千金一刻莫空度,老大无成空自伤。这篇文章主要讲述docker containerd cri-o 添加 crun runtime相关的知识,希望能为你提供帮助。
- crun下载地址:
# 下载crun
wget https://github.com/containers/crun/releases/download/1.4.2/crun-1.4.2-linux-amd64
# 可执行权限
chmod +x crun-1.4.2-linux-amd64
# mv 到系统bin目录
mv crun-1.4.2-linux-amd64 /usr/bin/crundocker 添加 crun 支持修改配置
cat >
/etc/docker/daemon.json <
<
EOF
"runtimes":
"crun":
"path": "/usr/bin/crun"EOF【docker containerd cri-o 添加 crun runtime】重启docker
systemctl restart docker报错
journalctl -u dockerdocker 测试crun
# 查看docker 配置crun 是否加入
docker info|grep crun
[root@control-plane docker]# docker info|grep crun
Runtimes: crun runc
# crun 启动pod
dockerrun-tid --runtime=crun --rmalpine /bin/sh
[root@control-plane docker]# docker ps
CONTAINER IDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
147a002c6165alpine"/bin/sh"2 minutes agoUp 2 minutesinspiring_roentgencrun vs runc 测试
- 运行速度测试
for i in 1..10;
do /usr/bin/time -f%e docker \\
run--runtime=runc --rm alpine /bin/true;
done 2>
&
1 | sort
# 测试结果
[root@control-plane docker]# for i in 1..10;
do /usr/bin/time -f%e docker \\
>
run--runtime=runc --rm alpine /bin/true;
done 2>
&
1 | sort
0.67
0.70
0.73
0.78
0.81
0.82
0.85
0.85
1.07
1.63crun 测试
for i in 1..10;
do /usr/bin/time -f%e docker \\
run--runtime=crun --rm alpine /bin/true;
done 2>
&
1 | sort
[root@control-plane docker]# for i in 1..10;
do /usr/bin/time -f%e docker \\
>
run--runtime=crun --rm alpine /bin/true;
done 2>
&
1 | sort
0.60
0.61
0.62
0.63
0.66
0.84
0.90
0.98
1.16
1.48- 内存限制测试
dockerrun--runtime=runc --rm --memory 4Malpine echo it works
[root@control-plane docker]# dockerrun--runtime=runc --rm --memory 4Malpine echo it works
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: process_linux.go:508: setting cgroup config for procHooks process caused: unable to set memory limit to 4194304 (current usage: 8003584, peak usage: 8204288): unknown.crun
dockerrun--runtime=crun --rm --memory 4Malpine echo it works
[root@control-plane docker]# dockerrun--runtime=crun --rm --memory 4Malpine echo it works
it workscontainerd 加入crun配置修改config.toml
[plugins.opt]
path = "/apps/containerd"
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "10010"
sandbox_image = "docker.io/juestnow/pause:3.5"
max_concurrent_downloads = 20
[plugins.cri.containerd]
default_runtime_name = "crun"
snapshotter = "overlayfs"
[plugins.cri.containerd.default_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.runtimes.runc]
base_runtime_spec = ""
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
[plugins.cri.containerd.runtimes.crun]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = "crun"
runtime_root = ""
[plugins.cri.containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins.cri.containerd.runtimes.crun.options]
SystemdCgroup = true
[plugins.cri.cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
[plugins."io.containerd.runtime.v1.linux"]
shim = "containerd-shim"
runtime = "crun"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]path = "/apps/containerd":插件存放路径;sandbox_image = "docker.io/juestnow/pause:3.5":pause 镜像地址;default_runtime_name = "crun": 默认runtime: runc crun;[plugins.cri.containerd.runtimes.crun]:定义新runtimeruntime_engine = "crun":crun 二进制文件路径[plugins.cri.containerd.runtimes.crun.options]:crun 的其它参数SystemdCgroup = true: cgroup 使用systemdfalse:使用cgroupfs
/usr/lib/systemd/system/containerd.service
[Unit]
Description=Lightweight Kubernetes
Documentation=https://containerd.io
After=network-online.target[Service]
Type=notify
Environment=PATH=/apps/containerd/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStartPre=-/bin/mkdir -p /run/containerd
ExecStart=/apps/containerd/bin/containerd \\
-c /apps/containerd/conf/config.toml \\
-a /run/containerd/containerd.sock \\
--state /run/containerd \\
--root /var/lib/containerdKillMode=process
Delegate=yes
OOMScoreAdjust=-999
LimitNOFILE=65535
LimitNPROC=65535
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s[Install]
WantedBy=multi-user.target重启containerd
systemctl restart containerd报错
journalctl -u containerdcri-o 加入crun配置修改
# 修改crio.conf
# 修改默认runtime
default_runtime = "crun"
# 添加crun runtime
[crio.runtime.runtimes.crun]
runtime_path = ""
runtime_type = "oci"
runtime_root = ""
allowed_annotations = [
"io.containers.trace-syscall",
]default_runtime = "crun":修改默认runtimerunc crunruntime_path:runtime 二进制文件路径runtime_root:runtime 运行目录
systemctl restart crio报错
journalctl -u crio推荐阅读
- 优启通PE工具箱[VIP] v3.7.2022.0106 官方22年1月版
- #yyds干货盘点#kubernetes入门基础-pod的概念以及相关操作
- #yyds干货盘点#最新版Nginx安装教程来了,快来看看
- 服务器去除秘钥连接,账号迷马连接
- AirNet笔记1
- #yyds干货盘点#ceph文件挂载失败Connect error: No route to host(errno:113)
- AWS EKS 详细升级流程
- 09-docker系列-docker网络你了解多少(下)
- Linux下玩转nginx系列——nginx配置文件说明