kubernetes 体系
一、规范
Open Container Initiative (OCI)
为容器格式、运行时、分发制定标准:image-spec、runtime-spec、distribution-spec
实现:runc(libcontainer)、lxc、gVisor、kata-containers,负责与内核交互,创建和管理容器运行时的内核级别资源,如 cgroups、namespaces 等。但无法直接管理镜像。
Container Runtime Interface (CRI)
https://github.com/kubernetes/cri-api
https://kubernetes.io/zh-cn/docs/concepts/architecture/cri & https://kubernetes.io/zh-cn/docs/concepts/overview/components/#container-runtime
实现:cri-o(专为 K8s 设计,遵循 CRI 标准,直接与 kubelet 集成,仅实现 K8s 所需的容器运行时功能)、cri-dockerd(dockershim)、cri-containerd、Podman(libpod)
Container Network Interface (CNI)
Container Storage Interface (CSI)
https://kubernetes-csi.github.io
POD
https://kubernetes.io/zh-cn/docs/concepts/containers/runtime-class
kube-apiserver -> Kubelet ->(CRI)cri-dockerd->docker->containerd->containerd-shim->(OCI)runc->kernel(Namespace/Cgroups/Capability)
kube-apiserver -> Kubelet ->(CRI)cri-containerd->containerd-shim->(OCI)runc->kernel(Namespace/Cgroups/Capability)
kube-apiserver -> Kubelet ->(CRI)cri-o->(OCI)runc->kernel(Namespace/Cgroups/Capability)
二、Containerd
安装:https://github.com/containerd/containerd/blob/main/docs/getting-started.md
sudo apt install -y containerd.io # sudo systemctl enable containerd --now sudo systemctl start containerd containerd -v
配置镜像源:https://github.com/containerd/containerd/blob/main/docs/cri/registry.md & https://github.com/containerd/containerd/blob/main/docs/cri/config.md
sudo vim /etc/containerd/config.toml [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://bqr1dr1n.mirror.aliyuncs.com"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"] endpoint = ["https://registry.aliyuncs.com/k8sxio"] sudo service containerd restart
root 和 state 配置项:https://github.com/containerd/containerd/blob/main/docs/ops.md
使用:https://www.mankier.com/8/ctr & https://linuxcommandlibrary.com/man/ctr
# 查看插件,ctr 相当于核心组件,通过加载其它插件的方式来支持各种操作 sudo ctr plugins ls # 例如使用 content 插件 sudo ctr content help # namespaces,Docker 中默认使用 moby,Kubernetes 中默认使用 k8s.io sudo ctr namespaces list # images sudo ctr images pull docker.io/library/mysql:latest # 会创建 test namespace,不指定默认使用 default namespace sudo ctr -n test images pull docker.io/library/hello-world:latest # containers sudo mkdir /opt/mysql sudo ctr containers create \ --net-host \ --env MYSQL_ROOT_PASSWORD=root --env MYSQL_ROOT_HOST=% --env TZ=Asia/Shanghai \ --mount type=bind,src=/opt/mysql,dst=/var/lib/mysql,options=rbind:rw \ docker.io/library/mysql:latest mysql sudo ctr containers rm mysql # tasks,运行 container sudo ctr task start -d --null-io --log-uri file:///var/log/mysql.log mysql sudo ctr task exec --exec-id 0 -t mysql bash sudo ctr task kill mysql && sudo ctr task rm -f mysql # ctr run 是 ctr container create + ctr task start sudo mkdir /opt/mysql sudo ctr task rm -f mysql && sudo ctr containers rm mysql sudo ctr run --net-host -d --null-io \ --log-uri file:///var/log/mysql.log \ --env MYSQL_ROOT_PASSWORD=root --env MYSQL_ROOT_HOST=% --env TZ=Asia/Shanghai \ --mount type=bind,src=/opt/mysql,dst=/var/lib/mysql,options=rbind:rw \ docker.io/library/mysql:latest mysql
crictl:https://github.com/kubernetes-sigs/cri-tools
nerdctl:https://github.com/containerd/nerdctl 可以简化 ctr 命令,支持 pod 和 docker-compose 相关操作
开发环境调试:Nocalhost、Kt Connect
https://kubernetes.io/zh-cn/docs/concepts/extend-kubernetes/operator/ & https://operatorhub.io
https://kubernetes.io/zh-cn/docs/concepts/architecture
https://kubernetes.io/zh-cn/docs/concepts/overview/components
https://www.redhat.com/zh/topics/containers/kubernetes-architecture
https://icloudnative.io/posts/getting-started-with-containerd
https://zhuanlan.zhihu.com/p/438352784
https://zhuanlan.zhihu.com/p/662550093
https://zhuanlan.zhihu.com/p/494640950
https://zhuanlan.zhihu.com/p/520060263
浙公网安备 33010602011771号