.
platforms = [ "linux/amd64", "linux/arm64" ]
snapshotter = "auto" # overlayfs or native, default value is "auto".
rootless = false # see docs/rootless.md for the details on rootless mode.
# Whether run subprocesses in main pid namespace or not, this is useful for
# running rootless buildkit inside a container.
noProcessSandbox = false
gc = true
gckeepstorage = 9000
# alternate OCI worker binary name(example 'crun'), by default either
# buildkit-runc or runc binary is used
binary = ""
# name of the apparmor profile that should be used to constrain build containers.
# the profile should already be loaded (by a higher level system) before creating a worker.
apparmor-profile = ""
# limit the number of parallel build steps that can run at the same time
max-parallelism = 4
[worker.oci.labels]
"foo" = "bar"
[[worker.oci.gcpolicy]]
keepBytes = 512000000
keepDuration = 172800
filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
[[worker.oci.gcpolicy]]
all = true
keepBytes = 1024000000
[worker.containerd]
address = "/run/containerd/containerd.sock"
enabled = true
platforms = [ "linux/amd64", "linux/arm64" ]
namespace = "buildkit"
gc = true
# gckeepstorage sets storage limit for default gc profile, in MB.
gckeepstorage = 9000
[worker.containerd.labels]
"foo" = "bar"
[[worker.containerd.gcpolicy]]
keepBytes = 512000000
keepDuration = 172800 # in seconds
filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
[[worker.containerd.gcpolicy]]
all = true
keepBytes = 1024000000
# registry configures a new Docker register used for cache import or output.
[registry."docker.io"]
mirrors = ["yourmirror.local:5000"]
http = true
insecure = true
ca=["/etc/config/myca.pem"]
[[registry."docker.io".keypair]]
key="/etc/config/key.pem"
cert="/etc/config/cert.pem"
# optionally mirror configuration can be done by defining it as a registry.
[registry."yourmirror.local:5000"]
http = true
|
nerdctl push 到 harbor 中,参考:blog.csdn.net/Michaelwubo…
ctr 容器信息
您可以使用 infoin containerd 来检查 containerd 中的容器。
首先列出您要检查的容器
1
|
ctr --namespace k8s.io containers ls
|
*备注:Containerd 有命名空间github.com/containerd/… –namespaces 标志或 ns 标志,上面 k8s.io 是命名空间*
获取容器列表后,您可以使用以下命令获取有关您想要的特定容器的信息
句法:
1
|
ctr --namespace <namespace_name> containers info <container_id>
|
实践:
1
|
ctr --namespace k8s.io containers info 85ed1aeb518ff57f6cc5b80c599f0c4bfcc8e944f842c98aeed5ffceaa5e6aaa
|