docker

关注公众号 jb51net

关闭
首页 > 网站技巧 > 服务器 > 云和虚拟化 > docker > docker ctr crictl命令

k3s容器中使用docker、ctr、crictl命令的方法

作者:johnny233

本文介绍k3s中ctr和crictl命令的区别,重点解析命名空间管理、国内镜像源加速及镜像导出操作,对比其功能差异并提供使用技巧,对docker ctr crictl命令相关知识感兴趣的朋友一起看看吧

概述

在使用k3s过程中,经常需要使用ctrcrictl两个命令,本文记录一下。

ctr

类似docker命令是docker-shim容器运行时的客户端工具,ctr是Containerd的客户端工具。一个简单的CLI接口,用作Containerd本身的一些调试用途,投入生产使用时还是应该配合docker或cri-containerd。

安装Containerd作为容器运行时后,会自动安装ctr;安装k3s后,也会自动安装ctr

命名空间

ctrdocker命令一个较大的区别,ctr有命名空间的概念,自带一个moby命名空间:

如果执行过ctr i pullctr i importctr i export等命令,又没有通过-n参数指定命名空间,则会自动创建default命名空间:

当Containerd结合k8s(或k3s)使用时,相关镜像一般存放到k8s.io,相关操作需要加-n k8s.io,避免与默认空间混淆,且将参数放到最前面,即:ctr -n=k8s.io i pull

ctr命令输出:

ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
   plugins, plugin            Provides information about containerd plugins
   version                    Print the client and server versions
   containers, c, container   Manage containers
   content                    Manage content
   events, event              Display containerd events
   images, image, i           Manage images
   leases                     Manage leases
   namespaces, namespace, ns  Manage namespaces
   pprof                      Provide golang pprof outputs for containerd
   run                        Run a container
   snapshots, snapshot        Manage snapshots
   tasks, t, task             Manage tasks
   install                    Install a new package
   oci                        OCI tools
   sandboxes, sandbox, sb, s  Manage sandboxes
   info                       Print the server info
   deprecations
   shim                       Interact with a shim directly
   help, h                    Shows a list of commands or help for one command
GLOBAL OPTIONS:
   --debug                      Enable debug output in logs
   --address value, -a value    Address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
   --timeout value              Total timeout for ctr commands (default: 0s)
   --connect-timeout value      Timeout for connecting to containerd (default: 0s)
   --namespace value, -n value  Namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
   --help, -h                   show help
   --version, -v                print the version

crictl

crictl,GitHub,一个兼容CRI的命令行接口,可用于检查和调试k8s/kubelet节点上的容器运行时和应用程序。只有一个k8s.io命名空间,无需-n参数。

安装

VERSION="v1.33.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz

crictl默认连接到unix:///var/run/dockershim.sock。对于其它运行时,可通过多种方式设置端点:

在连接到服务器时,配置文件可指定超时值(timeout–timeout),启用或禁用调试(debug–debug)。

比如在k3s环境下,执行cat /var/lib/rancher/k3s/agent/etc/crictl.yaml输出:

runtime-endpoint: unix:///run/k3s/containerd/containerd.sock

crictl命令输出:

VERSION:
   v1.31.0-k3s2
COMMANDS:
   attach                 Attach to a running container
   checkpoint             Checkpoint one or more running containers
   completion             Output shell completion code
   config                 Get and set crictl client configuration options
   create                 Create a new container
   events, event          Stream the events of containers
   exec                   Run a command in a running container
   imagefsinfo            Return image filesystem info
   images, image, img     List images
   info                   Display information of the container runtime
   inspect                Display the status of one or more containers
   inspecti               Return the status of one or more images
   inspectp               Display the status of one or more pods
   logs                   Fetch the logs of a container
   metricsp               List pod metrics. Metrics are unstructured key/value pairs gathered by CRI meant to replace cAdvisor's /metrics/cadvisor endpoint.
   pods                   List pods
   port-forward           Forward local port to a pod
   ps                     List containers
   pull                   Pull an image from a registry
   rm                     Remove one or more containers
   rmi                    Remove one or more images
   rmp                    Remove one or more pods
   run                    Run a new container inside a sandbox
   runp                   Run a new pod
   runtime-config         Retrieve the container runtime configuration
   start                  Start one or more created containers
   stats                  List container(s) resource usage statistics
   statsp                 List pod statistics. Stats represent a structured API that will fulfill the Kubelet's /stats/summary endpoint.
   stop                   Stop one or more running containers
   stopp                  Stop one or more running pods
   update                 Update one or more running containers
   update-runtime-config  Update the runtime configuration
   version                Display runtime version information
   help, h                Shows a list of commands or help for one command
GLOBAL OPTIONS:
   --config value, -c value                   Location of the client config file. If not specified and the default does not exist, the program's directory is searched as well (default: "/etc/crictl.yaml") [$CRI_CONFIG_FILE]
   --debug, -D                                Enable debug mode (default: false)
   --enable-tracing                           Enable OpenTelemetry tracing. (default: false)
   --image-endpoint value, -i value           Endpoint of CRI image manager service (default: uses 'runtime-endpoint' setting) [$IMAGE_SERVICE_ENDPOINT]
   --runtime-endpoint value, -r value         Endpoint of CRI container runtime service (default: uses in order the first successful one of [unix:///run/k3s/containerd/containerd.sock unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]). Default is now deprecated and the endpoint should be set instead. [$CONTAINER_RUNTIME_ENDPOINT]
   --timeout value, -t value                  Timeout of connecting to the server in seconds (e.g. 2s, 20s.). 0 or less is set to default (default: 2s)
   --tracing-endpoint value                   Address to which the gRPC tracing collector will send spans to. (default: "127.0.0.1:4317")
   --tracing-sampling-rate-per-million value  Number of samples to collect per million OpenTelemetry spans. Set to 1000000 or -1 to always sample. (default: -1)
   --help, -h                                 Show help (default: false)
   --version, -v                              Print the version (default: false)

crictl pull

可以明确的是:

如上图所示,没有任何进度提示。

下载国外镜像,会遇到各种奇奇怪怪的报错:

使用国内的镜像源地址:

反复重试,还是上面的报错提示。

Qwen等ChatGPT给出的解决方法是先登录。

好,遇到问题解决问题;打开网站毫秒镜像,使用个人手机号注册。按照Qwen给出的幻觉答复,crictl login

crictl pull镜像可以执行docker login,可见crictl底层使用的还是docker镜像那一套机制:

不过又遇到另一个超时报错,那就再换一个国内镜像源吧。

实践下来,通过docker.m.daocloud.io镜像源下载crictl镜像速度还能接受。

crictl镜像和ctr镜像

部分网络资料说crictl image list等效于ctr -n=k8s.io image list

经过各种ChatGPT以及命令尝试:

crictl image等效于crictl images,等效于crictl image listcrictl images list

在k3s环境下,crictl image等效于k3s ctr -n=k8s.io image list

k3s命令前缀不能省去。k3s默认使用-n=k8s.io命名空间,因此crictl image等效于k3s ctr images list

个数

crictl images | grep vllm输出2个:

k3s ctr images list | grep vllm输出4个:

分析:

crictl镜像导出

输入命令crictl imagesk3s crictl images的截图如下:

可见,在k3s环境下,crictl命令等价于k3s crictl,也就是说,k3s命令前缀可以省去。

问题在于,一个vLLM镜像动辄5~6个G。

vLLM这篇博客也提到过,部署大模型时,通过k8s调度到从节点,则从节点也需要对应的模型文件和crictl镜像。

那crictl镜像能不能导出为tar包,通过scp命令传输到从节点,然后在从节点导入tar包为crictl镜像呢?

答案当然是可以,docker镜像就完全可以这么玩,crictl和docker存在很多相似之处。

但crictl并没有提供save命令:

需要通过ctr export命令执行导出操作。

导出镜像的前提是找到镜像,要不然就会出现如下not found报错:

k3s ctr image | grep vllm:0.8.6输出2行,下面这一行非常非常长,:

docker.io/dustynv/vllm:0.8.6-r36.4-cu128-24.04                                                                   application/vnd.docker.distribution.manifest.v2+json sha256:b2210294b661acc6e94bc302ce5111d6d0cb01a3815ada0132c105f540fb7a63 5.7 GiB   linux/arm64 io.cri-containerd.image=managed
docker.io/dustynv/vllm@sha256:b2210294b661acc6e94bc302ce5111d6d0cb01a3815ada0132c105f540fb7a63                   application/vnd.docker.distribution.manifest.v2+json sha256:b2210294b661acc6e94bc302ce5111d6d0cb01a3815ada0132c105f540fb7a63 5.7 GiB   linux/arm64 io.cri-containerd.image=managed

导出命令:k3s ctr -n k8s.io image export vllm-0.8.6.tar docker.io/dustynv/vllm:0.8.6-r36.4-cu128-24.04。如果
检查:

docker镜像转换成crictl镜像

TODO

docker、crictl及ctr

三个命令行的对比

命令dockercrictl(推荐)ctr
查看容器列表docker pscrictl psctr -n k8s.io c ls
查看容器详情docker inspectcrictl inspectctr -n k8s.io c info
查看容器日志docker logscrictl logs
容器内执行命令docker execcrictl exec
挂载容器docker attachcrictl attach
容器资源使用docker statscrictl stats
创建容器docker createcrictl createctr -n k8s.io c create
启动容器docker startcrictl startctr -n k8s.io run
停止容器docker stopcrictl stop
删除容器docker rmcrictl rmctr -n k8s.io c del
查看镜像列表docker imagescrictl imagesctr -n k8s.io i ls
查看镜像详情docker inspectcrictl inspect
拉取镜像docker pullcrictl pullctr -n k8s.io i pull
推送镜像docker pushctr -n k8s.io i push
删除镜像docker rmicrictl rmictr -n k8s.io i rm
查看Pod列表crictl pods
查看Pod详情crictl inspectp
启动Podcrictl runp
停止Podcrictl stopp
导入镜像docker loadctr -n k8s.io i import
导出镜像docker savectr -n k8s.io i export

到此这篇关于docker、ctr、crictl命令简介与使用的文章就介绍到这了,更多相关docker ctr crictl命令内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!

您可能感兴趣的文章:
阅读全文