1. containerd简介
containerd是由CNCF托管的开源容器运行时,是Docker引擎的核心组件之一。containerd专注于容器的生命周期管理,提供镜像传输、容器执行、快照管理等功能。containerd广泛应用于Kubernetes、Docker等容器平台。更多学习教程www.fgedu.net.cn
containerd的主要特点包括:轻量级设计、OCI标准兼容、镜像管理、容器生命周期管理、快照存储、多平台支持、CRI插件支持、高性能低资源消耗。
2. containerd版本说明
containerd提供多个版本系列,用户可根据需求选择:
当前版本
containerd 2.2.2:最新版本
containerd 2.2.0:稳定版本
containerd 2.1.5:LATEST版本
历史版本
containerd 1.7.x:经典稳定版本
containerd 1.6.x:长期支持版本
依赖要求
runc:OCI运行时
CNI插件:网络配置(可选)
支持的平台
Linux:AMD64、ARM64、PPC64LE、S390X
Windows:AMD64
macOS:AMD64、ARM64
3. 官方下载方式
containerd是完全开源免费的容器运行时,可直接从官网下载。学习交流加群风哥微信: itpux-com
官方下载地址
containerd官网:https://containerd.io/
下载页面:https://containerd.io/downloads/
GitHub仓库:https://github.com/containerd/containerd
使用wget下载
$ wget https://github.com/containerd/containerd/releases/download/v2.2.2/containerd-2.2.2-linux-amd64.tar.gz
# 输出示例如下:
–2026-04-04 10:15:00– https://github.com/containerd/containerd/releases/download/v2.2.2/containerd-2.2.2-linux-amd64.tar.gz
Resolving github.com… 140.82.121.4
Connecting to github.com|140.82.121.4|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 45678901 (44M) [application/octet-stream]
Saving to: ‘containerd-2.2.2-linux-amd64.tar.gz’
containerd-2.2.2-linux-amd64.tar.gz 100%[===========================================>] 43.56M 25.5MB/s in 2s
# 验证下载文件
$ sha256sum containerd-2.2.2-linux-amd64.tar.gz
# 输出示例如下:
abc123def456789… containerd-2.2.2-linux-amd64.tar.gz
# 解压安装包
$ tar -xzf containerd-2.2.2-linux-amd64.tar.gz
# 输出示例如下:
$ ls bin/
containerd containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress ctr
# 下载runc
$ wget https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64
# 输出示例如下:
–2026-04-04 10:15:00– https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64
Resolving github.com… 140.82.121.4
Connecting to github.com|140.82.121.4|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 9876543 (9.4M) [application/octet-stream]
Saving to: ‘runc.amd64’
runc.amd64 100%[===========================================>] 9.42M 25.5MB/s in 0.4s
4. 安装介质说明
containerd提供多种安装介质,用户可根据实际需求选择。from:www.itpux.com
安装方式
二进制包:手动安装,最灵活
RPM包:RHEL/CentOS专用
DEB包:Ubuntu/Debian专用
源码编译:自定义构建
二进制安装
# tar -xzf containerd-2.2.2-linux-amd64.tar.gz -C /usr/local/
# 输出示例如下:
# ls /usr/local/bin/
containerd containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress ctr
# 安装runc
# install -m 755 runc.amd64 /usr/local/sbin/runc
# 创建配置目录
# mkdir -p /etc/containerd
# 生成默认配置
# containerd config default > /etc/containerd/config.toml
# 创建systemd服务
# cat > /etc/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
# 启动containerd服务
# systemctl daemon-reload
# systemctl start containerd
# systemctl enable containerd
# 输出示例如下:
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /etc/lib/systemd/system/containerd.service.
# 查看服务状态
# systemctl status containerd
# 输出示例如下:
● containerd.service - containerd container runtime
Loaded: loaded (/etc/systemd/system/containerd.service; enabled)
Active: active (running) since Fri 2026-04-04 10:30:00 CST; 5s ago
Docs: https://containerd.io
Process: 12345 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 12346 (containerd)
Tasks: 8
Memory: 50.0M
CGroup: /system.slice/containerd.service
└─12346 /usr/local/bin/containerd
5. 系统配置方法
containerd安装后需要进行基本配置,以下是常用配置方法。学习交流加群风哥QQ113257174
配置文件说明
# vi /etc/containerd/config.toml
# 主要配置参数
version = 2
[plugins.”io.containerd.grpc.v1.cri”]
sandbox_image = “registry.k8s.io/pause:3.9″
[plugins.”io.containerd.grpc.v1.cri”.containerd]
snapshotter = “overlayfs”
[plugins.”io.containerd.grpc.v1.cri”.containerd.runtimes.runc]
runtime_type = “io.containerd.runc.v2″
[plugins.”io.containerd.grpc.v1.cri”.containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins.”io.containerd.grpc.v1.cri”.cni]
bin_dir = “/opt/cni/bin”
conf_dir = “/etc/cni/net.d”
[plugins.”io.containerd.grpc.v1.image-encryption”]
key_provider = [“node”]
[metrics]
address = “127.0.0.1:1338”
grpc_histogram = false
[debug]
level = “info”
# 重启服务
# systemctl restart containerd
# 输出示例如下:
# 查看版本
# containerd –version
# 输出示例如下:
containerd github.com/containerd/containerd v2.2.2 abc123def456.m
镜像仓库配置
# vi /etc/containerd/config.toml
[plugins.”io.containerd.grpc.v1.cri”.registry]
[plugins.”io.containerd.grpc.v1.cri”.registry.mirrors]
[plugins.”io.containerd.grpc.v1.cri”.registry.mirrors.”docker.io”]
endpoint = [“https://registry.docker-cn.com”]
[plugins.”io.containerd.grpc.v1.cri”.registry.mirrors.”k8s.gcr.io”]
endpoint = [“https://registry.aliyuncs.com/k8sxio”]
# 配置私有仓库认证
# vi /etc/containerd/config.toml
[plugins.”io.containerd.grpc.v1.cri”.registry.configs]
[plugins.”io.containerd.grpc.v1.cri”.registry.configs.”192.168.1.51:5000″.tls]
insecure_skip_verify = true
[plugins.”io.containerd.grpc.v1.cri”.registry.configs.”192.168.1.51:5000″.auth]
username = “admin”
password = “fgedu@123”
# 重启服务
# systemctl restart containerd
6. 生产环境建议
在生产环境中使用containerd时,需要考虑以下因素:
性能优化配置
# vi /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv6.conf.all.forwarding = 1
# 使配置生效
# sysctl -p
# 输出示例如下:
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
…
# 加载必要的内核模块
# cat > /etc/modules-load.d/containerd.conf << EOF
overlay
br_netfilter
EOF
# 加载模块
# modprobe overlay
# modprobe br_netfilter
# 配置存储驱动
# vi /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".containerd]
snapshotter = "overlayfs"
default_runtime_name = "runc"
[plugins."io.containerd.snapshotter.v1.overlayfs"]
root_path = "/fgeudb/containerd/io.containerd.snapshotter.v1.overlayfs"
7. nerdctl工具使用
nerdctl是containerd的Docker兼容CLI工具:
安装nerdctl
$ wget https://github.com/containerd/nerdctl/releases/download/v2.0.2/nerdctl-2.0.2-linux-amd64.tar.gz
# 输出示例如下:
–2026-04-04 10:15:00– https://github.com/containerd/nerdctl/releases/download/v2.0.2/nerdctl-2.0.2-linux-amd64.tar.gz
Resolving github.com… 140.82.121.4
Connecting to github.com|140.82.121.4|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 34567890 (33M) [application/octet-stream]
Saving to: ‘nerdctl-2.0.2-linux-amd64.tar.gz’
nerdctl-2.0.2-linux-amd64.tar.gz 100%[===========================================>] 32.95M 25.5MB/s in 1s
# 解压安装
# tar -xzf nerdctl-2.0.2-linux-amd64.tar.gz -C /usr/local/bin/
# 输出示例如下:
# nerdctl –version
# 输出示例如下:
nerdctl version 2.0.2
# 使用nerdctl管理容器
# nerdctl pull nginx:latest
# 输出示例如下:
docker.io/library/nginx:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:abc123def456: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:abc123def456: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:abc123def456: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 5.0 s total: 50.0 M (10.0 MiB/s)
# 运行容器
# nerdctl run -d –name nginx -p 80:80 nginx:latest
# 输出示例如下:
abc123def456789…
# 查看容器
# nerdctl ps
# 输出示例如下:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
abc123def456 docker.io/library/nginx:latest “/docker-entrypoint.sh” 5 seconds ago Up 0.0.0.0:80->80/tcp nginx
8. Kubernetes集成
containerd是Kubernetes推荐的容器运行时:
Kubernetes配置
# vi /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
# 测试连接
# crictl –version
# 输出示例如下:
crictl version v1.30.0
# 查看容器
# crictl ps
# 输出示例如下:
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
abc123def456 abc123def456 5 minutes ago Running nginx 0 def456abc123 nginx-pod
# 查看镜像
# crictl images
# 输出示例如下:
IMAGE TAG IMAGE ID SIZE
docker.io/library/nginx latest abc123def456 146MB
registry.k8s.io/pause 3.9 def456abc123 744kB
# 查看Pod
# crictl pods
# 输出示例如下:
POD ID CREATED STATE NAME NAMESPACE ATTEMPT RUNTIME
def456abc123 5 minutes ago Ready nginx-pod default 0 (default)
# Kubernetes节点配置
# vi /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
containerRuntimeEndpoint: unix:///run/containerd/containerd.sock
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
