containerd配置下载镜像
导出镜像:ctr image export --all-platforms nginx.tar.gz docker.io/library/nginx:alpine导入镜像:[root@node2 ~]# ctr images lsREFTYPEDIGEST
·
使用cri-docker参见:cri-docker
containerd相关使用参见:containerd相关使用
导出镜像:
ctr image export --all-platforms nginx.tar.gz docker.io/library/nginx:alpine
ctr image export --platform=linux/amd64 nginx.tar.gz #加上--platform=linux/amd64就没有报错了……
导入镜像:
[root@node2 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:a74534e76ee1121d418fa7394ca930eb67440deda413848bc67c68138535b989 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
- 在拉取镜像、导出镜像时,都加上–all-platforms 时,最后在用ctr i import nginx.tar.gz就不会报错了;
- 在拉取镜像、导出镜像时,都加上–platform=linux/amd64时,最后在用ctr i import nginx.tar.gz时依然报错;
- 在拉起镜像时不添加任何–platform参数,最后在用ctr i import nginx.tar.gz也会报错;
很无语,那么最后再拉取任何镜像时都要加上–all-platforms参数了吗,那就加上呗,要不以后再使用import时会报错; - 配置containerd镜像源为阿里云
将文件/etc/containerd/config.toml中[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]下的endpoint换成阿里云镜像源
#endpoint=[“https://registry-1.docker.io”]
endpoint = [“https://te2osmuz.mirror.aliyuncs.com”]
参照:https://blog.csdn.net/m0_67401270/article/details/123604385
添加容器镜像加速器
[plugins]
[plugins."io.containerd.grpc.v1.cri".registry]
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://xxxxxx.mirror.aliyuncs.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["registry.aliyuncs.com/google_containers"]
或者
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://------.mirror.aliyuncs.com", "https://registry-1.docker.io"]
使用私有仓库
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"] //到此为配置文件默认生成,之后为需要添加的内容
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.66.4"]
endpoint = ["https://192.168.66.4:443"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".auth]
username = "admin"
password = "Harbor12345"
重启containerd
systemctl daemon-reload
systemctl restart containerd
systemctl status containerd
本人的实践:
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry.aliyuncs.com"] # 使用阿里镜像源到此
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."nexus.knowdee.com"]
endpoint = ["http://nexus.knowdee.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."172.70.10.176:89"]
endpoint = ["http://172.70.10.176:89"]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
特别需要指出,如果配置了镜像代理,需要将特定ip从代理中摘除 172.70.0.0/8 ,否则后果自负
[root@node4 ~]# vim /usr/lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
Environment="HTTP_PROXY=socks5://172.60.10.219:10808/"
Environment="HTTPS_PROXY=socks5://172.60.10.219:10808/"
Environment="NO_PROXY=10.96.0.0/12,10.244.0.0/16,127.0.0.1,172.70.0.0/8,localhost,nexus.knowdee.com"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
拉取镜像:
[root@node4 ~]# crictl pull 172.70.10.176:89/chatbot/client-web:dev1657784455316
Image is up to date for sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069
[root@node4 ~]# ctr i pull 172.70.10.176:89/chatbot/client-web:dev1657784455316 --plain-http
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a405d4738aa0721b6a6f99717f5cf3963b41faa8c327d71c071d3b7c32ffad2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2482828374d87e14e888fd04b8ad96aad674ecabfb9be000c0fca0524731859f: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f6ec55d4907a8a895df5686caf5800b31d377066454ea5fcf5f4d311fd8a3727: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 1.5 s total: 0.0 B (0.0 B/s)
unpacking linux/amd64 sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11...
done: 5.375367904s
[root@node1 ~]# nerdctl pull 172.70.10.176:89/chatbot/client-web:dev1657784455316 --insecure-registry
WARN[0000] skipping verifying HTTPS certs for "172.70.10.176:89"
INFO[0000] trying next host error="failed to do request: Head \"https://172.70.10.176:89/v2/chatbot/client-web/manifests/dev1657784455316\": http: server gave HTTP response to HTTPS client" host="172.70.10.176:89"
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolving |--------------------------------------|
elapsed: 0.1 s total: 0.0 B (0.0 B/s)
WARN[0000] server "172.70.10.176:89" does not seem to support HTTPS, falling back to plain HTTP error="failed to resolve reference \"172.70.10.176:89/chatbot/client-web:dev1657784455316\": failed to do request: Head \"https://172.70.10.176:89/v2/chatbot/client-web/manifests/dev1657784455316\": http: server gave HTTP response to HTTPS client"
172.70.10.176:89/chatbot/client-web:dev1657784455316: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c8beb8759d6da664a81987affe5a7c521745d1f1a258dbeeadca3441f05aca11: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:2f59dc79b48b817d75c39aa867a63919d84bbd2c90d7b7f82d369c7e03d65069: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9a405d4738aa0721b6a6f99717f5cf3963b41faa8c327d71c071d3b7c32ffad2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f6ec55d4907a8a895df5686caf5800b31d377066454ea5fcf5f4d311fd8a3727: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2482828374d87e14e888fd04b8ad96aad674ecabfb9be000c0fca0524731859f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 24.6s total: 0.0 B (0.0 B/s)
[root@node1 ~]#
[root@node4 ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
172.70.10.176:89/chatbot/client-web dev1657784455316 c8beb8759d6d 5 minutes ago linux/amd64 217.8 MiB 168.6 MiB
nginx latest 10f14ffa93f8 2 weeks ago linux/amd64 146.4 MiB 54.1 MiB
Jenkins使用buildkit参照:https://itnext.io/jenkins-k8s-buildkit-life-behind-the-corporate-proxy-cb052bd7f969
参考:containerd配置私有镜像源
nerdctl安装过程,参考链接
export NERDCTL_VERSION=0.22.0
wget https://github.com/containerd/nerdctl/releases/download/v0.22.0/nerdctl-full-${NERDCTL_VERSION}-linux-amd64.tar.gz
tar xf nerdctl-full-${NERDCTL_VERSION}-linux-amd64.tar.gz -C /usr/local
systemctl enable containerd buildkit && systemctl start containerd buildkit
运行mysql8.0
nerdctl run \
-p 3306:3306 \
--name mysql \
-v /data/mysql/conf:/etc/mysql/conf.d \
-v /data/mysql/logs:/logs \
-v /data/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 \
-d mysql:8.0.29
占用端口查看
root@node1:~# iptables -t nat -L|grep 3306
DNAT tcp – anywhere anywhere tcp dpt:mysql to:10.4.0.2:3306
##导出 导入
ctr -n k8s.io image export --platform=linux/amd64 kubesphere.tar.gz docker.io/kubesphere/ks-installer:v3.3.0
ctr -n k8s.io image import kubesphere.tar.gz
注意以下Deployment配置清单和kubectl top指令查看pod资源使用率中,都有cpu和内存的两个数量单位(m和Mi),这里把这两个单位解释做个记录:
cpu单位m:代表 “千分之一核心”,譬如50m的含义是指50/1000核心,即5%
内存单位Mi:1Mi = 1024乘1024,而平时使用的单为M是1M = 1000乘1000
查看iptables规则:
[root@node5 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.0.1:30161 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 172.17.0.1:30375 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 172.17.0.1:30814 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 172.17.0.1:31616 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 172.17.0.1:31780 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 172.17.0.1:31923 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 172.17.0.1:31987 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 172.17.0.1:32500 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 172.17.0.1:32511 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 172.70.10.185:30161 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 172.70.10.185:30375 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 172.70.10.185:30814 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 172.70.10.185:31616 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 172.70.10.185:31780 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 172.70.10.185:31923 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 172.70.10.185:31987 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 172.70.10.185:32500 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 172.70.10.185:32511 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.96.0.1:443 rr
-> 172.70.10.181:6443 Masq 1 4 0
-> 172.70.10.182:6443 Masq 1 4 0
-> 172.70.10.183:6443 Masq 1 6 0
TCP 10.96.0.10:53 rr
-> 10.244.104.1:53 Masq 1 0 0
-> 10.244.135.1:53 Masq 1 0 0
TCP 10.96.0.10:9153 rr
-> 10.244.104.1:9153 Masq 1 0 0
-> 10.244.135.1:9153 Masq 1 0 0
TCP 10.96.72.189:9094 rr
-> 10.244.3.65:9094 Masq 1 0 0
TCP 10.99.243.173:80 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 10.99.243.173:443 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 10.100.13.136:443 rr
-> 10.244.3.92:5443 Masq 1 0 0
-> 10.244.139.1:5443 Masq 1 0 0
TCP 10.100.25.75:8080 rr
-> 172.70.10.184:8680 Masq 1 0 0
-> 172.70.10.185:8680 Masq 1 0 0
-> 172.70.10.186:8680 Masq 1 0 0
TCP 10.100.55.229:9080 rr
-> 10.244.33.168:9080 Masq 1 0 0
TCP 10.100.187.139:50000 rr
-> 10.244.139.21:50000 Masq 1 0 0
TCP 10.100.228.120:9080 rr
-> 10.244.3.102:9080 Masq 1 0 0
-> 10.244.33.169:9080 Masq 1 0 0
-> 10.244.33.170:9080 Masq 1 0 0
TCP 10.101.145.76:80 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.101.246.102:80 rr
TCP 10.102.242.109:8080 rr
-> 10.244.139.21:8080 Masq 1 0 0
TCP 10.103.195.183:8080 rr
-> 10.244.3.69:8680 Masq 1 0 0
-> 10.244.33.136:8680 Masq 1 0 0
-> 10.244.139.5:8680 Masq 1 0 0
TCP 10.104.20.123:9080 rr
-> 10.244.33.171:9080 Masq 1 0 0
TCP 10.104.185.143:5473 rr
-> 172.70.10.184:5473 Masq 1 0 0
-> 172.70.10.185:5473 Masq 1 0 0
-> 172.70.10.186:5473 Masq 1 0 0
TCP 10.105.61.39:80 rr
-> 10.244.33.160:8080 Masq 1 0 0
TCP 10.105.61.39:443 rr
-> 10.244.33.160:8443 Masq 1 0 0
TCP 10.106.166.38:9080 rr
-> 10.244.33.167:9080 Masq 1 0 0
TCP 10.107.168.148:443 rr
-> 10.244.33.158:15017 Masq 1 0 0
TCP 10.107.168.148:15010 rr
-> 10.244.33.158:15010 Masq 1 0 0
TCP 10.107.168.148:15012 rr
-> 10.244.33.158:15012 Masq 1 7 0
TCP 10.107.168.148:15014 rr
-> 10.244.33.158:15014 Masq 1 0 0
TCP 10.107.215.134:443 rr
-> 10.244.33.142:8443 Masq 1 0 0
TCP 10.107.240.50:80 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.109.40.81:8080 rr
-> 10.244.3.71:8681 Masq 1 0 0
-> 10.244.33.137:8681 Masq 1 0 0
-> 10.244.139.6:8681 Masq 1 0 0
TCP 10.110.88.160:80 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 10.110.88.160:443 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 10.110.88.160:15021 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 10.110.88.160:15443 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 10.110.88.160:31400 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 10.111.42.135:8080 rr
-> 172.70.10.184:8681 Masq 1 0 0
-> 172.70.10.185:8681 Masq 1 0 0
-> 172.70.10.186:8681 Masq 1 0 0
TCP 10.244.33.128:30161 rr
-> 10.244.33.159:31400 Masq 1 0 0
TCP 10.244.33.128:30375 rr
-> 10.244.33.159:15021 Masq 1 0 0
TCP 10.244.33.128:30814 rr
-> 10.244.33.142:443 Masq 1 0 0
TCP 10.244.33.128:31616 rr
-> 10.244.33.142:80 Masq 1 0 0
TCP 10.244.33.128:31780 rr
-> 10.244.33.159:8080 Masq 1 0 0
TCP 10.244.33.128:31923 rr
-> 10.244.33.159:8443 Masq 1 0 0
TCP 10.244.33.128:31987 rr
-> 10.244.33.159:15443 Masq 1 0 0
TCP 10.244.33.128:32500 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
TCP 10.244.33.128:32511 rr
-> 10.244.3.70:80 Masq 1 0 0
-> 10.244.3.72:80 Masq 1 0 0
-> 10.244.3.93:80 Masq 1 0 0
-> 10.244.139.7:80 Masq 1 0 0
UDP 10.96.0.10:53 rr
-> 10.244.104.1:53 Masq 1 0 43
-> 10.244.135.1:53 Masq 1 0 43
nerdctl是一个非常丰富的containerd cli工具,未来很可能会替换掉ctr和crictl
参考:https://www.modb.pro/db/398176
nerdctl官网:https://www.modb.pro/db/398176
对于k3s
配置containerd配置文件是不行的,需要添加k3s的仓库管理注册表,具体如下:
mkdir -p /etc/rancher/k3s/
cat >/etc/rancher/k3s/registries.yaml <<EOF
mirrors:
docker.io:
endpoint:
- https://registry.aliyuncs.com
rewrite:
"(^.+\$)": "docker.io/\$1"
harbor.knowdee.com:
endpoint:
- http://harbor.knowdee.com
gcr.io:
endpoint:
- https://registry.aliyuncs.com/google_containers
rewrite:
"(^.+\$)": "gcr.io/\$1"
nexus.knowdee.com:
endpoint:
- http://nexus.knowdee.com
k8s.gcr.io:
endpoint:
- https://registry.aliyuncs.com/google_containers
rewrite:
"(^.+\$)": "k8s.gcr.io/\$1"
172.70.10.176:
endpoint:
- http://172.70.10.176:89
EOF
参照:https://blog.csdn.net/wq1205750492/article/details/124822204
nerdctl build http
nerdctl build 如果想使用http,需要配置buildkit
具体:编辑/etc/buildkit/buildkitd.toml
[registry."nexus.knowdee.com"]
http = true
dockerfile如下:
FROM nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8
USER root
WORKDIR /services
COPY target/*.jar /services/app.jar
EXPOSE 80
ENTRYPOINT java $JVM_OPTS -jar app.jar --server.port=80
root@node1:/run/containerd# systemctl daemon-reload
root@node1:/run/containerd# systemctl restart buildkit.service
root@node1:/run/containerd# systemctl status buildkit.service
● buildkit.service - BuildKit
Loaded: loaded (/etc/systemd/system/buildkit.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-08-11 18:16:13 CST; 2s ago
Docs: https://github.com/moby/buildkit
Main PID: 957197 (buildkitd)
Tasks: 24 (limit: 57621)
Memory: 14.1M
CGroup: /system.slice/buildkit.service
└─957197 /usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true
8月 11 18:16:13 node1 systemd[1]: Started BuildKit.
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="using host network as the default"
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="found worker \"i0ta4k12ryuwr1sr0khtiuzt9\", labels=map[org.mobyproject.buildkit.worker.c>
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="platform linux/arm64 cannot pass the validation, kernel support for miscellaneous bin>
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="found 1 workers, default=\"i0ta4k12ryuwr1sr0khtiuzt9\""
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=warning msg="currently, only the default worker can be used."
8月 11 18:16:14 node1 buildkitd[957197]: time="2022-08-11T18:16:14+08:00" level=info msg="running server on /run/buildkit/buildkitd.sock"
root@node1:/home/cyxinda/workspaces/prometheus# nerdctl build -t nexus.knowdee.com/caoyong-test/prometheus:v2.0.0 -f DOCKERFILE .
[+] Building 19.0s (8/8) FINISHED
=> [internal] load .dockerignore 0.3s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from DOCKERFILE 0.4s
=> => transferring dockerfile: 223B 0.0s
=> [internal] load metadata for nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8 0.3s
=> [1/3] FROM nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8@sha256:dc067450dc60648afbc5c7e7303b4f3b186938dff814a44a0a81a0cee2dc8311 0.2s
=> => resolve nexus.knowdee.com/chatbotbase/jdk-centos:17.0.2-8@sha256:dc067450dc60648afbc5c7e7303b4f3b186938dff814a44a0a81a0cee2dc8311 0.2s
=> [internal] load build context 0.5s
=> => transferring context: 18.58MB 0.3s
=> CACHED [2/3] WORKDIR /services 0.0s
=> [3/3] COPY target/*.jar /services/app.jar 1.2s
=> exporting to oci image format 16.4s
=> => exporting layers 2.7s
=> => exporting manifest sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf 0.3s
=> => exporting config sha256:a2482c8619a6c63a8e4befe189df504eb015ad7fe0d55e19002dc7fce73769fe 0.2s
=> => sending tarball 12.6s
unpacking nexus.knowdee.com/caoyong-test/prometheus:v2.0.0 (sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf)...done
root@node1:/home/cyxinda/workspaces/prometheus# nerdctl push nexus.knowdee.com/caoyong-test/prometheus:v2.0.0
INFO[0000] pushing as a reduced-platform image (application/vnd.docker.distribution.manifest.v2+json, sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf)
manifest-sha256:cdbf3fdad0b1fd9ce980066df314eede2b01d3ff48ab384e9e34fa0f397c6fbf: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:a2482c8619a6c63a8e4befe189df504eb015ad7fe0d55e19002dc7fce73769fe: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 3.3 s total: 6.1 Ki (1.9 KiB/s)
root@node1:/home/cyxinda/workspaces/prometheus#
参考buildkit官网:https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
debug = true
# root is where all buildkit state is stored.
root = "/var/lib/buildkit"
# insecure-entitlements allows insecure entitlements, disabled by default.
insecure-entitlements = [ "network.host", "security.insecure" ]
[grpc]
address = [ "tcp://0.0.0.0:1234" ]
# debugAddress is address for attaching go profiles and debuggers.
debugAddress = "0.0.0.0:6060"
uid = 0
gid = 0
[grpc.tls]
cert = "/etc/buildkit/tls.crt"
key = "/etc/buildkit/tls.key"
ca = "/etc/buildkit/tlsca.crt"
[worker.oci]
enabled = true
# platforms is manually configure platforms, detected automatically if unset.
platforms = [ "linux/amd64", "linux/arm64" ]
snapshotter = "auto" # overlayfs or native, default value is "auto".
rootless = false # see docs/rootless.md for the details on rootless mode.
# Whether run subprocesses in main pid namespace or not, this is useful for
# running rootless buildkit inside a container.
noProcessSandbox = false
gc = true
gckeepstorage = 9000
# alternate OCI worker binary name(example 'crun'), by default either
# buildkit-runc or runc binary is used
binary = ""
# name of the apparmor profile that should be used to constrain build containers.
# the profile should already be loaded (by a higher level system) before creating a worker.
apparmor-profile = ""
# limit the number of parallel build steps that can run at the same time
max-parallelism = 4
[worker.oci.labels]
"foo" = "bar"
[[worker.oci.gcpolicy]]
keepBytes = 512000000
keepDuration = 172800
filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
[[worker.oci.gcpolicy]]
all = true
keepBytes = 1024000000
[worker.containerd]
address = "/run/containerd/containerd.sock"
enabled = true
platforms = [ "linux/amd64", "linux/arm64" ]
namespace = "buildkit"
gc = true
# gckeepstorage sets storage limit for default gc profile, in MB.
gckeepstorage = 9000
[worker.containerd.labels]
"foo" = "bar"
[[worker.containerd.gcpolicy]]
keepBytes = 512000000
keepDuration = 172800 # in seconds
filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"]
[[worker.containerd.gcpolicy]]
all = true
keepBytes = 1024000000
# registry configures a new Docker register used for cache import or output.
[registry."docker.io"]
mirrors = ["yourmirror.local:5000"]
http = true
insecure = true
ca=["/etc/config/myca.pem"]
[[registry."docker.io".keypair]]
key="/etc/config/key.pem"
cert="/etc/config/cert.pem"
# optionally mirror configuration can be done by defining it as a registry.
[registry."yourmirror.local:5000"]
http = true
nerdctl push到harbor中,参考:https://blog.csdn.net/Michaelwubo/article/details/122745348
ctr容器信息
您可以使用infoin containerd 来检查 containerd 中的容器。
首先列出您要检查的容器
ctr --namespace k8s.io containers ls
备注:Containerd 有命名空间https://github.com/containerd/containerd/blob/master/README.md#namespaces,所以使用 --namespaces 标志或 ns 标志,上面k8s.io是命名空间
获取容器列表后,您可以使用以下命令获取有关您想要的特定容器的信息
句法:
ctr --namespace <namespace_name> containers info <container_id>
实践:
ctr --namespace k8s.io containers info 85ed1aeb518ff57f6cc5b80c599f0c4bfcc8e944f842c98aeed5ffceaa5e6aaa
为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。
更多推荐
1
1- 0
已为社区贡献3条内容
所有评论(0)