2

I've been following Gentle ContainerD on Windows Guide For You to setup ContainerD on my Windows 10 machine but somehow I can not start any example from this tutorial.

Command is: crictl.exe runp --runtime runhcs-wcow-process .\pod-config.yaml Error is:

crictl.exe runp --runtime runhcs-wcow-process .\pod-config.yaml
time="2022-03-18T19:39:38+02:00" level=fatal msg="run pod sandbox: 
rpc error: code = Unknown desc = failed to setup network for sandbox \"7db0b08199861ffc0a68b869990c2ce1e2cee29df2579f9502ec584fbd5d2913\": plugin type=\"nat\" name=\"natContainerD\" failed (add): 
error creating endpoint hcnCreateEndpoint failed in Win32: IP address is either invalid or not part of any configured subnet(s). (0x803b001e) {\"Success\":false,\"Error\":\"IP address is either invalid or not part of any configured subnet(s). \",\"ErrorCode\":2151350302} : 
endpoint config &{ 7db0b08199861ffc0a68b869990c2ce1e2cee29df2579f9502ec584fbd5d2913_natContainerD 6160b2e0-4525-4bbc-b725-135c55fc741b  [] [{ 0}] { [] [] []} [{172.22.208.1 0.0.0.0/0 0}]  0 {2 0}}"

I guess I didn't configured my cni network right (?)

Here are steps what I did to setup network:

$subnet='10.0.0.0/16'
$gateway='10.0.0.1'
New-HnsNetwork -Type NAT -AddressPrefix $subnet -Gateway $gateway -Name "natContainerD"

Please note that I can not create network with name nat because it was already exist (from Docker ?) os I named this one as natContainerD

Then I configure the cni itself (as in tutorial above):

@"
{
    "cniVersion": "0.2.0",
    "name": "nat",
    "type": "nat",
    "master": "Internet",
    "ipam": {
        "subnet": "$subnet",
        "routes": [
            {
                "gateway": "$gateway"
            }
        ]
    },
    "capabilities": {
        "portMappings": true,
        "dns": true
    }
}
"@ | Set-Content "$env:ProgramFiles\containerd\cni\conf\0-containerd-nat.conf" -Force

However, no matter what settings I change in this file, I am still unable to start any containers :(

Any suggestion ?

Alex F
  • 3,180
  • 2
  • 28
  • 40
  • Hi Alex, did you end up get the containers running on `Windows 10` as you originally wanted or did you have to switch to `Windows Server 2019 (LTSC)` or `Windows Server 2022 (LTSC)`. – Frank Liu Nov 25 '22 at 03:34
  • 1
    @FrankLiu I have to switch to Windows that support ContainerD – Alex F Nov 25 '22 at 07:18
  • Which Windows edition did you end up using that supports ContainerD? – Frank Liu Jan 27 '23 at 00:33
  • If you need an engine only for Windows containers, [this](https://github.com/slonopotamus/stevedore) was an easier alternative for me. Just run `winget install stevedore` and restart. Then use `docker run mcr.microsoft.com/windows/nanoserver:ltsc2022` as you would with Docker Desktop installed. – jrbe228 Jun 30 '23 at 00:43

1 Answers1

3

Here are the steps I tried to install containerd on Windows Server 2022.

  1. Install Windows Features

    Add-WindowsFeature Containers,Hyper-V,Hyper-V-Tools,Hyper-V-PowerShell -Restart -IncludeManagementTools

  2. Install containerd 1.6.1

    # Download containerd 1.6.1
curl.exe -LO https://github.com/containerd/containerd/releases/download/v1.6.1/containerd-1.6.1-windows-amd64.tar.gz

tar xvf containerd-1.6.1-windows-amd64.tar.gz
mkdir -force "C:\Program Files\containerd"
mv ./bin/* "C:\Program Files\containerd"
Remove-Item bin

. "C:\Program Files\containerd\containerd.exe" config default | Out-File "C:\Program Files\containerd\config.toml" -Encoding ascii

Add-MpPreference -ExclusionProcess "$Env:ProgramFiles\containerd\containerd.exe"

. "$Env:ProgramFiles\containerd\containerd.exe" --register-service

Start-Service containerd

$env:PATH = "C:\Program Files\containerd;" + $env:PATH

  3. Configure container networking

    mkdir -force "C:\Program Files\containerd\cni\bin"
mkdir -force "C:\Program Files\containerd\cni\conf"

    Download windows-container-networking-cni-amd64-v0.2.0.zip file from microsoft/windows-container-networking

    curl.exe -LO https://github.com/microsoft/windows-container-networking/releases/download/v0.2.0/windows-container-networking-cni-amd64-v0.2.0.zip
Expand-Archive windows-container-networking-cni-amd64-v0.2.0.zip -DestinationPath "C:\Program Files\containerd\cni\bin" -Force
Remove-Item windows-container-networking-cni-amd64-v0.2.0.zip

    You have to download the source code from microsoft/windows-container-networking repo and build your own nat.exe from the source. It because the binary version in the Releases are outdated. It will not working in WS2022. I created an issue here.

    Creating a nat network

    curl.exe -LO https://raw.githubusercontent.com/microsoft/SDN/master/Kubernetes/windows/hns.psm1
Import-Module ./hns.psm1

$subnet="10.0.0.0/16"
$gateway="10.0.0.1"
New-HNSNetwork -Type NAT -AddressPrefix $subnet -Gateway $gateway -Name "nat"

@"
{
    "cniVersion": "0.2.0",
    "name": "nat",
    "type": "nat",
    "master": "Ethernet",
    "ipam": {
        "subnet": "$subnet",
        "routes": [
            {
                "gateway": "$gateway"
            }
        ]
    },
    "capabilities": {
        "portMappings": true,
        "dns": true
    }
}
"@ | Set-Content "C:\Program Files\containerd\cni\conf\0-containerd-nat.conf" -Force

Running a container using ctr

  1. Check Windows version

    cmd /c ver

    Microsoft Windows [Version 10.0.20348.587]

  2. Pull mcr.microsoft.com/windows/nanoserver:ltsc2022 and hello-world images

    ctr.exe image pull mcr.microsoft.com/windows/nanoserver:ltsc2022
ctr.exe image pull registry.hub.docker.com/library/hello-world:nanoserver-ltsc2022

  3. Run containers

    ctr.exe run mcr.microsoft.com/windows/nanoserver:ltsc2022 hello cmd /c echo Hello World
ctr container rm hello

    ctr.exe run --rm registry.hub.docker.com/library/hello-world:nanoserver-ltsc2022 hello-world

    ctr run --cni --rm mcr.microsoft.com/windows/nanoserver:ltsc2022 test curl.exe -s https://ifconfig.co/

Running a Pod and Container using crictl

  1. Install crictl tool

    curl.exe -LO https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.23.0/crictl-v1.23.0-windows-amd64.tar.gz
tar xvf crictl-v1.23.0-windows-amd64.tar.gz
mv crictl.exe "C:\Program Files\containerd"

  2. Configure crictl config

    mkdir -Force "$home\.crictl"

@"
runtime-endpoint: npipe://./pipe/containerd-containerd
image-endpoint: npipe://./pipe/containerd-containerd
timeout: 10
#debug: true
"@ | Set-Content "$home\.crictl\crictl.yaml" -Force

crictl.exe info

  3. Pull Pause container image (k8s.gcr.io/pause:3.6)

    crictl pull k8s.gcr.io/pause:3.6

  4. Creating a sandbox / Pod

    @"
{
    "metadata": {
        "name": "hello-world-sandbox",
        "namespace": "default",
        "attempt": 1,
        "uid": "hdishd83djaidwnduwk28bcsb"
    },
    "log_directory": "/tmp"
}
"@ | Set-Content "pod-config.json" -Force

mkdir C:\tmp

$POD_ID=(crictl runp .\pod-config.json)

  5. Creating a container

    @"
{
  "metadata": {
      "name": "hello-world:nanoserver-ltsc2022"
  },
  "image":{
      "image": "hello-world:nanoserver-ltsc2022"
  },
  "log_path":"hello-world.0.log"
}
"@ | Set-Content "container-config.json" -Force

$CONTAINER_ID=(crictl create $POD_ID .\container-config.json .\pod-config.json)

  6. Start container

    crictl start $CONTAINER_ID

  7. Check logs in that container

    crictl logs $CONTAINER_ID

    Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (windows-amd64, nanoserver-ltsc2022)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run a Windows Server container with:
 PS C:\> docker run -it mcr.microsoft.com/windows/servercore:ltsc2022 powershell

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

  8. Checking Pods and Containers

    crictl pods
crictl ps -a

  9. Delete Container and Pod

    crictl rm $CONTAINER_ID
crictl stopp $POD_ID
crictl rmp $POD_ID
Will Huang
  • 2,955
  • 2
  • 37
  • 90
  • Yes - there's a difference in downloaded version of `nat.exe` from `microsoft/windows-container-networking` and compiled one (about 5 Mg difference) but container could not be started with `ctr.exe`. Error is: `ctr: no match for platform in manifest sha256:fbb9fae2b9d6477ba105f2faa805db850c90292c84b080d63acbf21cc95b4b39: not found` – Alex F Mar 29 '22 at 08:49
  • 1
    @AlexF I think you have to use Windows Server 2019 (LTSC) or Windows Server 2022 (LTSC) to try this. Windows 10 21H1 is not supported. – Will Huang Mar 29 '22 at 18:28
  • Is there any option to run those commands (`ctr.exe` and `crictl`) as a regular user ?. It works only if I start them as administrator :( – Alex F Mar 30 '22 at 07:41
  • for me windows-server 2019 most power-shell commands are not working, although i use 64bit version of powershell with admin-rights. Additionally while setting up HNS Network the vmcompute.dll could not be found. – Nikolai Ehrhardt Mar 30 '22 at 18:16
  • @NikolaiEhrhardt make sure that you run the very first paragraph: `Add-WindowsFeature Containers,Hyper-V,Hyper-V-Tools,Hyper-V-PowerShell -Restart -IncludeManagementTools`. It seems that you missing HyperV tools – Alex F Mar 31 '22 at 06:56
  • Add-Windows Commandset is not recognized, nor 64bit powershell nor 32bit... I enabled container with Server-manager tool, hyper-V too. – Nikolai Ehrhardt Apr 01 '22 at 09:59
  • @NikolaiEhrhardt It's `Add-WindowsFeature`, but `Add-Windows`. – Will Huang Apr 01 '22 at 14:35
  • I did no mistake there, its not recognized. – Nikolai Ehrhardt Apr 02 '22 at 17:28