一、Containerd简介
containerd 实现了 kubernetes 的 Container Runtime Interface (CRI) 接口,提供容器运行时核心功能,如镜像管理、容器管理等,相比 dockerd 更加简单、健壮和可移植。
而且由于kubernetes官方社区在发布的v1.20版本中声明将弃用 Dockershim,即 Docker 容器运行时接口(CRI),这意味着不再支持 Docker,并将在后续版本中删除。
二、Containerd部署
1、下载分发二进制文件
- 所需组件下载地址:下载最新的二进制包
- 如果下载太慢,那么下载到本地电脑然后上传至服务器
|
|
[root@k8s-master1 ~]# mkdir -p /opt/k8s/work/
|
|
|
[root@k8s-master1 ~]# cd /opt/k8s/work/
|
|
|
[root@k8s-master1 work]# wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.19.0/crictl-v1.19.0-linux-amd64.tar.gz \
|
|
|
https://github.com/opencontainers/runc/releases/download/v1.0.0-rc92/runc.amd64 \
|
|
|
https://github.com/containernetworking/plugins/releases/download/v0.9.0/cni-plugins-linux-amd64-v0.9.0.tgz \
|
|
|
https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz
|
|
|
|
|
|
[root@k8s-master1 work]# mkdir containerd
|
|
|
[root@k8s-master1 work]# tar -xvf containerd-1.4.3-linux-amd64.tar.gz -C containerd
|
|
|
[root@k8s-master1 work]# tar -xvf crictl-v1.19.0-linux-amd64.tar.gz
|
|
|
|
|
|
[root@k8s-master1 work]# mkdir cni-plugins
|
|
|
[root@k8s-master1 work]# tar -xvf cni-plugins-linux-amd64-v0.9.0.tgz -C cni-plugins
|
|
|
[root@k8s-master1 work]# mv runc.amd64 runc
|
2、分发二进制程序
- 将程序包分发给
Worker节点 NODE_IPS变量可以在profile中定义worker节点的IP地址数组
|
|
[root@k8s-master1 work]# for node_ip in ${NODE_IPS[@]}
|
|
|
do
|
|
|
echo ">>> ${node_ip}"
|
|
|
|
|
|
ssh root@${node_ip} "mkdir -p /opt/k8s/bin"
|
|
|
scp containerd/bin/* crictl cni-plugins/* runc root@${node_ip}:/opt/k8s/bin
|
|
|
ssh root@${node_ip} "chmod a+x /opt/k8s/bin/* && mkdir -p /etc/cni/net.d"
|
|
|
done
|
3、创建和分发 containerd 配置文件
|
|
[]
|
|
|
version = 2
|
|
|
root = "/data/k8s/containerd/root"
|
|
|
state = "/data/k8s/containerd/state"
|
|
|
|
|
|
[]
|
|
|
[]
|
|
|
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/hu279318344/pause-amd64:3.1"
|
|
|
[]
|
|
|
bin_dir = "/opt/k8s/bin"
|
|
|
conf_dir = "/etc/cni/net.d"
|
|
|
[]
|
|
|
shim = "containerd-shim"
|
|
|
runtime = "runc"
|
|
|
runtime_root = ""
|
|
|
no_shim = false
|
|
|
shim_debug = false
|
|
|
EOF
|
- 分发配置文件至集群各个
worker节点 NODE_IPS变量我是在/etc/profile中定义的各个Worker节点IP数组CONTAINERD_DIR同样也是在/etc/profile中定义的,这里我定义的路径为/data/k8s/containerd
|
|
[root@k8s-master1 work]# for node_ip in ${NODE_IPS[@]}
|
|
|
do
|
|
|
echo ">>> ${node_ip}"
|
|
|
ssh root@${node_ip} "mkdir -p /etc/containerd/ ${CONTAINERD_DIR}/{root,state}"
|
|
|
scp containerd-config.toml root@${node_ip}:/etc/containerd/config.toml
|
|
|
done
|
4、创建 containerd systemd模板文件
|
|
[root@k8s-master1 work]# cat <<EOF | sudo tee containerd.service
|
|
|
[Unit]
|
|
|
Description=containerd container runtime
|
|
|
Documentation=https://containerd.io
|
|
|
After=network.target
|
|
|
|
|
|
[Service]
|
|
|
Environment="PATH=/opt/k8s/bin:/bin:/sbin:/usr/bin:/usr/sbin"
|
|
|
ExecStartPre=/sbin/modprobe overlay
|
|
|
ExecStart=/opt/k8s/bin/containerd
|
|
|
Restart=always
|
|
|
RestartSec=5
|
|
|
Delegate=yes
|
|
|
KillMode=process
|
|
|
OOMScoreAdjust=-999
|
|
|
LimitNOFILE=1048576
|
|
|
LimitNPROC=infinity
|
|
|
LimitCORE=infinity
|
|
|
|
|
|
[Install]
|
|
|
WantedBy=multi-user.target
|
|
|
EOF
|
5、分发 systemd文件并启动服务
|
|
[root@k8s-master1 work]# for node_ip in ${NODE_IPS[@]}
|
|
|
do
|
|
|
echo ">>> ${node_ip}"
|
|
|
scp containerd.service root@${node_ip}:/etc/systemd/system
|
|
|
ssh root@${node_ip} "systemctl enable containerd && systemctl restart containerd"
|
|
|
done
|
三、部署crictl命令行工具
crictl 是兼容 CRI 容器运行时的命令行工具,提供类似于 docker 文章来源(Source):浅时光博客命令的功能。具体参考官方文档。
1、创建和分发 cric文章来源(Source):https://www.dqzboy.comtl原文链接:https://www.dqzboy.com 配置文件
|
|
[root@k8s-master1 work]# cat << EOF | sudo tee crictl.yaml
|
|
|
runtime-endpoint: unix:///run/containerd/containerd.sock
|
|
|
image-endpoint: unix:///run/containerd/containerd.sock
|
|
|
timeout: 10
|
|
|
debug: false
|
|
|
EOF
|
- 分发到所有 worker 节点:
|
|
[root@k8s-master1 work]# for node_ip in ${NODE_IPS[@]}
|
|
|
do
|
|
|
echo ">>> ${node_ip}"
|
|
|
scp crictl.yaml root@${node_ip}:/etc/crictl.yaml
|
|
|
done
|
2、crictl命令使用
| Containerd命令 | Docker命令 | 功能 |
| crictl image ls | docker images | 获取image信息 |
| crictl image pull nginx | docker pull nginx | pull 一个nginx的image |
| crictl image tag nginx nginx-test | docker tag nginx nginx-test | 给一个nginx的image添加tag |
| crictl image push nginx-test | docker push nginx-test | push nginx-test的image |
| crictl image pull nginx | docker pull nginx | pull 一个nginx的image |
| crictl image import nginx.tar | docker load<nginx.tar.gz | 导入本地镜像ctr不支持压缩 |
| crictl run -d –env dqzboy nginx-tes原文链接:https://www.dqzboy.comt nginx | docker run -d –name=nginx nginx-tes原文链接:https://www.dqzboy.comt | 运行的一个容器 |
| crictl ps | docker ps | 查看运行的容器 |
评论(0)