Containerd 是一个开源的、符合容器运行时接口(CRI)的容器运行时,最初由 Docker 创建并捐赠给云原生计算基金会(CNCF)。它支持由开放容器倡议(OCI)确定的标准。Containerd 将负责在物理或虚拟机(主机)上管理容器生命周期。守护进程将从容器注册表中拉取容器镜像并挂载存储。它还可以启动、停止、销毁容器,并为容器启用网络。
在大多数情况下,您不需要在 Kubernetes 部署中直接管理 containerd。但我们将提供两种方式,您可以仅用于诊断目的与 containerd 上的镜像和容器交互。
使用 ctr 与 containerd 运行时交互
ctr 是一个不受支持的调试和管理客户端,用于与 containerd 守护进程交互。因为它是不受支持的,所以命令、选项和操作在 containerd 项目的发布版本之间不保证向后兼容或稳定。
通过运行以下命令检查 containerd 服务状态:
$ systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/etc/systemd/system/containerd.service; enabled-runtime; preset: disabled)
Active: active (running) since Wed 2023-07-19 09:46:47 UTC; 1 day 12h ago
Docs: https://containerd.io
Process: 806 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 823 (containerd)
Tasks: 136
Memory: 329.2M
CPU: 19min 51.135s
CGroup: /system.slice/containerd.service
└─ 823 /opt/bin/containerd
接下来获取 containerd 服务器和客户端版本:
$ sudo ctr version
Client:
Version: 1.6.16
Revision: 92b3a9d6f1b3bcc6dc74875cfdea653fe39f09c2
Go version: go1.18.10
Server:
Version: v1.6.8
Revision: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
UUID: 5702a568-3a30-48cc-b97f-96e646cf95ff
WARNING: version mismatch
WARNING: revision mismatch
显示命令列表:
ctr help
显示某个命令的帮助:
ctr help <command>
ctr help images
ctr help run
ctr help container
列出命名空间:
$ sudo ctr ns ls
NAME LABELS
k8s.io
使用 --namespace value, -n value
指定要与命令一起使用的命名空间(默认为“default”)。要列出 containerd 在 kubernetes 命名空间中已知的镜像,请运行:
$ sudo ctr -n k8s.io container list
CONTAINER IMAGE RUNTIME
14547fb3d12d8451b33e8f814fe223bf127f8abf1f48a69a5cf6b2905abccf05 registry.k8s.io/pause:3.6 io.containerd.runc.v2
3791b1b66442a14b6361c2347831981bbedc86a0cead7988f0a137c14b5ef54f registry.k8s.io/kube-apiserver:v1.24.6 io.containerd.runc.v2
4831df98ec7f6981dfbddf1c546c88ac75307f343548e266e37a3984ae36fd75 registry.k8s.io/pause:3.6 io.containerd.runc.v2
50b0ff87965a0f58ce315a40b2e1ebe4a8a97867e2c56c54b58c2fef53768f69 registry.k8s.io/kube-apiserver:v1.24.6 io.containerd.runc.v2
545bf5226fd1ec64ddfd3d64dd3ead50795d0c2cf0b4347708e4a20e1eb248a6 registry.k8s.io/pause:3.6 io.containerd.runc.v2
60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd quay.io/calico/node:v3.23.3 io.containerd.runc.v2
65809c67b6a68dddf62db16a6bd38910016f00e4a243d9a23f1d15a19cf997ef registry.k8s.io/pause:3.6 io.containerd.runc.v2
675d091aa8c3206f7c9d6ee7cf1440429abaf3d9bf23205e2094ee58afb96319 registry.k8s.io/pause:3.6
....
在 kubernetes 命名空间中列出 containerd 插件:
$ sudo ctr -n k8s.io plugins list
TYPE ID PLATFORMS STATUS
io.containerd.content.v1 content - ok
io.containerd.snapshotter.v1 aufs linux/amd64 skip
io.containerd.snapshotter.v1 btrfs linux/amd64 skip
io.containerd.snapshotter.v1 native linux/amd64 ok
io.containerd.snapshotter.v1 overlayfs linux/amd64 ok
io.containerd.snapshotter.v1 zfs linux/amd64 skip
io.containerd.metadata.v1 bolt - ok
....
显示 containerd 事件:
$ sudo ctr events
2023-07-20 22:06:45.533485709 +0000 UTC k8s.io /tasks/exec-added {"container_id":"60bb4a18cca
9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"6535efd575bb0ac4d7c49557fa790962362e8f9c47a376c93daa4481f5b079e3"}
2023-07-20 22:06:45.53386204 +0000 UTC k8s.io /tasks/exec-added {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"befb68da2de2d64ef697d5f28e4285db0faee08b9667fb6d4479e84ec87dc229"}
2023-07-20 22:06:45.55858748 +0000 UTC k8s.io /tasks/exec-started {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"6535efd575bb0ac4d7c49557fa790962362e8f9c47a376c93daa4481f5b079e3","pid":1100376}
2023-07-20 22:06:45.578203661 +0000 UTC k8s.io /tasks/exec-started {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","exec_id":"befb68da2de2d64ef697d5f28e4285db0faee08b9667fb6d4479e84ec87dc229","pid":1100398}
2023-07-20 22:06:45.605581161 +0000 UTC k8s.io /tasks/exit {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","id":"6535efd575bb0ac4d7c49557fa790962362e8f9c47a376c93daa4481f5b079e3","pid":1100376,"exited_at":"2023-07-20T22:06:45.605549682Z"}
2023-07-20 22:06:45.689340832 +0000 UTC k8s.io /tasks/exit {"container_id":"60bb4a18cca9f00f548bbd138792330674e9014957ba3ae05455386ae8d4eabd","id":"befb68da2de2d64ef697d5f28e4285db0faee08b9667fb6d4479e84ec87dc229","pid":1100398,"exited_at":"2023-07-20T22:06:45.689322554Z"}
安装 crictl 工具
你可以从 GitHub 下载 crictl 工具的最新版本。根据你的操作系统选择合适的版本。
*### Linux 64 位 ###*
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v${VER}/crictl-v${VER}-linux-amd64.tar.gz
tar xvf crictl-v${VER}-linux-amd64.tar.gz
*### Linux 32 位 ###*
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v{VER}/crictl-v{VER}-linux-386.tar.gz
tar xvf crictl-v{VER}-linux-386.tar.gz
*### Linux ARM ###*
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v{VER}/crictl-v{VER}-linux-arm.tar.gz
tar xvf crictl-v{VER}-linux-arm.tar.gz
将解压后的二进制文件移动到你的 PATH 目录中。
sudo mv crictl /usr/local/bin
检查已安装的 crictl 版本。
$ sudo crictl version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: v1.6.8
RuntimeApiVersion: v1
显示容器运行时的信息。
sudo crictl info
sudo crictl info|grep -i containerd
列出主机上正在运行的 Pod。
$ sudo crictl pods
POD ID CREATED STATE NAME NAMESPACE ATTEMPT RUNTIME
3fe60548f7980 36 hours ago Ready node-exporter-jfm4r monitoring 67 (default)
fab46d543d1aa 36 hours ago Ready nodelocaldns-76sgx kube-system 1 (default)
e403ba0615eb8 36 hours ago Ready speaker-7q4dm metallb-system 1 (default)
b59a5b4345df8 36 hours ago Ready calico-node-x9vwp kube-system 12 (default)
0025007b6267d 36 hours ago Ready kube-proxy-xwdjj kube-system 1 (default)
...
列出集群节点上的容器镜像。
$ sudo crictl image list
IMAGE TAG IMAGE ID SIZE
docker.io/ambassador/ambassador-agent 1.0.3 0c5f3cfad4d65 33.2MB
docker.io/datawire/aes 1.14.4 3295ac39d11dc 175MB
docker.io/datawire/aes 3.5.1 9f53591be643b 187MB
docker.io/grafana/grafana 9.3.1 179ad45e2c742 97.9MB
docker.io/hashicorp/vault-k8s 1.1.0 d12e0fde3d588 28.7MB
docker.io/hashicorp/vault 1.12.1 ba4d5c495a47b 85.7MB
docker.io/kong/httpbin latest 97011e41c273a 250MB
docker.io/kubernetesui/dashboard v2.7.0 07655ddf2eebe 75.8MB
docker.io/kubernetesui/metrics-scraper v1.0.8 115053965e86b 19.7MB
docker.io/kubeshark/kubeshark 37.0 1437fc61a2aa3 25.3MB
docker.io/library/nginx <none> 448a08f1d2f94 57MB
docker.io/library/nginx <none> eb4a571591807 70.6MB
docker.io/library/nginx <none> 6efc10a0510f1 57MB
docker.io/library/nginx <none> f9c14fe76d502 57.2MB
docker.io/library/nginx 1.24.0 1e96add5ea29f 57MB
docker.io/library/nginx latest 021283c8eb95b 70.6MB
docker.io/library/postgres 13 b9c0a694b7811 137MB
docker.io/library/redis 5.0.1 c188f257942c5 35.2MB
docker.io/library/traefik v2.9.8 85dec640e68e6 38.8MB
...
如果你只需要镜像 ID,可以使用:
sudo crictl images -q
列出节点上活跃的容器。
$ sudo crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
6825d2ec20200 5f5175f39b19e 36 hours ago Running calico-node 15 b59a5b4345df8 calico-node-x9vwp
019b7ffe8efd1 eb5a02daef2fe 36 hours ago Running kube-rbac-proxy 67 3fe60548f7980 node-exporter-jfm4r
3ddaa8beec819 0da6a335fe135 36 hours ago Running node-exporter 67 3fe60548f7980 node-exporter-jfm4r
c8fae715be0e5 5bae806f8f123 36 hours ago Running node-cache 1 fab46d543d1aa nodelocaldns-76sgx
6cbe8ee0d8e80 738c5d221d601 36 hours ago Running speaker 1 e403ba0615eb8 speaker-7q4dm
622e6f6b44bc2 0bb39497ab33b 36 hours ago Running
kube-proxy 1 0025007b6267d kube-proxy-xwdjj
列出所有容器,包括已退出的。
sudo crictl ps -a
获取容器的日志。
sudo crictl logs *<ContainerID>*
列出容器的资源使用统计。
sudo crictl stats *<ContainerID>*
显示一个或多个容器的状态。
sudo crictl inspect *<ContainerID>*
获取所有容器的日志:
crictl logs *<containerid>*
列出 Pod 的资源使用统计。
sudo crictl statsp *<PodID>*
*# 示例* $ sudo crictl statsp 3fe60548f7980
POD POD ID CPU % MEM
node-exporter-jfm4r 3fe60548f7980 1.40 49.97MB
在运行中的容器中执行命令。
sudo crictl exec -i -t *<containerid>* ls
查看更多命令选项,请运行:
sudo crictl help
你可以使用以下语法检查特定命令的帮助页面。
sudo crictl help *<command>*
示例:
$ sudo crictl help port-forward
NAME:
crictl port-forward - Forward local port to a pod
USAGE:
crictl port-forward POD-ID [LOCAL_PORT:]REMOTE_PORT
文章的这一部分主要介绍了如何与 Kubernetes 中的 containerd 运行时进行交互,包括安装 crictl 工具、查看版本、显示容器运行时信息、列出 Pod、镜像和容器等。这些命令对于理解和管理 Kubernetes 集群中的容器非常有用。