root@ubuntu2004:~# mkdir nginxroot@ubuntu2004:~# cd nginx/root@ubuntu2004:~/nginx# wget https://nginx.org/download/nginx-1.22.1.tar.gz--2022-10-29 15:29:48--  https://nginx.org/download/nginx-1.22.1.tar.gzResolving nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2a05:d014:edb:5704::6, ...Connecting to nginx.org (nginx.org)|52.58.199.22|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 1073948 (1.0M) [application/octet-stream]Saving to: ‘nginx-1.22.1.tar.gz’
nginx-1.22.1.tar.gz                              100%[=========================================================================================================>]   1.02M  50.6KB/s    in 36s     
2022-10-29 15:30:25 (29.5 KB/s) - ‘nginx-1.22.1.tar.gz’ saved [1073948/1073948]

root@ubuntu2004:~/nginx# cat sources.list # 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiversedeb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiversedeb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiversedeb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse

root@ubuntu2004:~/nginx# cat Dockerfile FROM ubuntu:22.04LABEL "author"  "starry 360159416@qq.com"RUN apt-get update && apt-get -y install apt-transport-https ca-certificates curl software-properties-commonADD sources.list /etc/apt/sources.listRUN apt update \    &&  apt install -y iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common \        lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump \        telnet traceroute gcc openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev \        zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip makeADD nginx-1.22.1.tar.gz /usr/local/src/RUN cd /usr/local/src/nginx-1.22.1 \     && ./configure --prefix=/apps/nginx && make && make install \     && ln -sv /apps/nginx/sbin/nginx /usr/binRUN groupadd -g 2088 nginx \     && useradd -g nginx -s /usr/sbin/nologin -u 2088 nginx \     && chown -R nginx.nginx /apps/nginx#ADD nginx.conf /apps/nginx/conf/#ADD frontend.tar.gz /apps/nginx/html/EXPOSE 80 443#ENTRYPOINT ["nginx"]CMD ["/apps/ngins/sbin/nginx","-g","daemon off;"]

root@ubuntu2004:~/nginx# cat build.sh #!/bin/bash
TAG=$1docker build -t harbor.magedu.net/myserver/nginx:$TAG .

root@ubuntu2004:~/nginx# bash build.sh v1# 打包成功后，查看镜像root@ubuntu2004:~/nginx# docker imagesREPOSITORY                         TAG                 IMAGE ID       CREATED          SIZEharbor.magedu.net/myserver/nginx   v1                  3314da964420   6 seconds ago    540MB

root@ubuntu2004:~/nginx# cat /etc/docker/daemon.json {  "registry-mirrors": ["https://9916w1ow.mirror.aliyuncs.com"],  "exec-opts": ["native.cgroupdriver=systemd"],  "log-opts": {     "max-file": "5",     "max-size": "100m"  }}root@ubuntu2004:~/nginx# systemctl stop docker.socketroot@ubuntu2004:~/nginx# systemctl start docker.socket

root@ubuntu2004:~/nginx# docker run -it -d -m 512m --oom-kill-disable -p 80:80 harbor.magedu.net/myserver/nginx:v1WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.1a9deba691a88f0ad5b1c45c73c10d750db5401612d4b8f2cfd5483d723812a4

CONTAINER ID   NAME               CPU %     MEM USAGE / LIMIT   MEM %     NET I/O       BLOCK I/O   PIDS1a9deba691a8   trusting_shannon   0.00%     2.875MiB / 512MiB   0.56%     1.09kB / 0B   0B / 0B     2

root@ubuntu2004:~/nginx# docker run -it -d -m 512m --memory-reservation 1024m -p 80:80 harbor.magedu.net/myserver/nginx:v1docker: Error response from daemon: Minimum memory limit can not be less than memory reservation limit, see usage.
root@ubuntu2004:~/nginx# docker run -it -d -m 512m --memory-reservation 256m -p 80:80 harbor.magedu.net/myserver/nginx:v1WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.f3d516484d491121d1504048188efdcfab29c000a05e49c5a24080361c26a67

容器不做资源限制时，压测申请512m内存root@ubuntu2004:~/nginx# docker run -it --rm --name magedu-c1 lorel/docker-stress-ng --vm 2 --vm-bytes 256Mstress-ng: info: [1] defaulting to a 86400 second run per stressorstress-ng: info: [1] dispatching hogs: 2 vm
另一终端查看MEM USAGE可以看到内存占用约512mCONTAINER ID   NAME        CPU %     MEM USAGE / LIMIT     MEM %     NET I/O       BLOCK I/O   PIDS6729338b12d0   magedu-c1   199.76%   517.4MiB / 1.907GiB   26.50%    1.02kB / 0B   0B / 0B     5
容器限制256M内存，压测申请512m内存root@ubuntu2004:~/nginx# docker run -it --rm --name magedu-c1 -m 256m lorel/docker-stress-ng --vm 2 --vm-bytes 256MWARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.stress-ng: info: [1] defaulting to a 86400 second run per stressorstress-ng: info: [1] dispatching hogs: 2 vm
另一终端查看MEM USAGE可以看到内存只占用约256m，无法申请多余资源CONTAINER ID   NAME        CPU %     MEM USAGE / LIMIT   MEM %     NET I/O       BLOCK I/O   PIDS6a7025db8670   magedu-c1   160.98%   255.8MiB / 256MiB   99.91%    1.02kB / 0B   22GB / 0B   5

# 分配1.5核cpu资源，申请占用1核cpuroot@ubuntu2004:~/nginx# docker run -it --rm --name magedu-c1 --cpus 1 lorel/docker-stress-ng --cpu 1stress-ng: info: [1] defaulting to a 86400 second run per stressorstress-ng: info: [1] dispatching hogs: 1 cpu
# 压测占满1核cpuCONTAINER ID   NAME        CPU %     MEM USAGE / LIMIT     MEM %     NET I/O       BLOCK I/O   PIDS98dd2594768d   magedu-c1   100.66%   5.898MiB / 1.907GiB   0.30%     1.02kB / 0B   0B / 0B     2

root@docker-harbor1:~# apt updateroot@docker-harbor1:~# apt-cache madison docker-composedocker-compose |   1.25.0-1 | http://mirrors.aliyun.com/ubuntu focal/universe amd64 Packagesroot@docker-harbor1:~# apt install docker-compose=1.25.0-1 -y

# 解压版本包root@docker-harbor1:~# tar xvf harbor-offline-installer-v2.6.1.tgzroot@docker-harbor1:~# cd harbor/root@docker-harbor1:~/harbor# lscommon.sh  harbor.v2.6.1.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare# 复制模板文件为yml文件root@docker-harbor1:~/harbor# cp harbor.yml.tmpl harbor.yml# 修改yml文件内容，最终文件内容如下root@docker-harbor1:~/harbor# grep -Ev '^\s*#|^$' harbor.ymlhostname: docker-harbor1http:  port: 80harbor_admin_password: 12345678database:  password: root123  max_idle_conns: 100  max_open_conns: 900data_volume: /datatrivy:  ignore_unfixed: false  skip_update: false  offline_scan: false  insecure: falsejobservice:  max_job_workers: 10notification:  webhook_job_max_retry: 10chart:  absolute_url: disabledlog:  level: info  local:    rotate_count: 50    rotate_size: 200M    location: /var/log/harbor_version: 2.6.0proxy:  http_proxy:  https_proxy:  no_proxy:  components:    - core    - jobservice    - trivyupload_purging:  enabled: true  age: 168h  interval: 24h  dryrun: falsecache:  enabled: false  expire_hours: 24

root@docker-harbor1:~/harbor# ./install.sh --with-trivy --with-chartmuseum
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.21
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.25.0
[Step 2]: loading Harbor images ...19b3e561bd53: Loading layer [==================================================>]  37.69MB/37.69MBb1c55ad746b8: Loading layer [==================================================>]  5.754MB/5.754MB3fad059e5b96: Loading layer [==================================================>]  8.718MB/8.718MBac3d56834181: Loading layer [==================================================>]  15.88MB/15.88MBac64291e7095: Loading layer [==================================================>]  29.29MB/29.29MB347c69d047c1: Loading layer [==================================================>]  22.02kB/22.02kB2bc68bdd74b4: Loading layer [==================================================>]  15.88MB/15.88MBLoaded image: goharbor/notary-server-photon:v2.6.1a3f881ff8a8a: Loading layer [==================================================>]  5.759MB/5.759MBbf4fe2665116: Loading layer [==================================================>]  90.88MB/90.88MB1bbf13d3b736: Loading layer [==================================================>]  3.072kB/3.072kB6864945044da: Loading layer [==================================================>]  4.096kB/4.096kBe74206fce300: Loading layer [==================================================>]  91.67MB/91.67MBLoaded image: goharbor/chartmuseum-photon:v2.6.1d1cca5e33760: Loading layer [==================================================>]  126.9MB/126.9MBf21ade3affb4: Loading layer [==================================================>]  3.584kB/3.584kB2b10bb22d396: Loading layer [==================================================>]  3.072kB/3.072kBcddb26029f4f: Loading layer [==================================================>]   2.56kB/2.56kB120e581fca06: Loading layer [==================================================>]  3.072kB/3.072kBb55ab4161be8: Loading layer [==================================================>]  3.584kB/3.584kB708b88dc9728: Loading layer [==================================================>]  20.99kB/20.99kBLoaded image: goharbor/harbor-log:v2.6.1aa3c0eeab3fd: Loading layer [==================================================>]  5.759MB/5.759MB08acd59679e5: Loading layer [==================================================>]  4.096kB/4.096kBdbfa72b62e7c: Loading layer [==================================================>]   17.1MB/17.1MB3db46c922bff: Loading layer [==================================================>]  3.072kB/3.072kBdb46f9ab20a1: Loading layer [==================================================>]  29.15MB/29.15MBc28b264c5c77: Loading layer [==================================================>]  47.04MB/47.04MBLoaded image: goharbor/harbor-registryctl:v2.6.146e1d8c22785: Loading layer [==================================================>]  119.1MB/119.1MBLoaded image: goharbor/nginx-photon:v2.6.1ebe1f7ed9475: Loading layer [==================================================>]  7.162MB/7.162MB780db4ad3bef: Loading layer [==================================================>]  4.096kB/4.096kBdc07146a4e90: Loading layer [==================================================>]  3.072kB/3.072kB2cdc8f8be3a6: Loading layer [==================================================>]  91.21MB/91.21MBd4efae655490: Loading layer [==================================================>]  12.86MB/12.86MBc11badbab4ee: Loading layer [==================================================>]  104.9MB/104.9MBLoaded image: goharbor/trivy-adapter-photon:v2.6.16ada5ff70437: Loading layer [==================================================>]  43.85MB/43.85MB070561aa0752: Loading layer [==================================================>]   65.9MB/65.9MBaf13505c0fbc: Loading layer [==================================================>]  19.14MB/19.14MB8eaa0fe4e73c: Loading layer [==================================================>]  65.54kB/65.54kB9ffc621c4d1d: Loading layer [==================================================>]   2.56kB/2.56kB4f311e4137a0: Loading layer [==================================================>]  1.536kB/1.536kBd1ecbcc8c146: Loading layer [==================================================>]  12.29kB/12.29kB313e339c685b: Loading layer [==================================================>]  2.613MB/2.613MB6f748b2ed0dc: Loading layer [==================================================>]  379.9kB/379.9kBLoaded image: goharbor/prepare:v2.6.159c6fef03969: Loading layer [==================================================>]  1.097MB/1.097MB0b0d97fd8a80: Loading layer [==================================================>]  5.888MB/5.888MB6f21e17052fb: Loading layer [==================================================>]    169MB/169MB480717132aea: Loading layer [==================================================>]  16.96MB/16.96MB817dc53a51cf: Loading layer [==================================================>]  4.096kB/4.096kBbeeda54c09df: Loading layer [==================================================>]  6.144kB/6.144kB0de0c418dfa2: Loading layer [==================================================>]  3.072kB/3.072kB394a42c14a01: Loading layer [==================================================>]  2.048kB/2.048kBc53687716453: Loading layer [==================================================>]   2.56kB/2.56kB46e9e5d728c4: Loading layer [==================================================>]   2.56kB/2.56kBe05b0e58bb47: Loading layer [==================================================>]   2.56kB/2.56kB85d4f51c325c: Loading layer [==================================================>]  8.704kB/8.704kBLoaded image: goharbor/harbor-db:v2.6.10bfa75b1d074: Loading layer [==================================================>]  8.902MB/8.902MB0dda41e1e1a6: Loading layer [==================================================>]  3.584kB/3.584kB13be21b41d86: Loading layer [==================================================>]   2.56kB/2.56kBf92838d6a967: Loading layer [==================================================>]  97.91MB/97.91MBe97573477193: Loading layer [==================================================>]   98.7MB/98.7MBLoaded image: goharbor/harbor-jobservice:v2.6.115fecb8d6c42: Loading layer [==================================================>]  119.1MB/119.1MB098f54fce48f: Loading layer [==================================================>]  7.535MB/7.535MB3dc6ef297f52: Loading layer [==================================================>]  1.185MB/1.185MBLoaded image: goharbor/harbor-portal:v2.6.1775b1ccf1721: Loading layer [==================================================>]  5.754MB/5.754MBf4ef31b9659f: Loading layer [==================================================>]  8.718MB/8.718MB7c9e733a4621: Loading layer [==================================================>]  14.47MB/14.47MB148050e3b89d: Loading layer [==================================================>]  29.29MB/29.29MB500fdc71742e: Loading layer [==================================================>]  22.02kB/22.02kBd38ecdf0c794: Loading layer [==================================================>]  14.47MB/14.47MBLoaded image: goharbor/notary-signer-photon:v2.6.10b6707dd33bc: Loading layer [==================================================>]  5.759MB/5.759MB8107a2426b6d: Loading layer [==================================================>]  4.096kB/4.096kB130b71e83c08: Loading layer [==================================================>]  3.072kB/3.072kB3daa3b45e084: Loading layer [==================================================>]   17.1MB/17.1MBe1f022373798: Loading layer [==================================================>]   17.9MB/17.9MBLoaded image: goharbor/registry-photon:v2.6.1b8ab82a27cb4: Loading layer [==================================================>]  8.902MB/8.902MB031794af342e: Loading layer [==================================================>]  3.584kB/3.584kBa6c93180465a: Loading layer [==================================================>]   2.56kB/2.56kB1181f6dc3b6f: Loading layer [==================================================>]  80.74MB/80.74MB6aea11036399: Loading layer [==================================================>]  5.632kB/5.632kB84ea4b6c2a1f: Loading layer [==================================================>]  105.5kB/105.5kB9da21a8aaea8: Loading layer [==================================================>]  44.03kB/44.03kB3a6281e6c8dc: Loading layer [==================================================>]  81.68MB/81.68MB57ba35dc2c40: Loading layer [==================================================>]   2.56kB/2.56kBLoaded image: goharbor/harbor-core:v2.6.124243fc0136d: Loading layer [==================================================>]  8.902MB/8.902MB9778bfbfaf4b: Loading layer [==================================================>]  24.64MB/24.64MBc904704d3e3f: Loading layer [==================================================>]  4.608kB/4.608kB0ee8cf6901bd: Loading layer [==================================================>]  25.43MB/25.43MBLoaded image: goharbor/harbor-exporter:v2.6.15e3e5b804996: Loading layer [==================================================>]  119.9MB/119.9MBc7323c3b23ff: Loading layer [==================================================>]  3.072kB/3.072kB6ab347b42178: Loading layer [==================================================>]   59.9kB/59.9kB4587d0666b27: Loading layer [==================================================>]  61.95kB/61.95kBLoaded image: goharbor/redis-photon:v2.6.1

[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...prepare base dir is set to /root/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsGenerated configuration file: /config/portal/nginx.confGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlGenerated and saved secret to file: /data/secret/keys/secretkeySuccessfully called func: create_root_certGenerated configuration file: /config/trivy-adapter/envGenerated configuration file: /config/chartserver/envGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir

Note: stopping existing Harbor instance ...Removing network harbor_harborWARNING: Network harbor_harbor not found.Removing network harbor_harbor-chartmuseumWARNING: Network harbor_harbor-chartmuseum not found.

[Step 5]: starting Harbor ...➜     Chartmusuem will be deprecated as of Harbor v2.6.0 and start to be removed in v2.8.0 or later.    Please see discussion here for more details. https://github.com/goharbor/harbor/discussions/15057Creating network "harbor_harbor" with the default driverCreating network "harbor_harbor-chartmuseum" with the default driverCreating harbor-log ... doneCreating harbor-portal ... doneCreating chartmuseum   ... doneCreating redis         ... doneCreating registryctl   ... doneCreating harbor-db     ... doneCreating registry      ... doneCreating trivy-adapter ... doneCreating harbor-core   ... doneCreating harbor-jobservice ... doneCreating nginx             ... done✔ ----Harbor has been installed and started successfully.----

root@docker-harbor1:~/harbor# docker ps -aCONTAINER ID   IMAGE                                  COMMAND                  CREATED         STATUS                   PORTS                                   NAMESac5fc309deaa   goharbor/harbor-jobservice:v2.6.1      "/harbor/entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                           harbor-jobservice2283bbaebae1   goharbor/nginx-photon:v2.6.1           "nginx -g 'daemon of…"   2 minutes ago   Up 2 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginxc3733fde2a83   goharbor/trivy-adapter-photon:v2.6.1   "/home/scanner/entry…"   2 minutes ago   Up 2 minutes (healthy)                                           trivy-adapter101c97c4f38f   goharbor/harbor-core:v2.6.1            "/harbor/entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                           harbor-core618163feb4a6   goharbor/registry-photon:v2.6.1        "/home/harbor/entryp…"   2 minutes ago   Up 2 minutes (healthy)                                           registry4ca51e1cb5e2   goharbor/harbor-db:v2.6.1              "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                           harbor-db5f403abedafc   goharbor/redis-photon:v2.6.1           "redis-server /etc/r…"   2 minutes ago   Up 2 minutes (healthy)                                           redis6443a1fb71ab   goharbor/harbor-registryctl:v2.6.1     "/home/harbor/start.…"   2 minutes ago   Up 2 minutes (healthy)                                           registryctlc08aa86d0a5d   goharbor/chartmuseum-photon:v2.6.1     "./docker-entrypoint…"   2 minutes ago   Up 2 minutes (healthy)                                           chartmuseum9e36fcf6c666   goharbor/harbor-portal:v2.6.1          "nginx -g 'daemon of…"   2 minutes ago   Up 2 minutes (healthy)                                           harbor-portal2668aa9efa40   goharbor/harbor-log:v2.6.1             "/bin/sh -c /usr/loc…"   2 minutes ago   Up 2 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log

# 在/etc/hosts 配置三台服务器的主机名和ip映射关系，使可以通过主机名访问。root@ubuntu200401:~# cat /etc/hosts127.0.0.1 localhost127.0.1.1 ubuntu2004
# The following lines are desirable for IPv6 capable hosts::1     ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters10.0.0.134 ubuntu20040110.0.0.132 ubuntu20040210.0.0.133 docker-harbor110.0.0.133 harbor.magedu.net
# 添加"insecure-registries"，指定harbor的地址。root@ubuntu200401:~# cat /etc/docker/daemon.json {  "registry-mirrors": ["https://9916w1ow.mirror.aliyuncs.com"],  "insecure-registries": ["harbor.magedu.net"],  "exec-opts": ["native.cgroupdriver=systemd"],  "log-opts": {     "max-file": "5",     "max-size": "100m"  }}
# 重启docker服务root@ubuntu200401:~# systemctl restart docker
# 检查是否生效root@ubuntu200401:~# docker infoClient:......... Insecure Registries:  harbor.magedu.net  127.0.0.0/8 Registry Mirrors:  https://9916w1ow.mirror.aliyuncs.com/ Live Restore Enabled: false
WARNING: No swap limit support
# 确认能正常访问harbor服务器地址root@ubuntu200401:~# ping harbor.magedu.netPING harbor.magedu.net (10.0.0.133) 56(84) bytes of data.64 bytes from docker-harbor1 (10.0.0.133): icmp_seq=1 ttl=64 time=0.144 ms64 bytes from docker-harbor1 (10.0.0.133): icmp_seq=2 ttl=64 time=0.343 ms

# docker login会提示输入用户名密码  admin/12345678root@ubuntu200401:~# docker login harbor.magedu.netUsername: adminPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

# /root/.docker/config.json文件保存了当前镜像仓库的认证信息。里面的密码可以是通过base64加密。可以通过base64 -d 解密。

root@ubuntu200402:~# cat /etc/docker/daemon.json {  "registry-mirrors": ["https://9916w1ow.mirror.aliyuncs.com"],  "exec-opts": ["native.cgroupdriver=systemd"],  "insecure-registries": ["harbor.magedu.net"],  "log-opts": {     "max-file": "5",     "max-size": "100m"  }}
root@ubuntu200402:~# systemctl restart dockerroot@ubuntu200402:~# docker pull harbor.magedu.net/magedu/nginx:v1v1: Pulling from magedu/nginxaee1767db0dd: Pull complete 9e75cd419b1c: Pull complete 7679fa654305: Pull complete 232562ad247f: Pull complete ac842c5bab00: Pull complete cab6623b2bc5: Pull complete d18a7ffe0197: Pull complete Digest: sha256:b8f2e9651766bc915b23286eac05c26df0bde4dbf45ccf41db20c517b5ffb1e1Status: Downloaded newer image for harbor.magedu.net/magedu/nginx:v1harbor.magedu.net/magedu/nginx:v1

root@ubuntu200403:~# cd /etc/netplan/root@ubuntu200403:/etc/netplan# cat 00-installer-config.yaml # This is the network config written by 'subiquity'network:  ethernets:    ens33:      dhcp4: no      addresses: [10.0.0.131/24]      optional: true      gateway4: 10.0.0.2      nameservers:           addresses: [10.0.0.2]  version: 2

root@ubuntu200401:~# which containerd/usr/bin/containerdroot@ubuntu200401:~# containerd -vcontainerd containerd.io 1.6.8 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6

# 安装依赖root@ubuntu200403:~# apt updateroot@ubuntu200403:~#  apt-get -y install apt-transport-https ca-certificates curl software-properties-common# 安装GPG证书root@ubuntu200403:~# curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -OK# 写入软件源信息root@ubuntu200403:~# add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"Hit:1 http://mirrors.aliyun.com/ubuntu focal InReleaseHit:2 http://mirrors.aliyun.com/ubuntu focal-updates InReleaseGet:3 https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal InRelease [57.7 kB]Hit:4 http://mirrors.aliyun.com/ubuntu focal-backports InRelease                    Hit:5 http://mirrors.aliyun.com/ubuntu focal-security InRelease                       Get:6 https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packages [20.8 kB]Fetched 78.5 kB in 1s (84.8 kB/s)Reading package lists... Done
# 更新源信息root@ubuntu200403:~# apt-get -y updateHit:1 http://mirrors.aliyun.com/ubuntu focal InReleaseHit:2 http://mirrors.aliyun.com/ubuntu focal-updates InReleaseHit:3 http://mirrors.aliyun.com/ubuntu focal-backports InRelease                                       Hit:4 https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal InRelease                                Hit:5 http://mirrors.aliyun.com/ubuntu focal-security InRelease                                        Reading package lists... Done
# 查询containerd.io可用版本root@ubuntu200403:~# apt-cache madison containerd.iocontainerd.io |    1.6.9-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.6.8-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.6.7-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.6.6-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.6.4-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |   1.5.11-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |   1.5.10-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |   1.4.13-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |   1.4.12-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |   1.4.11-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |   1.4.10-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.4.9-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.4.8-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.4.6-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.4.4-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.4.3-2 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.4.3-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.3.9-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |    1.3.7-1 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packagescontainerd.io |   1.2.13-2 | https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal/stable amd64 Packages
# 安装containerd.io，指定版本为1.6.8-1root@ubuntu200403:~# apt install -y containerd.io=1.6.8-1
root@ubuntu200403:~# containerd --versioncontainerd containerd.io 1.6.8 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
# 打印containerd的默认配置root@ubuntu200403:~# containerd config default
# 自定义配置root@ubuntu200403:~# containerd config default > /etc/containerd/config.toml# 1）修改sandbox_image，改为可访问的地址：sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7”# 2）配置镜像加速，即在153行后增加两行内容root@ubuntu200403:~# sed -n '153,156p'  /etc/containerd/config.toml       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]          endpoint = ["https://9916w1ow.mirror.aliyuncs.com"]    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
# 重启containerd，使配置生效root@ubuntu200403:~# systemctl restart containerd.service# 查看containerd 为running状态root@ubuntu200403:~# systemctl status containerd
# containerd没有集成runc，需要下载安装runcroot@ubuntu200403:~# wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64--2022-10-30 10:14:11--  https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64Resolving github.com (github.com)... 20.205.243.166Connecting to github.com (github.com)|20.205.243.166|:443... connected.HTTP request sent, awaiting response... 302 FoundLocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/36960321/be20855c-9592-4953-b63e-58ee2b47b541?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221030%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221030T101411Z&X-Amz-Expires=300&X-Amz-Signature=9cfd028db0db100400c26d5a549a8b83165b6556fcc52a6f1d80eb1d8583a1e1&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=36960321&response-content-disposition=attachment%3B%20filename%3Drunc.amd64&response-content-type=application%2Foctet-stream [following]--2022-10-30 10:14:11--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/36960321/be20855c-9592-4953-b63e-58ee2b47b541?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20221030%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221030T101411Z&X-Amz-Expires=300&X-Amz-Signature=9cfd028db0db100400c26d5a549a8b83165b6556fcc52a6f1d80eb1d8583a1e1&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=36960321&response-content-disposition=attachment%3B%20filename%3Drunc.amd64&response-content-type=application%2Foctet-streamResolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.109.133, ...Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 9431456 (9.0M) [application/octet-stream]Saving to: ‘runc.amd64’
runc.amd64                                       100%[=========================================================================================================>]   8.99M  2.27MB/s    in 4.0s    
2022-10-30 10:14:20 (2.27 MB/s) - ‘runc.amd64’ saved [9431456/9431456]
root@ubuntu200403:~# mv runc.amd64 /usr/bin/runcroot@ubuntu200403:~# chmod a+x /usr/bin/runcroot@ubuntu200403:~# runc -vrunc version 1.1.4commit: v1.1.4-0-g5fd4c4d1spec: 1.0.2-devgo: go1.17.10libseccomp: 2.5.4
# containerd没有地址，还需要安装cni。cni是给容器提供地址的组件root@ubuntu200403:~# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgzroot@ubuntu200403:~# mkdir /opt/cni/bin -pvroot@ubuntu200403:~# tar xvf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
# 安装兼容docker的containerd客户端nerdctlroot@ubuntu200403:~# wget https://github.com/containerd/nerdctl/releases/download/v0.23.0/nerdctl-0.23.0-linux-amd64.tar.gzroot@ubuntu200403:~# tar xvf nerdctl-0.23.0-linux-amd64.tar.gz -C /usr/bin/nerdctlcontainerd-rootless-setuptool.shcontainerd-rootless.sh

# pull一个nginx镜像root@ubuntu200403:~# nerdctl pull nginx:1.18.0-alpinedocker.io/library/nginx:1.18.0-alpine:                                            resolved       |++++++++++++++++++++++++++++++++++++++| index-sha256:93baf2ec1bfefd04d29eb070900dd5d79b0f79863653453397e55a5b663a6cb1:    done           |++++++++++++++++++++++++++++++++++++++| manifest-sha256:ca9fac83c6c89a09424279de522214e865e322187b22a1a29b12747a4287b7bd: done           |++++++++++++++++++++++++++++++++++++++| config-sha256:684dbf9f01f3250437d595669c7437c202573798ab34247d50338ff630e58b6a:   done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:4259d8811e1d8716d6744cee8efe95b081c391ebf596fe0dd197a7041c956da3:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:ddad3d7c1e96adf9153f8921a7c9790f880a390163df453be1566e9ef0d546e0:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:d04f0a2e920127922c4bf1252186544361b5043887ef177dc2638d07f95e582b:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:c7974bc8b744e53e801b97c1819fb9adbd3e36874a645e8e17d35669c25900b3:    done           |++++++++++++++++++++++++++++++++++++++| layer-sha256:df7ae1cb4591426fb91492c8db67abd8e85adb5a9b7f1e61b6da6055fd63a297:    done           |++++++++++++++++++++++++++++++++++++++| elapsed: 25.8s                                                                    total:  9.1 Mi (359.7 KiB/s)                                     
# 查看镜像root@ubuntu200403:~# nerdctl imagesREPOSITORY    TAG              IMAGE ID        CREATED               PLATFORM       SIZE        BLOB SIZEnginx         1.18.0-alpine    93baf2ec1bfe    About a minute ago    linux/amd64    25.0 MiB    9.1 MiB

# 默认镜像在default命名空间 root@ubuntu200403:~# nerdctl -n default imagesREPOSITORY    TAG              IMAGE ID        CREATED               PLATFORM       SIZE        BLOB SIZEnginx         1.18.0-alpine    93baf2ec1bfe    About a minute ago    linux/amd64    25.0 MiB    9.1 MiBroot@ubuntu200403:~# nerdctl -n k8s.io imagesREPOSITORY    TAG    IMAGE ID    CREATED    PLATFORM    SIZE    BLOB SIZE
# 后续pull镜像，可以指定-n k8s.io 命名空间。
# 创建nginx容器root@ubuntu200403:~# nerdctl run -it -p 80:80 --name nginx nginx:1.18.0-alpine
# 另开一终端看看容器状态root@ubuntu200403:~# nerdctl ps -aCONTAINER ID    IMAGE                                    COMMAND                   CREATED          STATUS    PORTS                 NAMES9147985be425    docker.io/library/nginx:1.18.0-alpine    "/docker-entrypoint.…"    8 minutes ago    Up        0.0.0.0:80->80/tcp    nginx