yum安装Containerd、crictl工具
1)安装containerd
转发 IPv4 并让 iptables 看到桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system请确保 firewalld、SELinux、swap已经全部关闭和禁用切换成root
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
#关闭swap分区
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#安装containerd
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install containerd查看版本:
#查看版本
$ containerd -v
containerd.io.x86_64 1.6.8-3.1.el7 @docker-ce-stable2)修改配置
参考位置:https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#containerd-systemd
写入默认配置到config.toml文件
containerd config default > /etc/containerd/config.toml然后修改配置文件
#修改拉取的镜像,注意不要修改pasue版本,只修改镜像仓库位置即可
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6"
#改成你的docker加速器地址
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://ke9h1pt4.mirror.aliyuncs.com"]
# 修改SystemdCgroup为true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true3)启动
systemctl daemon-reload && systemctl start containerd
systemctl enable containerd
systemctl status containerd4)安装相关工具
ctr工具。containerd有个简易的类似runC客户端的工具。一般我们使用的是k8s社区为我们提供的crictl(很多命令类似docker)https://github.com/kubernetes-sigs/cri-tools
后面我们打算装的是k8s 1.20 因此这几句话都要执行:
1、VERSION="v1.20.0"
2、下载
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz3、 解压
tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin4、删除安装包
rm -f crictl-$VERSION-linux-amd64.tar.gz 5、验证
$ crictl version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: 1.6.8
RuntimeApiVersion: v1alpha2配置:
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
EOF
安装kubernetes
#添加kubernetes yum源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 刷新缓存
yum makecache yum -y install kubelet-1.20.2 kubeadm-1.20.2 kubectl-1.20.2
rpm -aq kubelet kubectl kubeadm
# 允许数据包转发
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
# 设置kubelet为开机启动
systemctl enable kubelet --nowcat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS=--cgroup-driver=systemd
EOF初始化集群
kubeadm init --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version=1.20.2 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--cri-socket=unix:///run/containerd/containerd.sock安装flannel
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.ymlctr和critl
参考链接:https://github.com/containerd/containerd/blob/main/docs/getting-started.md#interacting-with-containerd-via-cli
containerd 相比于docker , 多了namespace概念, 每个image和container 都会在各自的namespace下可见, 目前k8s会使用k8s.io 作为命名空间 所以ctr 要查询images 要执行 ctr -n 命名空间 image list,如:
ctr -n k8s.io images listcrictl的基本使用:
查看镜像:
$ crictl image list
IMAGE TAG IMAGE ID SIZE
docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin v1.1.0 fcecffc7ad4af 3.82MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns 1.7.0 bfe3a36ebd252 14MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.4.13-0 0369cf4303ffd 86.7MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.20.2 a8c2fdb8bf76e 30.4MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.20.2 a27166429d98e 29.4MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.20.2 43154ddb57a83 49.5MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.20.2 ed2c44fbdd78b 14MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5de 300kB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.6 6270bb605e12e 302kB查看进程:
$ crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
5294ffbd1cfc6 bfe3a36ebd252 2 minutes ago Running coredns 0 d612bf7a7376f
be709ea22e458 bfe3a36ebd252 2 minutes ago Running coredns 0 78e3f1a83d7e3
9ba8eb7ce7e39 8b675dda11bb1 2 minutes ago Running kube-flannel 0 17e03ca65147d
2a92953322869 43154ddb57a83 11 minutes ago Running kube-proxy 0 30c1b96d429c8
92750f502977a a27166429d98e 12 minutes ago Running kube-controller-manager 0 0ade70ae61339
91a4370b3bcfc 0369cf4303ffd 12 minutes ago Running etcd 0 c6840aabaac60
74799c44a5beb ed2c44fbdd78b 12 minutes ago Running kube-scheduler 0 5b971aed96f05
ea549a6126f5f a8c2fdb8bf76e 12 minutes ago Running kube-apiserver 0 ee5d90efe7c64更多crictl命令的使用,见:https://kubernetes.io/zh-cn/docs/tasks/debug/debug-cluster/crictl/
