锐客网

  1. 首页 > 睿知 > it技术 > >

docker containerd cri-o 添加 crun runtime

IT知识containerdcontainer

千金一刻莫空度,老大无成空自伤。这篇文章主要讲述docker containerd cri-o 添加 crun runtime相关的知识,希望能为你提供帮助。

  • crun下载地址:
下载 crun
# 下载crun wget https://github.com/containers/crun/releases/download/1.4.2/crun-1.4.2-linux-amd64 # 可执行权限 chmod +x crun-1.4.2-linux-amd64 # mv 到系统bin目录 mv crun-1.4.2-linux-amd64 /usr/bin/crun

docker 添加 crun 支持修改配置
cat > /etc/docker/daemon.json < < EOF "runtimes": "crun": "path": "/usr/bin/crun"EOF

【docker containerd cri-o 添加 crun runtime】重启docker
systemctl restart docker

报错
journalctl -u docker

docker 测试crun
# 查看docker 配置crun 是否加入 docker info|grep crun [root@control-plane docker]# docker info|grep crun Runtimes: crun runc # crun 启动pod dockerrun-tid --runtime=crun --rmalpine /bin/sh [root@control-plane docker]# docker ps CONTAINER IDIMAGECOMMANDCREATEDSTATUSPORTSNAMES 147a002c6165alpine"/bin/sh"2 minutes agoUp 2 minutesinspiring_roentgen

crun vs runc 测试
  • 运行速度测试
runc 测试
for i in 1..10; do /usr/bin/time -f%e docker \\ run--runtime=runc --rm alpine /bin/true; done 2> & 1 | sort # 测试结果 [root@control-plane docker]# for i in 1..10; do /usr/bin/time -f%e docker \\ > run--runtime=runc --rm alpine /bin/true; done 2> & 1 | sort 0.67 0.70 0.73 0.78 0.81 0.82 0.85 0.85 1.07 1.63

crun 测试
for i in 1..10; do /usr/bin/time -f%e docker \\ run--runtime=crun --rm alpine /bin/true; done 2> & 1 | sort [root@control-plane docker]# for i in 1..10; do /usr/bin/time -f%e docker \\ > run--runtime=crun --rm alpine /bin/true; done 2> & 1 | sort 0.60 0.61 0.62 0.63 0.66 0.84 0.90 0.98 1.16 1.48

  • 内存限制测试
runc
dockerrun--runtime=runc --rm --memory 4Malpine echo it works [root@control-plane docker]# dockerrun--runtime=runc --rm --memory 4Malpine echo it works docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: process_linux.go:508: setting cgroup config for procHooks process caused: unable to set memory limit to 4194304 (current usage: 8003584, peak usage: 8204288): unknown.

crun
dockerrun--runtime=crun --rm --memory 4Malpine echo it works [root@control-plane docker]# dockerrun--runtime=crun --rm --memory 4Malpine echo it works it works

containerd 加入crun配置修改config.toml
[plugins.opt] path = "/apps/containerd" [plugins.cri] stream_server_address = "127.0.0.1" stream_server_port = "10010" sandbox_image = "docker.io/juestnow/pause:3.5" max_concurrent_downloads = 20 [plugins.cri.containerd] default_runtime_name = "crun" snapshotter = "overlayfs" [plugins.cri.containerd.default_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" [plugins.cri.containerd.untrusted_workload_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" [plugins.cri.containerd.runtimes.runc] base_runtime_spec = "" container_annotations = [] pod_annotations = [] privileged_without_host_devices = false runtime_engine = "" runtime_root = "" runtime_type = "io.containerd.runc.v2" [plugins.cri.containerd.runtimes.crun] runtime_type = "io.containerd.runtime.v1.linux" runtime_engine = "crun" runtime_root = "" [plugins.cri.containerd.runtimes.runc.options] SystemdCgroup = true [plugins.cri.containerd.runtimes.crun.options] SystemdCgroup = true [plugins.cri.cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "crun" runtime_root = "" no_shim = false shim_debug = false [plugins."io.containerd.runtime.v2.task"] platforms = ["linux/amd64"]

  • path = "/apps/containerd":插件存放路径;
  • sandbox_image = "docker.io/juestnow/pause:3.5":pause 镜像地址;
  • default_runtime_name = "crun": 默认runtime: runc crun;
  • [plugins.cri.containerd.runtimes.crun]:定义新runtime
  • runtime_engine = "crun" :crun 二进制文件路径
  • [plugins.cri.containerd.runtimes.crun.options]:crun 的其它参数
  • SystemdCgroup = true: cgroup 使用systemdfalse:使用cgroupfs
本地文档启动脚本参考:
/usr/lib/systemd/system/containerd.service [Unit] Description=Lightweight Kubernetes Documentation=https://containerd.io After=network-online.target[Service] Type=notify Environment=PATH=/apps/containerd/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin ExecStartPre=-/sbin/modprobe br_netfilter ExecStartPre=-/sbin/modprobe overlay ExecStartPre=-/bin/mkdir -p /run/containerd ExecStart=/apps/containerd/bin/containerd \\ -c /apps/containerd/conf/config.toml \\ -a /run/containerd/containerd.sock \\ --state /run/containerd \\ --root /var/lib/containerdKillMode=process Delegate=yes OOMScoreAdjust=-999 LimitNOFILE=65535 LimitNPROC=65535 LimitCORE=infinity TasksMax=infinity TimeoutStartSec=0 Restart=always RestartSec=5s[Install] WantedBy=multi-user.target

重启containerd
systemctl restart containerd

报错
journalctl -u containerd

cri-o 加入crun配置修改
# 修改crio.conf # 修改默认runtime default_runtime = "crun" # 添加crun runtime [crio.runtime.runtimes.crun] runtime_path = "" runtime_type = "oci" runtime_root = "" allowed_annotations = [ "io.containers.trace-syscall", ]

  • default_runtime = "crun":修改默认runtimerunc crun
  • runtime_path:runtime 二进制文件路径
  • runtime_root:runtime 运行目录
重启cri-o
systemctl restart crio

报错
journalctl -u crio


    推荐阅读


    上一篇:#yyds干货盘点#kubernetes入门基础-pod的概念以及相关操作

    下一篇:优启通PE工具箱[VIP] v3.7.2022.0106 官方22年1月版