欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

k3s容器中使用docker、ctr、crictl命令的方法

 更新時(shí)間:2025年07月30日 09:21:41   作者:johnny233  
本文介紹k3s中ctr和crictl命令的區(qū)別,重點(diǎn)解析命名空間管理、國(guó)內(nèi)鏡像源加速及鏡像導(dǎo)出操作,對(duì)比其功能差異并提供使用技巧,對(duì)docker?ctr?crictl命令相關(guān)知識(shí)感興趣的朋友一起看看吧

概述

在使用k3s過(guò)程中,經(jīng)常需要使用ctrcrictl兩個(gè)命令,本文記錄一下。

ctr

類似docker命令是docker-shim容器運(yùn)行時(shí)的客戶端工具,ctr是Containerd的客戶端工具。一個(gè)簡(jiǎn)單的CLI接口,用作Containerd本身的一些調(diào)試用途,投入生產(chǎn)使用時(shí)還是應(yīng)該配合docker或cri-containerd。

安裝Containerd作為容器運(yùn)行時(shí)后,會(huì)自動(dòng)安裝ctr;安裝k3s后,也會(huì)自動(dòng)安裝ctr。

命名空間

ctrdocker命令一個(gè)較大的區(qū)別,ctr有命名空間的概念,自帶一個(gè)moby命名空間:

如果執(zhí)行過(guò)ctr i pull、ctr i importctr i export等命令,又沒(méi)有通過(guò)-n參數(shù)指定命名空間,則會(huì)自動(dòng)創(chuàng)建default命名空間:

當(dāng)Containerd結(jié)合k8s(或k3s)使用時(shí),相關(guān)鏡像一般存放到k8s.io,相關(guān)操作需要加-n k8s.io,避免與默認(rèn)空間混淆,且將參數(shù)放到最前面,即:ctr -n=k8s.io i pull。

ctr命令輸出:

ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
   plugins, plugin            Provides information about containerd plugins
   version                    Print the client and server versions
   containers, c, container   Manage containers
   content                    Manage content
   events, event              Display containerd events
   images, image, i           Manage images
   leases                     Manage leases
   namespaces, namespace, ns  Manage namespaces
   pprof                      Provide golang pprof outputs for containerd
   run                        Run a container
   snapshots, snapshot        Manage snapshots
   tasks, t, task             Manage tasks
   install                    Install a new package
   oci                        OCI tools
   sandboxes, sandbox, sb, s  Manage sandboxes
   info                       Print the server info
   deprecations
   shim                       Interact with a shim directly
   help, h                    Shows a list of commands or help for one command
GLOBAL OPTIONS:
   --debug                      Enable debug output in logs
   --address value, -a value    Address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
   --timeout value              Total timeout for ctr commands (default: 0s)
   --connect-timeout value      Timeout for connecting to containerd (default: 0s)
   --namespace value, -n value  Namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
   --help, -h                   show help
   --version, -v                print the version

crictl

crictl,GitHub,一個(gè)兼容CRI的命令行接口,可用于檢查和調(diào)試k8s/kubelet節(jié)點(diǎn)上的容器運(yùn)行時(shí)和應(yīng)用程序。只有一個(gè)k8s.io命名空間,無(wú)需-n參數(shù)。

安裝

VERSION="v1.33.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz

crictl默認(rèn)連接到unix:///var/run/dockershim.sock。對(duì)于其它運(yùn)行時(shí),可通過(guò)多種方式設(shè)置端點(diǎn):

  • 設(shè)置--runtime-endpoint--image-endpoint選項(xiàng);
  • 設(shè)置CONTAINER_RUNTIME_ENDPOINTIMAGE_SERVICE_ENDPOINT環(huán)境變量;
  • 在配置文件--config=/etc/crictl.yaml設(shè)置端點(diǎn)。

在連接到服務(wù)器時(shí),配置文件可指定超時(shí)值(timeout–timeout),啟用或禁用調(diào)試(debug–debug)。

比如在k3s環(huán)境下,執(zhí)行cat /var/lib/rancher/k3s/agent/etc/crictl.yaml輸出:

runtime-endpoint: unix:///run/k3s/containerd/containerd.sock

crictl命令輸出:

VERSION:
   v1.31.0-k3s2
COMMANDS:
   attach                 Attach to a running container
   checkpoint             Checkpoint one or more running containers
   completion             Output shell completion code
   config                 Get and set crictl client configuration options
   create                 Create a new container
   events, event          Stream the events of containers
   exec                   Run a command in a running container
   imagefsinfo            Return image filesystem info
   images, image, img     List images
   info                   Display information of the container runtime
   inspect                Display the status of one or more containers
   inspecti               Return the status of one or more images
   inspectp               Display the status of one or more pods
   logs                   Fetch the logs of a container
   metricsp               List pod metrics. Metrics are unstructured key/value pairs gathered by CRI meant to replace cAdvisor's /metrics/cadvisor endpoint.
   pods                   List pods
   port-forward           Forward local port to a pod
   ps                     List containers
   pull                   Pull an image from a registry
   rm                     Remove one or more containers
   rmi                    Remove one or more images
   rmp                    Remove one or more pods
   run                    Run a new container inside a sandbox
   runp                   Run a new pod
   runtime-config         Retrieve the container runtime configuration
   start                  Start one or more created containers
   stats                  List container(s) resource usage statistics
   statsp                 List pod statistics. Stats represent a structured API that will fulfill the Kubelet's /stats/summary endpoint.
   stop                   Stop one or more running containers
   stopp                  Stop one or more running pods
   update                 Update one or more running containers
   update-runtime-config  Update the runtime configuration
   version                Display runtime version information
   help, h                Shows a list of commands or help for one command
GLOBAL OPTIONS:
   --config value, -c value                   Location of the client config file. If not specified and the default does not exist, the program's directory is searched as well (default: "/etc/crictl.yaml") [$CRI_CONFIG_FILE]
   --debug, -D                                Enable debug mode (default: false)
   --enable-tracing                           Enable OpenTelemetry tracing. (default: false)
   --image-endpoint value, -i value           Endpoint of CRI image manager service (default: uses 'runtime-endpoint' setting) [$IMAGE_SERVICE_ENDPOINT]
   --runtime-endpoint value, -r value         Endpoint of CRI container runtime service (default: uses in order the first successful one of [unix:///run/k3s/containerd/containerd.sock unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]). Default is now deprecated and the endpoint should be set instead. [$CONTAINER_RUNTIME_ENDPOINT]
   --timeout value, -t value                  Timeout of connecting to the server in seconds (e.g. 2s, 20s.). 0 or less is set to default (default: 2s)
   --tracing-endpoint value                   Address to which the gRPC tracing collector will send spans to. (default: "127.0.0.1:4317")
   --tracing-sampling-rate-per-million value  Number of samples to collect per million OpenTelemetry spans. Set to 1000000 or -1 to always sample. (default: -1)
   --help, -h                                 Show help (default: false)
   --version, -v                              Print the version (default: false)

crictl pull

可以明確的是:

  • 哪怕當(dāng)前環(huán)境已經(jīng)下載過(guò)docker鏡像,使用yaml文件通過(guò)vLLM啟動(dòng)大模型時(shí),還是會(huì)去下載crictl鏡像;
  • 通過(guò)crictl下載鏡像,和docker下載的鏡像,其名字一致;
  • yaml文件里使用dustynv/vllm:0.7.4-r36.4.0-cu128-24.04鏡像,等價(jià)于docker.io/dustynv/vllm:0.7.4-r36.4.0-cu128-24.04;
  • 上面的docker.io就是部署在國(guó)外的Docker Hub官方鏡像源,國(guó)內(nèi)下載速度非常慢;
  • 可考慮使用國(guó)內(nèi)鏡像源,如docker.m.daocloud.io/dustynv/vllm、docker.1ms.run/dustynv/vllm;
  • 通過(guò)crictl pull下載鏡像并沒(méi)有進(jìn)度條提示,狠是惡心,只能干等,有時(shí)候等了10分鐘給你來(lái)個(gè)提示,只能重試。

如上圖所示,沒(méi)有任何進(jìn)度提示。

下載國(guó)外鏡像,會(huì)遇到各種奇奇怪怪的報(bào)錯(cuò):

使用國(guó)內(nèi)的鏡像源地址:

反復(fù)重試,還是上面的報(bào)錯(cuò)提示。

Qwen等ChatGPT給出的解決方法是先登錄。

好,遇到問(wèn)題解決問(wèn)題;打開(kāi)網(wǎng)站毫秒鏡像,使用個(gè)人手機(jī)號(hào)注冊(cè)。按照Qwen給出的幻覺(jué)答復(fù),crictl login

crictl pull鏡像可以執(zhí)行docker login,可見(jiàn)crictl底層使用的還是docker鏡像那一套機(jī)制:

不過(guò)又遇到另一個(gè)超時(shí)報(bào)錯(cuò),那就再換一個(gè)國(guó)內(nèi)鏡像源吧。

實(shí)踐下來(lái),通過(guò)docker.m.daocloud.io鏡像源下載crictl鏡像速度還能接受。

crictl鏡像和ctr鏡像

部分網(wǎng)絡(luò)資料說(shuō)crictl image list等效于ctr -n=k8s.io image list。

經(jīng)過(guò)各種ChatGPT以及命令嘗試:

crictl image等效于crictl images,等效于crictl image listcrictl images list。

在k3s環(huán)境下,crictl image等效于k3s ctr -n=k8s.io image list。

k3s命令前綴不能省去。k3s默認(rèn)使用-n=k8s.io命名空間,因此crictl image等效于k3s ctr images list。

個(gè)數(shù)

crictl images | grep vllm輸出2個(gè):

k3s ctr images list | grep vllm輸出4個(gè):

分析:

  • crictl是CRI客戶端工具,crictl輸出是CRI提供給kubelet的簡(jiǎn)化視圖,只顯示標(biāo)簽信息,不展示digest表示;
  • k3s ctr image輸出,表明containerd實(shí)際存儲(chǔ)四個(gè)鏡像引用;分別是tag和digest;

crictl鏡像導(dǎo)出

輸入命令crictl imagesk3s crictl images的截圖如下:

可見(jiàn),在k3s環(huán)境下,crictl命令等價(jià)于k3s crictl,也就是說(shuō),k3s命令前綴可以省去。

問(wèn)題在于,一個(gè)vLLM鏡像動(dòng)輒5~6個(gè)G。

vLLM這篇博客也提到過(guò),部署大模型時(shí),通過(guò)k8s調(diào)度到從節(jié)點(diǎn),則從節(jié)點(diǎn)也需要對(duì)應(yīng)的模型文件和crictl鏡像。

那crictl鏡像能不能導(dǎo)出為tar包,通過(guò)scp命令傳輸?shù)綇墓?jié)點(diǎn),然后在從節(jié)點(diǎn)導(dǎo)入tar包為crictl鏡像呢?

答案當(dāng)然是可以,docker鏡像就完全可以這么玩,crictl和docker存在很多相似之處。

但crictl并沒(méi)有提供save命令:

需要通過(guò)ctr export命令執(zhí)行導(dǎo)出操作。

導(dǎo)出鏡像的前提是找到鏡像,要不然就會(huì)出現(xiàn)如下not found報(bào)錯(cuò):

k3s ctr image | grep vllm:0.8.6輸出2行,下面這一行非常非常長(zhǎng),:

docker.io/dustynv/vllm:0.8.6-r36.4-cu128-24.04                                                                   application/vnd.docker.distribution.manifest.v2+json sha256:b2210294b661acc6e94bc302ce5111d6d0cb01a3815ada0132c105f540fb7a63 5.7 GiB   linux/arm64 io.cri-containerd.image=managed
docker.io/dustynv/vllm@sha256:b2210294b661acc6e94bc302ce5111d6d0cb01a3815ada0132c105f540fb7a63                   application/vnd.docker.distribution.manifest.v2+json sha256:b2210294b661acc6e94bc302ce5111d6d0cb01a3815ada0132c105f540fb7a63 5.7 GiB   linux/arm64 io.cri-containerd.image=managed

導(dǎo)出命令:k3s ctr -n k8s.io image export vllm-0.8.6.tar docker.io/dustynv/vllm:0.8.6-r36.4-cu128-24.04。如果
檢查:

docker鏡像轉(zhuǎn)換成crictl鏡像

TODO

docker、crictl及ctr

三個(gè)命令行的對(duì)比

命令dockercrictl(推薦)ctr
查看容器列表docker pscrictl psctr -n k8s.io c ls
查看容器詳情docker inspectcrictl inspectctr -n k8s.io c info
查看容器日志docker logscrictl logs無(wú)
容器內(nèi)執(zhí)行命令docker execcrictl exec無(wú)
掛載容器docker attachcrictl attach無(wú)
容器資源使用docker statscrictl stats無(wú)
創(chuàng)建容器docker createcrictl createctr -n k8s.io c create
啟動(dòng)容器docker startcrictl startctr -n k8s.io run
停止容器docker stopcrictl stop無(wú)
刪除容器docker rmcrictl rmctr -n k8s.io c del
查看鏡像列表docker imagescrictl imagesctr -n k8s.io i ls
查看鏡像詳情docker inspectcrictl inspect無(wú)
拉取鏡像docker pullcrictl pullctr -n k8s.io i pull
推送鏡像docker push無(wú)ctr -n k8s.io i push
刪除鏡像docker rmicrictl rmictr -n k8s.io i rm
查看Pod列表無(wú)crictl pods無(wú)
查看Pod詳情無(wú)crictl inspectp無(wú)
啟動(dòng)Pod無(wú)crictl runp無(wú)
停止Pod無(wú)crictl stopp無(wú)
導(dǎo)入鏡像docker load無(wú)ctr -n k8s.io i import
導(dǎo)出鏡像docker save無(wú)ctr -n k8s.io i export

到此這篇關(guān)于docker、ctr、crictl命令簡(jiǎn)介與使用的文章就介紹到這了,更多相關(guān)docker ctr crictl命令內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

最新評(píng)論