• K8s核心代码优化
• Docker内部调用链比较复杂,多层封装和调用,导致性能降低、提升故障率、不易排查
• Docker还会在宿主机创建网络规则、存储卷,也带来了安全隐患
故而可以使用cri-docker继续使用docker,或者使用别的容器运行时。
例如:
• containerd:containerd与Docker相兼容,相比Docker轻量很多,目前较为成熟
• cri-o,podman:都是红帽(RedHat)项目,目前红帽主推podman
Containerd容器运行时部署步骤如下:
1、准备配置
2、安装Containerd
cat > /etc/sysctl.d/99-kubernetes-cri.conf << EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -system
cd /etc/yum.repos.d
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y containerd.io
3、修改配置文件
• 设置pause镜像地址为阿里云镜像仓库地址
• 配置镜像下载加速器
4、配置kubelet使用containerd
containerd config default > /etc/containerd/config.toml
vi /etc/containerd/config.toml
...
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2"#修改此处镜像地址
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://b9pmyelo.mirror.aliyuncs.com"]
#在vim命令行模式下搜索mirrors,在此处下一行添加以上三行
systemctl restart containerd
vi /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--container-runtimeendpoint=
unix:///run/containerd/containerd.sock --pod-infracontainerimage=
registry.aliyuncs.com/google_containers/pause:3.9"
systemctl restart kubelet
kubectl get node -o wide
使用crictl工具检查和调试容器:
安装方法:
VERSION="v1.30.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz
crictl version
