containerd简介和安装
使用Containerd理由
- kubernetes在1.24版本及以后版本不再默认采用Docker,而建议采用Containerd
- Containerd比Docker更加轻量级,在生产环境中使用更合适
apt/yum安装
ubuntu在线仓库版本不是最新,可以使用github仓库中的新版本,使用二进制方式部署
root@k8s-containerd:/opt/soft/containerd# apt-cache madison containerd
containerd | 1.5.9-0ubuntu1~20.04.4 | https://mirrors.aliyun.com/ubuntu focal-updates/main amd64 Packages
containerd | 1.5.9-0ubuntu1~20.04.4 | https://mirrors.aliyun.com/ubuntu focal-security/main amd64 Packages
containerd | 1.3.3-0ubuntu2 | https://mirrors.aliyun.com/ubuntu focal/main amd64 Packages二进制安装
安装containerd
Github链接地址:https://github.com/containerd/containerd/releases
root@k8s-containerd:/opt/soft/containerd# ll
total 43404
drwxr-xr-x 2 root root 4096 Jul 20 08:19 ./
drwxr-xr-x 3 root root 4096 Jul 20 08:08 ../
-rw-r--r-- 1 root root 44435977 Jul 20 08:19 containerd-1.6.6-linux-amd64.tar.gz
#解压软件包
root@k8s-containerd:/opt/soft/containerd# tar xvf containerd-1.6.6-linux-amd64.tar.gz
root@k8s-containerd:/opt/soft/containerd/bin# ll
total 138800
drwxr-xr-x 2 root root 4096 Jun 6 17:34 ./
drwxr-xr-x 3 root root 4096 Jul 20 08:20 ../
-rwxr-xr-x 1 root root 59592416 Jun 6 17:34 containerd*
-rwxr-xr-x 1 root root 7389184 Jun 6 17:34 containerd-shim*
-rwxr-xr-x 1 root root 9555968 Jun 6 17:34 containerd-shim-runc-v1*
-rwxr-xr-x 1 root root 9580544 Jun 6 17:34 containerd-shim-runc-v2*
-rwxr-xr-x 1 root root 25735456 Jun 6 17:34 containerd-stress*
-rwxr-xr-x 1 root root 30265088 Jun 6 17:34 ctr*
#放入系统默认命令路径下
root@k8s-containerd:/opt/soft/containerd/bin# cp * /usr/local/bin/
# 生成配置文件并修改
root@k8s-containerd:/opt/soft/containerd/bin# mkdir /etc/containerd
root@k8s-containerd:/opt/soft/containerd/bin# containerd config default > /etc/containerd/config.toml
#配置镜像加速
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://dxc7f1d6.mirror.aliyuncs.com"]
...
#创建containerd systemd service启动管理文件
root@k8s-containerd:/opt/soft/containerd# vim /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd #改为自己的路径
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
#启动containerd
root@k8s-containerd:/opt/soft/containerd# systemctl start containerd
root@k8s-containerd:/opt/soft/containerd# systemctl enable containerd安装runc
#下载软件包
root@k8s-containerd:/opt/soft/runc# wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64
#加上可执行权限并放入bin目录
root@k8s-containerd:/opt/soft/runc# chmod +x runc.amd64
root@k8s-containerd:/opt/soft/runc# cp runc.amd64 /usr/bin/runc
root@k8s-containerd:/opt/soft/runc# runc --version
runc version 1.1.3
commit: v1.1.3-0-g6724737f
spec: 1.0.2-dev
go: go1.17.10
libseccomp: 2.5.4验证使用containerd
containerd是使用ctrl命令在服务器上创建、管理和使用容器。
#拉取镜像 与docker区别在于拉取官方镜像必须指定镜像的完整名称包括镜像仓库地址
root@k8s-containerd:/opt/soft/runc# ctr images pull docker.io/library/nginx:latest
docker.io/library/nginx:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:1761fb5661e4d77e107427d8012ad3a5955007d997e0f4a3d41acc9ff20467c7: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:186c79dc14ab93e43d315143ee4b0774506dc4fd952388c20e35d3d37058ab8d: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ebcc2cc821e6dc8618597201594d3019d94747655fe5fd454d95ea25b575a7c4: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:670dcc86b69df89a9d5a9e1a7ae5b8f67619c1c74e19de8a35f57d6c06505fd4: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:461246efe0a75316d99afdbf348f7063b57b0caeee8daab775f1f08152ea36f4: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:060bfa6be22e53299ac39d7ab8bba5670d626708075dfa6b42275549536d0052: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b34d5ba6fa9efae832fc4ead1d1af29f1c0fb5bdd47b66efaa41e4f7ba24abe0: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:8128ac56c745643de7d7838b8aac5bbb559b57dbae37a14c9e61bc029c408a75: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:44d36245a8c912579577e3b127a9cafccb1982554aab29854df4d7137777727d: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 24.4s total: 54.1 M (2.2 MiB/s)
unpacking linux/amd64 sha256:1761fb5661e4d77e107427d8012ad3a5955007d997e0f4a3d41acc9ff20467c7...
done: 4.189351492s
#查看本地的镜像
root@k8s-containerd:/opt/soft/runc# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:1761fb5661e4d77e107427d8012ad3a5955007d997e0f4a3d41acc9ff20467c7 54.1 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -安装container客户端工具
客户端工具有两种,分别是crictl和nerdctl
推荐使用nerdctl,使用效果与docker命令的语法一致
#解压
root@k8s-containerd:/opt/soft/nerdctl# tar zxvf nerdctl-0.22.0-linux-amd64.tar.gz
nerdctl
containerd-rootless-setuptool.sh
containerd-rootless.sh
#拷贝到bin目录下
root@k8s-containerd:/opt/soft/nerdctl# cp nerdctl /usr/local/bin/
root@k8s-containerd:~# nerdctl --version
nerdctl version 0.22.0安装cni网络插件
Github下载地址:https://github.com/containernetworking/plugins/releases
#下载软件包
root@k8s-containerd:/opt/soft/cni# wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
#创建存放网络插件目录,必须为此目录,执行容器网络指令的时候默认会来这里找插件,不可改动为别的目录
root@k8s-containerd:/opt/soft/cni# mkdir -p /opt/cni/bin
root@k8s-containerd:/opt/soft/cni# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/运行一个容器
#创建容器
root@k8s-containerd:/opt/soft/cni# tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
root@k8s-containerd:/opt/soft/cni#
root@k8s-containerd:/opt/soft/cni# nerdctl run -d -p 80:80 --name=nginx-test --restart=always nginx:latest
9f0daf909397b7774bb1f35b5ba1851ab125cf6f3b828cf9c04d9f6aebae8ed3
#查看
root@k8s-containerd:/opt/soft/cni# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f0daf909397 docker.io/library/nginx:latest "/docker-entrypoint.…" 36 seconds ago Up 0.0.0.0:80->80/tcp nginx-test
#测试访问
root@k8s-containerd:~# curl http://10.0.0.102:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
...Kubernetes v1.24 基于containerd部署
本次只为使用docker以外的CRI来部署Kubernetes,所以选择采用单机部署的方式。
配置containerd
修改k8s的镜像初始化pause底层网络镜像的下载地址,默认为谷歌官方地址,修改为国内地址。
#在刚才部署的containerd原有基础上修改
root@k8s-containerd:~# vim /etc/containerd/config.toml
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"
#重启生效
root@k8s-containerd:~# systemctl restart containerd加载模块修改内核参数
root@k8s-containerd:~# modprobe br_netfilter
root@k8s-containerd:~# modprobe ip_vs
root@k8s-containerd:~# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward= 1
#关闭swap分区,kubernets不支持swap分区
root@k8s-containerd:~# swapoff -a安装kubeadm环境
本次使用阿里云作为镜像仓库。
root@k8s-containerd:~# apt-get update && apt-get install -y apt-transport-https
root@k8s-containerd:~# curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
root@k8s-containerd:~# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
> deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
> EOF
root@k8s-containerd:~# apt-get update
root@k8s-containerd:~# apt-cache madison kubeadm
kubeadm | 1.24.3-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
...
#直接安装最新版本1.24.3
root@k8s-containerd:~# apt install kubeadm=1.24.3-00 kubectl=1.24.3-00 kubelet=1.24.3-00 -y
#查看初始化所需要的镜像,建议提前下载好,防止初始化时超时。
root@k8s-containerd:~# kubeadm config images list --kubernetes-version v1.24.3
k8s.gcr.io/kube-apiserver:v1.24.3
k8s.gcr.io/kube-controller-manager:v1.24.3
k8s.gcr.io/kube-scheduler:v1.24.3
k8s.gcr.io/kube-proxy:v1.24.3
k8s.gcr.io/pause:3.7
k8s.gcr.io/etcd:3.5.3-0
k8s.gcr.io/coredns/coredns:v1.8.6初始化
root@k8s-containerd:~# kubeadm init --apiserver-advertise-address=10.0.0.102 \
> --apiserver-bind-port=6443 \
> --kubernetes-version=v1.24.3 \
> --pod-network-cidr=10.100.0.0/16 \
> --service-cidr=10.200.0.0/16 \
> --service-dns-domain=cluster.local \
> --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
> --ignore-preflight-errors=swap
...
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.0.102:6443 --token g05uz8.8l34xiublgywo5b4 \
--discovery-token-ca-cert-hash sha256:69e51b8e4d15deac5888d32ea346ca07202d55fb67cb5779c7cf87a77d6b0cef设置kubectl默认访问的api
kubectl默认使用~/.kube/config文件中凭据信息管理kubernetes。
root@k8s-containerd:~# mkdir -p $HOME/.kube
root@k8s-containerd:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@k8s-containerd:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config
root@k8s-containerd:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-containerd NotReady control-plane 2m31s v1.24.3查看CRI是否是containerd.
root@k8s-containerd:~# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-containerd Ready control-plane 13m v1.24.3 10.0.0.102 <none> Ubuntu 20.04.4 LTS 5.4.0-117-generic containerd://1.6.6之后可以根据自己的需要部署网络插件。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
