containerd而非docker,需要離線導入鏡像
解決原理
https://segmentfault.com/a/1190000019534913
ctr --namespace=k8s.io images ls
獲取到你需要的鏡像名稱和版本之后 (參見后面的排查技巧) docker pull mirrorgooglecontainers/$imageName:$imageVersion docker tag mirrorgooglecontainers/$imageName:$imageVersion k8s.gcr.io/$imageName:$imageVersion docker save k8s.gcr.io/$imageName:$imageVersion > $imageName.tar microk8s.ctr -n k8s.io image import $imageName.tar
使用ctr命令導入鏡像。 ctr image import app.tar #導入本地鏡像 ctr images list|grep app #查看導入的鏡像 crictl images list|grep app #此命令也可查看 命令介紹: ctr:是containerd本身的CLI crictl :是Kubernetes社區定義的專門CLI工具
Steps to reproduce: ctr images tag 192.168.56.1:8080/docker/alpine:latest 192.168.56.1:8080/docker/alpine:1.1 192.168.56.1:8080/docker/alpine:1.1 ctr images push 192.168.56.1:8080/docker/alpine:latest 192.168.56.1:8080/docker/alpine:1.1 index-sha256:c19173c5ada610a5989151111163d28a67368362762534d8a8121ce95cf2bd5a: waiting |--------------------------------------| elapsed: 0.1 s total: 0.0 B (0.0 B/s) ctr: content digest sha256:29a82d50bdb8dd7814009852c1773fb9bb300d2f655bd1cd9e764e7bb1412be3: not found
As you see this is quite powerful and you can do a lot with it. Let’s start by pulling an image # ctr image pull docker.io/library/hello-world This would give you an error saying you missed an object, because Containerd requires you to specify the object like the command below: # ctr image pull docker.io/library/hello-world:latest You can replace object with whatever is available like ‘alpine’ Let’s try listing the image to confirm # ctr image ls This can be a bit unfriendly, so try the following command: #ctr image ls -q The above command will give only the image name and nothing else. Now that we’ve got our image, we need to run a container. #ctr container create docker.io/library/hello-world:latest demo This would create a container with container id, ‘demo’, based on the image that we pulled. There are a few things to notice here: The output is not redirected to the CLI by default. Unlike Docker, we need to use the full path with the object every time we use a container image. Also, the image needs to be pulled before being able to run a container. We can list the containers created with the command below: #ctr container list You can see the demo container listed. You can even use -q to get just the container names. Now to delete the image. #ctr image remove docker.io/library/hello-world:latest This would delete the image. What would happen to your container? #ctr container list Your container would still be running. This is because containerd works on references, and in this case, the image is no longer being referenced as an image but it is still being referenced by the container (as a snapshot), so it wouldn’t be deleted as long as it’s being referenced. You’ll get a better picture when learning about snapshots, which would be a topic for another article. For now, we’ll delete the image. #ctr container remove demo Please leave a comment with any suggestions.
常用技巧 containerd相關的CLI確實沒有Docker CLI方便,比如筆者在使用containerd時碰到一個場景,期望實現對鏡像重新tag的操作,這在Docker下非常容易做到,但是在containerd下非常麻煩。crictl中並不支持這種操作,社區中也有相關issue解釋: https://github.com/kubernetes- ... s/438 所以我們只能使用其他方式,通常我會這樣做: 在一台機去上使用docker tag轉換image 導出鏡像,並拷貝到k3s機器上 docker tag busybox busyboxaaa docker save -o busybox.tar busyboxaaa scp busybox.tar ubuntu@172.31.24.12:~/ 用ctr導入 ctr image import busybox.tar
root@ubuntu:~# docker pull coredns/coredns:coredns-arm64 coredns-arm64: Pulling from coredns/coredns Digest: sha256:e98e05b50afc6606d3e0a66e264175910651746262e4a4823299ec6c827ef72a Status: Image is up to date for coredns/coredns:coredns-arm64 docker.io/coredns/coredns:coredns-arm64 root@ubuntu:~# docker tag coredns/coredns:coredns-arm64 k8s.gcr.io/coredns:1.6.7 root@ubuntu:~# docker save -o coredns:coredns-arm64.tar k8s.gcr.io/coredns:1.6.7 root@ubuntu:~# ctr image import coredns:coredns-arm64.tar unpacking k8s.gcr.io/coredns:1.6.7 (sha256:19910cb28a673d9ad642c3762b71fb5da6668537d9417d14d4d0cbf82569d7a8)...done root@ubuntu:~#
兩者命令對比表: id containerd 命令 docker 命令 備注 1 ctr image ls docker images 獲取image信息 2 ctr image pull nginx docker pull nginx pull 一個nginx的image 3 ctr image tag nginx nginx-test docker tag nginx nginx-test tag 一個nginx的image 4 ctr image push nginx-test docker push nginx-test push nginx-test的image 5 ctr image pull nginx docker pull nginx pull 一個nginx的image 6 ctr image import nginx.tar docker load<nginx.tar.gz 導入本地鏡像ctr不支持壓縮 7 ctr run -d --env 111 nginx-test nginx docker run -d --name=nginx nginx-test 運行的一個容器 8 ctr task ls docker ps 查看運行的容器
https://github.com/kubernetes/kubeadm/issues/1885
root@ubuntu:~# kubeadm init --kubernetes-version=v1.18.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.10.16.82 --ignore-preflight-errors=all unix:///run/containerd/containerd.sock --image-repository registry.aliyuncs.com/google_containers unknown command "unix:///run/containerd/containerd.sock" for "kubeadm init" To see the stack trace of this error execute with --v=5 or higher root@ubuntu:~# kubeadm init --kubernetes-version=v1.18.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.10.16.82 --ignore-preflight-errors=all unix:///run/containerd/containerd.sock --image-repository registry.aliyuncs.com/google_containers --v=5 unknown command "unix:///run/containerd/containerd.sock" for "kubeadm init" root@ubuntu:~#
root@ubuntu:~# ctr images -help NAME: ctr images - manage images USAGE: ctr images command [command options] [arguments...] COMMANDS: check check that an image has all content available locally export export images import import images list, ls list images known to containerd pull pull an image from a remote push push an image to a remote remove, rm remove one or more images by reference tag tag an image label set and clear labels for an image OPTIONS: --help, -h show help root@ubuntu:~#
root@ubuntu:~# ctr images list -help NAME: ctr images list - list images known to containerd USAGE: ctr images list [command options] [flags] [<filter>, ...] DESCRIPTION: list images registered with containerd OPTIONS: --quiet, -q print only the image refs root@ubuntu:~# ctr images list -q docker.io/library/nginx:alpine k8s.gcr.io/coredns:1.6.7 k8s.gcr.io/etcd-arm64:3.4.3-0 k8s.gcr.io/kube-apiserver:v1.18.1 k8s.gcr.io/kube-controller-manager:v1.18.1 k8s.gcr.io/kube-proxy:v1.18.1 k8s.gcr.io/kube-scheduler:v1.18.1 k8s.gcr.io/pause-arm64:3.2 root@ubuntu:~#
root@ubuntu:~# ctr images list -q docker.io/library/nginx:alpine k8s.gcr.io/coredns:1.6.7 k8s.gcr.io/etcd-arm64:3.4.3-0 k8s.gcr.io/kube-apiserver:v1.18.1 k8s.gcr.io/kube-controller-manager:v1.18.1 k8s.gcr.io/kube-proxy:v1.18.1 k8s.gcr.io/kube-scheduler:v1.18.1 k8s.gcr.io/pause-arm64:3.2 root@ubuntu:~# ctr images rm $(ctr images list -q) docker.io/library/nginx:alpine k8s.gcr.io/coredns:1.6.7 k8s.gcr.io/etcd-arm64:3.4.3-0 k8s.gcr.io/kube-apiserver:v1.18.1 k8s.gcr.io/kube-controller-manager:v1.18.1 k8s.gcr.io/kube-proxy:v1.18.1 k8s.gcr.io/kube-scheduler:v1.18.1 k8s.gcr.io/pause-arm64:3.2 root@ubuntu:~# ctr images list -q root@ubuntu:~#
root@ubuntu:~# ctr -n k8s.gcr.io images list -q k8s.gcr.io/coredns:1.6.7 k8s.gcr.io/etcd-arm64:3.4.3-0 k8s.gcr.io/kube-apiserver:v1.18.1 k8s.gcr.io/kube-controller-manager:v1.18.1 k8s.gcr.io/kube-proxy:v1.18.1 k8s.gcr.io/kube-scheduler:v1.18.1 k8s.gcr.io/pause-arm64:3.2 root@ubuntu:~# ctr -n k8s.gcr.io images rm $(ctr -n k8s.gcr.io images list -q) k8s.gcr.io/coredns:1.6.7 k8s.gcr.io/etcd-arm64:3.4.3-0 k8s.gcr.io/kube-apiserver:v1.18.1 k8s.gcr.io/kube-controller-manager:v1.18.1 k8s.gcr.io/kube-proxy:v1.18.1 k8s.gcr.io/kube-scheduler:v1.18.1 k8s.gcr.io/pause-arm64:3.2 root@ubuntu:~# ctr -n k8s.gcr.io images list -q root@ubuntu:~#
root@ubuntu:~# kubeadm config images list --image-repository k8s.gcr.io I1015 09:51:08.165119 47994 version.go:252] remote version is much newer: v1.19.3; falling back to: stable-1.18 W1015 09:51:08.786382 47994 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] k8s.gcr.io/kube-apiserver:v1.18.9 k8s.gcr.io/kube-controller-manager:v1.18.9 k8s.gcr.io/kube-scheduler:v1.18.9 k8s.gcr.io/kube-proxy:v1.18.9 k8s.gcr.io/pause:3.2 k8s.gcr.io/etcd:3.4.3-0 k8s.gcr.io/coredns:1.6.7 root@ubuntu:~#
