k8s 1.22版本更換容器執行時,把 docker 替換成 Containerd
阿新 • • 發佈:2022-03-06
詳解:
1、k8s 版本1.22以後會棄用 docker,但是也可以用。但最好還是替換成解決方案中的。
2、Containerd 是一個行業標準的容器執行時,強調簡單性、健壯性和可移植性。
3、Kubernetes 通過 CRI 介面的形式將 Containerd 用作 Kubernetes 叢集的容器執行時。
架構圖
一、部署 containerd
1、建立配置檔案
[root@master1 ~]# cat /etc/modules-load.d/containerd.conf
overlay
br_netfilter
2、建立完配置檔案執行以下命令
modprobe overlay modprobe br_netfilter
3、立即生效
sysctl --system
4、下載 docker-ce 源
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
或者
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
5、安裝 containerd 服務並加入開機啟動
yum install -y containerd.io
systemctl enable containerd && systemctl start containerd
二、配置 containerd
1、建立路徑
mkdir -p /etc/containerd
2、獲取預設配置檔案
containerd config default | sudo tee /etc/containerd/config.toml
3、修改配置檔案,新增 "SystemdCgroup = true",使用 systemd 作為 cgroup 驅動程式
[root@master1 ~]# cat /etc/containerd/config.toml version = 2 root = "/var/lib/containerd" state = "/run/containerd" plugin_dir = "" disabled_plugins = [] required_plugins = [] oom_score = 0 [grpc] address = "/run/containerd/containerd.sock" tcp_address = "" tcp_tls_cert = "" tcp_tls_key = "" uid = 0 gid = 0 max_recv_message_size = 16777216 max_send_message_size = 16777216 [ttrpc] address = "" uid = 0 gid = 0 [debug] address = "" uid = 0 gid = 0 level = "" [metrics] address = "" grpc_histogram = false [cgroup] path = "" [timeouts] "io.containerd.timeout.shim.cleanup" = "5s" "io.containerd.timeout.shim.load" = "5s" "io.containerd.timeout.shim.shutdown" = "3s" "io.containerd.timeout.task.state" = "2s" [plugins] [plugins."io.containerd.gc.v1.scheduler"] pause_threshold = 0.02 deletion_threshold = 0 mutation_threshold = 100 schedule_delay = "0s" startup_delay = "100ms" [plugins."io.containerd.grpc.v1.cri"] disable_tcp_service = true stream_server_address = "127.0.0.1" stream_server_port = "0" stream_idle_timeout = "4h0m0s" enable_selinux = false selinux_category_range = 1024 sandbox_image = "k8s.gcr.io/pause:3.2" stats_collect_period = 10 systemd_cgroup = false enable_tls_streaming = false max_container_log_line_size = 16384 disable_cgroup = false disable_apparmor = false restrict_oom_score_adj = false max_concurrent_downloads = 3 disable_proc_mount = false unset_seccomp_profile = "" tolerate_missing_hugetlb_controller = true disable_hugetlb_controller = true ignore_image_defined_volumes = false [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" default_runtime_name = "runc" no_pivot = false disable_snapshot_annotations = true discard_unpacked_layers = false [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true ## 增加這個一行 [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" max_conf_num = 1 conf_template = "" [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] [plugins."io.containerd.grpc.v1.cri".image_decryption] key_model = "" [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] tls_cert_file = "" tls_key_file = "" [plugins."io.containerd.internal.v1.opt"] path = "/opt/containerd" [plugins."io.containerd.internal.v1.restart"] interval = "10s" [plugins."io.containerd.metadata.v1.bolt"] content_sharing_policy = "shared" [plugins."io.containerd.monitor.v1.cgroups"] no_prometheus = false [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "runc" runtime_root = "" no_shim = false shim_debug = false [plugins."io.containerd.runtime.v2.task"] platforms = ["linux/amd64"] [plugins."io.containerd.service.v1.diff-service"] default = ["walking"] [plugins."io.containerd.snapshotter.v1.devmapper"] root_path = "" pool_name = "" base_image_size = "" async_remove = false
4、重啟 containerd
systemctl restart containerd
5、檢視 containerd 執行狀態(以下狀態視為正常)
[root@master1 ~]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-03-06 08:09:00 CST; 1h 43min ago
Docs: https://containerd.io
Process: 931 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 941 (containerd)
Tasks: 11
Memory: 61.4M
CGroup: /system.slice/containerd.service
└─941 /usr/bin/containerd
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.887356305+08:00" level=info msg="Start recovering state"
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.887756475+08:00" level=info msg="loading plugin \"io.containerd.grpc.v1.introspection\"..." type=io.containerd.grpc.v1
Mar 06 08:09:00 master1 systemd[1]: Started containerd container runtime.
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.890318315+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.890398891+08:00" level=info msg=serving... address=/run/containerd/containerd.sock
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.892060037+08:00" level=info msg="containerd successfully booted in 0.074829s"
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.977695574+08:00" level=info msg="Start event monitor"
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.977773239+08:00" level=info msg="Start snapshots syncer"
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.977799738+08:00" level=info msg="Start cni network conf syncer"
Mar 06 08:09:00 master1 containerd[941]: time="2022-03-06T08:09:00.977808051+08:00" level=info msg="Start streaming server"
5、更改端點
[root@master1 ~]# cat /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
6、修改 k8s kubeadm-config.yaml 檔案
[root@master1 ~]# cat kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.200.3 # 本機IP
bindPort: 6443
nodeRegistration:
criSocket: /run/containerd/containerd.sock # 此處千萬不要忘記修改,如果不修改等於沒有替換。(此處已經更改完了)
name: master1 # 本主機名
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: "192.168.200.16:16443" # 虛擬IP和haproxy埠
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 映象倉庫源要根據自己實際情況修改
kind: ClusterConfiguration
kubernetesVersion: v1.22.0 # k8s版本
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"
serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs