一.实验环境

操作系统：CentOS Linux release 7.9.2009 (Core)

containerd版本：cri-containerd-1.6.4-linux-amd64.tar.gz

二.安装libseccomp依赖包

#查看是否安装libseccomp
rpm -qa |grep libseccomp

#查看libseccomp依赖版属于哪个软件包
yum search libseccomp

#安装libseccomp软件
yum install libseccomp -y

三.下载containerd软件

由于 containerd 需要调用 runc，所以我们也需要先安装 runc，不过 containerd 提供了一个包含相关依赖的压缩包 cri-containerd-cni-${VERSION}.${OS}-${ARCH}.tar.gz，可以直接使用这个包来进行安装。

本次使用的是最新版，链接如下：

https://github.com/containerd/containerd/releases/download/v1.6.4/cri-containerd-1.6.4-linux-amd64.tar.gz

下载和解压缩

 #下载软件
wget https://github.com/containerd/containerd/releases/download/v1.6.4/cri-containerd-1.6.4-linux-amd64.tar.gz
#下面这个地址下载比较快
wget  https://download.fastgit.org/containerd/containerd/releases/download/v1.6.4/cri-containerd-1.6.4-linux-amd64.tar.gz

#查看压缩文件内容
tar -tf cri-containerd-1.6.4-linux-amd64.tar.gz

etc/crictl.yaml
etc/systemd/
etc/systemd/system/
etc/systemd/system/containerd.service
usr/
usr/local/
usr/local/sbin/
usr/local/sbin/runc
usr/local/bin/
usr/local/bin/crictl
usr/local/bin/ctd-decoder
usr/local/bin/ctr
usr/local/bin/containerd-shim
usr/local/bin/containerd
usr/local/bin/containerd-shim-runc-v1
usr/local/bin/critest
usr/local/bin/containerd-shim-runc-v2
usr/local/bin/containerd-stress
opt/containerd/
opt/containerd/cluster/
opt/containerd/cluster/version
opt/containerd/cluster/gce/
opt/containerd/cluster/gce/cni.template
opt/containerd/cluster/gce/env
opt/containerd/cluster/gce/configure.sh
opt/containerd/cluster/gce/cloud-init/
opt/containerd/cluster/gce/cloud-init/node.yaml
opt/containerd/cluster/gce/cloud-init/master.yaml


#把压缩包解压到对应的目录
tar -C / -xzf cri-containerd-1.6.4-linux-amd64.tar.gz

 把可执行程序路径加入$PATH

vi /etc/profile  #在文件最下方添加下面一行，centos默认不需要添加
export PATH=$PATH:/usr/local/bin:/usr/local/sbin #添加这行


#生效
source /etc/profile

containerd的默认配置文件

 containerd 的默认配置文件为 /etc/containerd/config.toml，我们可以通过如下所示的命令生成一个默认的配置

mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml

version =2 ：这个是新本版基本默认的选项。
root：containerd保存元数据的地方。
state: containerd的状态目录，重启数据就会刷新，就一个临时目录。
address: 这个指的是containerd监听的套接字。
plugins: 其中sandbox_image配置的是cni的插件，
以及配置的cni的二进制目录和初始化目录；还有配置的私有库的地址，证书，访问的用户密码
path: container的二进制文件路径
interval:containerd重启的时间间隔
runtime：这部分配置需要的运行时runc,containerd-shim这个垫片可以选择用或者不用

containerd的service文件

由于上面我们下载的 containerd 压缩包中包含一个 etc/systemd/system/containerd.service 的文件，这样我们就可以通过 systemd 来配置 containerd 作为守护进程运行了，内容如下所示：

# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

这里有两个重要的参数：

Delegate: 这个选项允许 containerd 以及运行时自己管理自己创建容器的 cgroups。如果不设置这个选项，systemd 就会将进程移到自己的 cgroups 中，从而导致 containerd 无法正确获取容器的资源使用情况。
KillMode: 这个选项用来处理 containerd 进程被杀死的方式。**默认情况下，systemd 会在进程的 cgroup 中查找并杀死 containerd 的所有子进程。**KillMode 字段可以设置的值如下。
       control-group（默认值）：当前控制组里面的所有子进程，都会被杀掉
       process：只杀主进程
       mixed：主进程将收到 SIGTERM 信号，子进程收到 SIGKILL 信号
       none：没有进程会被杀掉，只是执行服务的 stop 命令
 我们需要将 KillMode 的值设置为 process，这样可以确保升级或重启 containerd 时不杀死现有的容器。
四.启动containerd服务

systemctl enable containerd --now

五.查看和验证

启动完成后就可以使用 containerd 的本地 CLI 工具 ctr 和ctrctl了

ctr version

ctr images ls

ctr container ls 


#ctr的帮助
     plugins, plugin           provides information about containerd plugins
     version                   print the client and server versions
     containers, c, container  manage containers
     content                   manage content
     events, event             display containerd events
     images, image, i          manage images
     leases                    manage leases
     namespaces, namespace     manage namespaces
     pprof                     provide golang pprof outputs for containerd
     run                       run a container
     snapshots, snapshot       manage snapshots
     tasks, t, task            manage tasks
     install                   install a new package
     shim                      interact with a shim directly
     cri                       interact with cri plugin
     help, h                   Shows a list of commands or help for one command


crictl images ls 

#crictl的帮助
   attach              Attach to a running container
   create              Create a new container
   exec                Run a command in a running container
   version             Display runtime version information
   images, image, img  List images
   inspect             Display the status of one or more containers
   inspecti            Return the status of one or more images
   imagefsinfo         Return image filesystem info
   inspectp            Display the status of one or more pods
   logs                Fetch the logs of a container
   port-forward        Forward local port to a pod
   ps                  List containers
   pull                Pull an image from a registry
   run                 Run a new container inside a sandbox
   runp                Run a new pod
   rm                  Remove one or more containers
   rmi                 Remove one or more images
   rmp                 Remove one or more pods
   pods                List pods
   start               Start one or more created containers
   info                Display information of the container runtime
   stop                Stop one or more running containers
   stopp               Stop one or more running pods
   update              Update one or more running containers
   config              Get and set crictl client configuration options
   stats               List container(s) resource usage statistics
   completion          Output shell completion code
   help, h             Shows a list of commands or help for one command

六.配置镜像服务器地址

vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
      endpoint = ["https://kvuwuws2.mirror.aliyuncs.com"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
      endpoint = ["https://registry.aliyuncs.com/k8sxio"]

registry.mirrors."xxx": 表示需要配置 mirror 的镜像仓库，例如 registry.mirrors."docker.io" 表示配置 docker.io 的 mirror。
endpoint: 表示提供 mirror 的镜像加速服务，比如我们可以注册一个阿里云的镜像服务来作为 docker.io 的 mirror。

默认配置文件的两个参数解析：

root = "/var/lib/containerd"
state = "/run/containerd"
其中 root 是用来保存持久化数据，包括 Snapshots, Content, Metadata 以及各种插件的数据，每一个插件都有自己单独的目录，Containerd 本身不存储任何数据，它的所有功能都来自于已加载的插件。

而另外的 state 是用来保存运行时的临时数据的，包括 sockets、pid、挂载点、运行时状态以及不需要持久化的插件数据。
参考：https://blog.csdn.net/weixin_39246554/article/details/120930966