下载containerd相关依赖文件

wget https://github.com/containerd/containerd/releases/download/v1.7.1/containerd-1.7.1-linux-amd64.tar.gz
wget https://github.com/containerd/nerdctl/releases/download/v0.18.0/nerdctl-0.18.0-linux-amd64.tar.gz
wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64

yum安装containerd或获取cni相关插件

若缺失/opt/cni/bin/* 下bridge,firewall,host-local,portmap,tuning的cni等依赖二进制命令，配置docker yum源wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo。
yum list | grep containerd
yum install containerd

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

可yum install  kubernetes-cni.x86_64 安装下载后copy /opt/cni/bin

离线安装containerd

tar -zxvf containerd-1.7.1-linux-amd64.tar.gz
cp bin/* /usr/bin/

cp runc nerdctl /usr/bin/

生成containerd默认配置文件

mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml

修改默认配置文件

sandbox_image = "harbor.platform.com:8080/test/pause:3.9"

SystemdCgroup = true

   [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = "/etc/containerd/certs.d"

新建目录，添加containerd登陆私有仓库凭证
vi /etc/containerd/certs.d/harbor.platform.com:8080/hosts.toml

server = "harbor.platform.com:8080"
[host."http://harbor.platform.com:8080"]
capabilities = ["pull","resolve","push"]
skip_verify = true

配置containerd 启动文件

cat > /lib/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
 
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
 
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
 
[Install]
WantedBy=multi-user.target
EOF

启动containerd容器

systemctl restart containerd & systemctl enable containerd

登陆仓库

nerdctl login harbor.platform.com:8080 -u admin -pHarbor12345