Install Containerd, Run BusyBox, and Enable CNI Networking on Linux

1. Install Containerd

Install containerd on a CentOS host using yum, generate the default configuration, enable and start the service, and replace the default sandbox image with a custom one.

yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd epel-release
yum install -y jq
containerd config default > /etc/containerd/config.toml
systemctl enable containerd
systemctl start containerd
# replace sandbox image
sandbox_image = "172.16.0.4/captain/pause-amd64:3.0"
systemctl daemon-reload
systemctl restart containerd

2. Run a BusyBox image

Pull the BusyBox image, create a container, start a task, inspect its PID, enter the container, and finally kill it.

# Pull image
ctr -n k8s.io i pull docker.io/library/busybox:latest
# Create container
ctr -n k8s.io container create docker.io/library/busybox:latest busybox
# Start task
ctr -n k8s.io task start -d busybox
# List tasks
ctr -n k8s.io task ls
# Exec into container
ctr -n k8s.io t exec --exec-id $RANDOM -t busybox sh
# Kill container
ctr -n k8s.io t kill -s SIGKILL busybox
ctr -n k8s.io t rm busybox

3. Create a CNI network

Download CNI plugins and source, extract them, and configure a bridge network using JSON files.

mkdir -p /etc/cni/net.d
cat > /etc/cni/net.d/10-mynet.conf <<EOF
{
  "cniVersion": "0.2.0",
  "name": "mynet",
  "type": "bridge",
  "bridge": "cni0",
  "isGateway": true,
  "ipMasq": true,
  "ipam": {
    "type": "host-local",
    "subnet": "10.22.0.0/16",
    "routes": [{ "dst": "0.0.0.0/0" }]
  }
}
EOF
cat > /etc/cni/net.d/99-loopback.conf <<EOF
{
  "cniVersion": "0.2.0",
  "name": "lo",
  "type": "loopback"
}
EOF
CNI_PATH=/root/cni-plugins ./priv-net-run.sh echo "Hello World"

4. Enable networking for containerd containers

Attach the CNI network to a running container by locating its PID and invoking the CNI exec plugin.

pid=$(ctr -n k8s.io t ls | grep busybox | awk '{print $2}')
netnspath=/proc/$pid/ns/net
CNI_PATH=/root/cni-plugins /root/cni/scripts/exec-plugins.sh add $pid $netnspath

5. Share a host directory with a container

ctr -n k8s.io c create <image> busybox1 --mount type=bind,src=/tmp,dst=/host,options=rbind:rw
ctr -n k8s.io t start -d busybox1 bash
ctr -n k8s.io t exec -t --exec-id $RANDOM busybox1 sh
# Inside container
echo "Hello world" > /host/1
# On host
cat /tmp/1

6. Share PID namespace between containers

Demonstrate sharing the PID namespace of an existing container with a new one.

# Existing task PID (example)
pid=2652
ctr -n k8s.io c create --with-ns "pid:/proc/$pid/ns/pid" <image> python
ctr -n k8s.io t start -d python python
ctr -n k8s.io t exec -t --exec-id $RANDOM busybox1 sh
ps aux

7. Run Docker and containerd side by side

Install Docker, modify its service file to use the containerd socket, and start Docker.

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum update -y && yum install -y docker-ce-18.06.2.ce
systemctl enable docker
# Edit /etc/systemd/system/multi-user.target.wants/docker.service to add "--containerd /run/containerd/containerd.sock"
systemctl daemon-reload
systemctl start docker