Dok Docs
Github Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

containerd

Overview

DOK’s container runs completely free of Docker, so Docker will not be seen during component installation. Of course, when troubleshooting, the habit of using the original Docker command to troubleshoot problems also needs to be adjusted. The following is a simple guide. For more specific Containerd O&M and troubleshooting methods, please refer to Official Documentation.

Configs

When DOK is deployed, there are several configurations about Containerd that are different from the default configuration, as follows:

# In order to prevent too little space in the root directory, the containerd directory will be specially transferred
< root = "/data/containerd/var/lib/containerd"
---
> root = "/var/lib/containerd"
56c56
# Modify the image of the sandbox, which is the image version of Kubernetes v1.21.7
<     sandbox_image = "k8s.gcr.io/pause:3.4.1"
---
>     sandbox_image = "k8s.gcr.io/pause:3.5"
112c112
# Must be modified to true
<             SystemdCgroup = true
---
>             SystemdCgroup = false
129c129
# The configuration here is to allow the local Containerd to successfully access the Harbor mirror warehouse deployed by Helm
<       config_path = "/etc/containerd/certs.d"
---
>       config_path = ""

Regarding the configuration of the mirror warehouse, the following is a more detailed description. For other information, please refer to the documentation in the Harbor chapter:

# tree /etc/containerd/certs.d/
/etc/containerd/certs.d/
└── core.harbor.domain
    └── hosts.toml

# cat /etc/containerd/certs.d/core.harbor.domain/hosts.toml
server = "https://core.harbor.domain"

[host."https://core.harbor.domain"]
  capabilities = ["pull", "resolve", "push"]
  skip_verify = true    

Container Debugger Tools

DOK has installed proper troubleshooting tools for each node, such as crictl (most recommended), nerdctl, ctr, etc. Operation and maintenance personnel who are accustomed to using docker commands need to check the relevant documents. Here are a few examples:

# check the images
docker images
crictl image ls
nerdctl -n k8s.io image ls
ctr -n k8s.io image ls
# check the containers
docker ps
crictl ps
nerdctl -n k8s.io container ls
ctr -n k8s.io container ls
# check the logs
docker logs <container-id>
crictl logs <container-id>

Note that crictl has a configuration file. If you encounter problems when using it, you can check whether the configuration file is normal.

# cat /etc/crictl.yaml
runtime-endpoint: "unix:///run/containerd/containerd.sock"
image-endpoint: "unix:///run/containerd/containerd.sock"
timeout: 0
debug: false
pull-image-on-create: false
disable-pull-on-run: false

Reference

  1. docker、containerd、ctr、crictl的联系