ubuntu部署containerd及nerdctl
由于docker被限禁,带来一些docker容器需要通过其他方式来进行管理,最直接的就是直接使用containerd,通过nerdctl进行管理,但nerdctl如何在普通用户下可以使用,经过尝试给containerd和nerdctl添加Setuid权限就可以了。
1. 安装containerd 及 nerdctl
# 1. 安装依赖 ca-certificates curl gnupg lsb-release
sudo apt update
sudo apt install -y ca-certificates curl gnupg lsb-release
2. 添加 Docker GPG 密钥
sudo mkdir -p /etc/apt/keyrings
# 官方密钥(可能需代理)
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /etc/apt/keyrings/docker.gpg
# 或使用阿里云密钥
# curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg –dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
3. 添加docker源到apt sourcelist
echo “deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
4. 安装 containerd
sudo apt install containerd.io golang-github-containerd-go-cni-dev
5. 安装 nerdctl
# containerd –version 显示版本为v1.7.22, 则需下载 nerdctl 1.7.7
containerd –version
containerd github.com/containerd/containerd v1.7.22 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
# arm64 full 版本
wget https://github.com/containerd/nerdctl/releases/download/v1.7.7/nerdctl-full-1.7.7-linux-arm64.tar.gz
# x86 full 版本
wget https://github.com/containerd/nerdctl/releases/download/v1.7.7/nerdctl-full-1.7.7-linux-amd64.tar.gz
# 下载后将tar包解压到 /usr/local/
sudo tar -xzvf nerdctl-full-1.7.7-linux-arm64.tar.gz -C /usr/local/
sudo tar -xzvf nerdctl-full-1.7.7-linux-amd64.tar.gz -C /usr/local/
# 验证 nerdctl
nerdctl version
Client:
Version: v1.7.7
OS/Arch: linux/arm64
Git commit: 5882c720f4e7f358fb26b759e514b3ae9dd8ea83
buildctl:
Version: v0.15.2
GitCommit: 9e14164a1099d3e41b58fc879cbdd6f2b2edb04e
6. containerd, nerdctl增加 Setuid 权限,可以在普通用户下使用
sudo chmod u+s /usr/local/bin/containerd
sudo chmod u+s /usr/local/bin/nerdct