#k8s使用stargz光速分发镜像

---

一、环境准备

按照k8s 参照上一篇文档 搭建k8s平台-containerd

安装stargz-snapshotter

# 下载安装包
wget /containerd/stargz-snapshotter/releases/download/v0.6.4/stargz-snapshotter-v0.6.
# 解压
tar -C /usr/local/bin -zxvf  stargz-snapshotter-v0.6. containerd-stargz-grpc ctr-remote
# 下载service 文件
wget -O /etc/systemd/system/ /containerd/stargz-snapshotter/main/script/config/etc/systemd/system/
# 启动
systemctl enable --now stargz-snapshotter

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9

配置containerd

修改containerd 配置文件/etc/containerd/

添加proxy_plugins、并修改 plugins.".".containerd 中的snapshotter 为stargz 如下

version = 2
...
# Enable stargz snapshotter for CRI
[plugins.".".containerd]
  snapshotter = "stargz"
  disable_snapshot_annotations = false

# Plug stargz snapshotter into containerd
[proxy_plugins]
  [proxy_plugins.stargz]
    type = "snapshot"
    address = "/run/containerd-stargz-grpc/"
...

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13

完整的配置文件如下

version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
plugin_dir = ""
disabled_plugins = []
required_plugins = []
oom_score = 0

[grpc]
  address = "/run/containerd/"
  tcp_address = ""
  tcp_tls_cert = ""
  tcp_tls_key = ""
  uid = 0
  gid = 0
  max_recv_message_size = 16777216
  max_send_message_size = 16777216

[ttrpc]
  address = ""
  uid = 0
  gid = 0
[proxy_plugins]
  [proxy_plugins.stargz]
    type = "snapshot"
    address = "/run/containerd-stargz-grpc/"
[debug]
  address = ""
  uid = 0
  gid = 0
  level = ""

[metrics]
  address = ""
  grpc_histogram = false

[cgroup]
  path = ""

[timeouts]
  "" = "5s"
  "" = "5s"
  "" = "3s"
  "" = "2s"

[plugins]
  [plugins."."]
    pause_threshold = 0.02
    deletion_threshold = 0
    mutation_threshold = 100
    schedule_delay = "0s"
    startup_delay = "100ms"
  [plugins."."]
    disable_tcp_service = true
    stream_server_address = "127.0.0.1"
    stream_server_port = "0"
    stream_idle_timeout = "4h0m0s"
    enable_selinux = false
    selinux_category_range = 1024
    sandbox_image = "/k8sxio/pause:3.2"
    stats_collect_period = 10
    systemd_cgroup = false
    enable_tls_streaming = false
    max_container_log_line_size = 16384
    disable_cgroup = false
    disable_apparmor = false
    restrict_oom_score_adj = false
    max_concurrent_downloads = 3
    disable_proc_mount = false
    unset_seccomp_profile = ""
    tolerate_missing_hugetlb_controller = true
    disable_hugetlb_controller = true
    ignore_image_defined_volumes = false
    [plugins.".".containerd]
      snapshotter = "stargz"
      default_runtime_name = "runc"
      no_pivot = false
      disable_snapshot_annotations = false
      discard_unpacked_layers = false
      [plugins.".".containerd.default_runtime]
        runtime_type = ""
        runtime_engine = ""
        runtime_root = ""
        privileged_without_host_devices = false
        base_runtime_spec = ""
      [plugins.".".containerd.untrusted_workload_runtime]
        runtime_type = ""
        runtime_engine = ""
        runtime_root = ""
        privileged_without_host_devices = false
        base_runtime_spec = ""
      [plugins.".".]
        [plugins.".".]
          runtime_type = ".v2"
          runtime_engine = ""
          runtime_root = ""
          privileged_without_host_devices = false
          base_runtime_spec = ""
          [plugins.".".]
            SystemdCgroup = true
    [plugins.".".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/"
      max_conf_num = 1
      conf_template = ""
    [plugins.".".registry]
      [plugins.".".]
        [plugins."."..""]
          endpoint = [""]
    [plugins.".".image_decryption]
      key_model = ""
    [plugins.".".x509_key_pair_streaming]
      tls_cert_file = ""
      tls_key_file = ""
  [plugins."."]
    path = "/opt/containerd"
  [plugins."."]
    interval = "10s"
  [plugins."."]
    content_sharing_policy = "shared"
  [plugins."."]
    no_prometheus = false
  [plugins."."]
    shim = "containerd-shim"
    runtime = "runc"
    runtime_root = ""
    no_shim = false
    shim_debug = false
  [plugins."."]
    platforms = ["linux/amd64"]
  [plugins.".-service"]
    default = ["walking"]
  [plugins."."]
    root_path = ""
    pool_name = ""
    base_image_size = ""
    async_remove = false

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57
• 58
• 59
• 60
• 61
• 62
• 63
• 64
• 65
• 66
• 67
• 68
• 69
• 70
• 71
• 72
• 73
• 74
• 75
• 76
• 77
• 78
• 79
• 80
• 81
• 82
• 83
• 84
• 85
• 86
• 87
• 88
• 89
• 90
• 91
• 92
• 93
• 94
• 95
• 96
• 97
• 98
• 99
• 100
• 101
• 102
• 103
• 104
• 105
• 106
• 107
• 108
• 109
• 110
• 111
• 112
• 113
• 114
• 115
• 116
• 117
• 118
• 119
• 120
• 121
• 122
• 123
• 124
• 125
• 126
• 127
• 128
• 129
• 130
• 131
• 132
• 133
• 134
• 135
• 136
• 137

重启containerd

systemctl restart containerd

• 1

验证

创建优化为eStargz的镜像

以下示例将ubuntu:20.04映像转换为eStargz,注意要将/vicccc/ubuntu:20.04startgz替换为自己的仓库

 ctr-remote image pull /library/ubuntu:20.04
ctr-remote i optimize --oci --entrypoint='[ "/bin/bash", "-c" ]' --args='[ "ls" ]' /library/ubuntu:20.04  /library/ubuntu:20.04 /lazy/ubuntu:20.04gz
ctr-remote i push /lazy/ubuntu:20.04gz

• 1
• 2
• 3

创建pod 插件拉取速度

1. 使用普通镜像

kubectl create -f -  <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: ubuntu
spec:
  containers:
  - name: ubuntu
    imagePullPolicy: Always
    image: /lazy/ubuntu:20.04
    command: ["/bin/sh","-c","sleep 3600"]
EOF

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12

查看拉取时间

Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  19s   default-scheduler  Successfully assigned default/ubuntu to containerd2
  Normal  Pulling    17s   kubelet            Pulling image "/lazy/ubuntu:20.04"
  Normal  Pulled     11s   kubelet            Successfully pulled image "/lazy/ubuntu:20.04" in 5.902010728s
  Normal  Created    11s   kubelet            Created container ubuntu
  Normal  Started    11s   kubelet            Started container ubuntu

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10

2. 使用eStargz的特殊镜像

kubectl create -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: ubuntugz
spec:
  containers:
  - name: ubuntugz
    imagePullPolicy: Always
    image: /lazy/ubuntu:20.04gz
    command: ["/bin/sh","-c","sleep 3600"]
EOF

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12

查看拉取时间

Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  48s   default-scheduler  Successfully assigned default/ubuntugz to containerd2
  Normal  Pulling    46s   kubelet            Pulling image "/lazy/ubuntu:20.04gz"
  Normal  Pulled     46s   kubelet            Successfully pulled image "/lazy/ubuntu:20.04gz" in 542.282538ms
  Normal  Created    46s   kubelet            Created container ubuntugz
  Normal  Started    45s   kubelet            Started container ubuntugz

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9

使用普通镜像的pod拉取时间5秒左右，但是eStargz 的镜像仅用500ms 差距十分明显

Ref

https://github.com/containerd/stargz-snapshotter