containerd

Architecture

containerd Architecture

설치

바이너리 설치

Reference

• containerd GitHub / getting-started.md
• nerdctl GitHub / README.md # Install
• BuildKit GitHub / README.md # Systemd socket activation
• BuildKit GitHub / docs / buildkitd.toml.md

containerd

wget https://github.com/containerd/containerd/releases/download/v2.0.4/containerd-2.0.4-linux-amd64.tar.gz

sudo tar xzf containerd-2.0.4-linux-amd64.tar.gz -C /usr/local

sudo mkdir -p /usr/local/lib/systemd/system

sudo wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service \
    -O /usr/local/lib/systemd/system/containerd.service

sudo mkdir -p /etc/containerd

containerd config default | sudo tee /etc/containerd/config.toml

systemctl daemon-reload \
&& systemctl enable --now containerd

runc

wget https://github.com/opencontainers/runc/releases/download/v1.2.6/runc.amd64

sudo install -m 755 runc.amd64 /usr/local/sbin/runc

CNI plugins

wget https://github.com/containernetworking/plugins/releases/download/v1.6.2/cni-plugins-linux-amd64-v1.6.2.tgz

sudo mkdir -p /opt/cni/bin

sudo tar xzf cni-plugins-linux-amd64-v1.6.2.tgz -C /opt/cni/bin

nerdctl

wget https://github.com/containerd/nerdctl/releases/download/v2.0.4/nerdctl-2.0.4-linux-amd64.tar.gz

sudo tar xzf nerdctl-2.0.4-linux-amd64.tar.gz -C /usr/local/bin

팁

nerdctl-full을 설치하면 containerd, runc, CNI plugins, BuildKit, RootlessKit, slirp4netns, bypass4netns, containerd-fuse-overlayfs 등을 모두 설치합니다.

wget https://github.com/containerd/nerdctl/releases/download/v2.0.4/nerdctl-full-2.0.4-linux-amd64.tar.gz

sudo tar xzf nerdctl-full-2.0.4-linux-amd64.tar.gz -C /usr/local

BuildKit

wget https://github.com/moby/buildkit/releases/download/v0.21.0/buildkit-v0.21.0.linux-amd64.tar.gz

sudo tar xzf buildkit-v0.21.0.linux-amd64.tar.gz -C /usr/local

sudo mkdir -p /etc/buildkit

/etc/buildkit/buildkitd.toml

[worker.oci]
  enabled = false

[worker.containerd]
  enabled = true
  namespace = "k8s.io"

[registry."<registry>"]
  http = true

Example

/etc/buildkit/buildkitd.toml

[registry."quay.io"]
  mirrors = ["192.168.31.250:5000/quai.io"]

[registry."192.168.31.250:5000"]
  http = true

sudo mkdir -p /usr/local/lib/systemd/system

sudo wget https://raw.githubusercontent.com/moby/buildkit/refs/heads/master/examples/systemd/system/buildkit.socket \
    -O /usr/local/lib/systemd/system/buildkit.socket

sudo wget https://raw.githubusercontent.com/moby/buildkit/refs/heads/master/examples/systemd/system/buildkit.service \
    -O /usr/local/lib/systemd/system/buildkit.service

systemctl daemon-reload \
&& systemctl enable --now buildkit.socket \
&& systemctl enable --now buildkit.service

설정

Registry 설정

Reference

• containerd GitHub / hosts.md

/etc/containerd/config.toml

version = 3

[plugins]
  [plugins.'io.containerd.cri.v1.images']
    [plugins.'io.containerd.cri.v1.images'.registry]
      config_path = "/etc/containerd/certs.d"

/etc/containerd/certs.d/<registry>/hosts.toml

server = "<registryURL>"

[host."<registryURL|mirrorURL>"]
  capabilities = ["pull", "resolve", "push"]
  skip_verify = false
  override_path = false

Example

/etc/containerd/certs.d/quay.io/hosts.toml

server = "https://quay.io"

[host."http://192.168.31.250:5000/v2/quai.io"]
  capabilities = ["pull", "resolve", "push"]
  skip_verify = true
  override_path = true