containerd
安装containerd
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd
# (Install containerd)
## Set up the repository
### Install required packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
## Add docker repository
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
## Install containerd
sudo yum install -y containerd.io
## Configure containerd
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml
# Restart containerd
sudo systemctl restart containerd
crictl 配置
# /etc/crictl.yaml
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
修改sandbox镜像
在配置文件中指定:
# /etc/containerd/config.toml
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "k8s.gcr.io/pause:3.2"
修改registry地址
在配置文件中指定:
# /etc/containerd/config.toml
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
containerd的配置文件格式有多种版本,注意配置文件格式的兼容性。
containerd 配置代理
containerd 配置镜像拉取代理可以在systemd脚本中配置环境变量,直接HTTP_PROXY是没有办法生效的:
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
[Service]
Environment="HTTP_PROXY=http://10.0.0.1:8888"
Environment="HTTPS_PROXY=http://10.0.0.1:8888"
Environment="NO_PROXY=10.*.*.*,172.*.*.*,*.local,localhost,127.0.0.1"
ExecStartPre=/sbin/modprobe overlay
ExecStart=/bin/containerd
Restart=always
RestartSec=5
Delegate=yes
KillMode=process
OOMScoreAdjust=-999
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
[Install]
WantedBy=multi-user.target
安装kubeadm、kubectl、kubelet
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# Set SELinux in permissive mode (effectively disabling it)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# install dependencies
sudo yum install socat libnetfilter_cthelper libnetfilter_queue libnetfilter_cttimeout conntrack-tools
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
部署集群
验证images pull连通性
kubeadm config images pull --cri-socket /run/containerd/containerd.sock --v=5
初始化第一个节点
kubeadm init \
--cri-socket /var/run/containerd/containerd.sock \
--control-plane-endpoint test.node \
--pod-network-cidr 172.16.0.0/16 \
--service-cidr 192.168.0.0/16 \
--skip-phases=addon
addon phases 中配置了 kube-proxy 和 coredns,如果不需要,可以用–skip-phases跳过。
初始化完后可以使用kubeadm返回的结果来初始化其它节点。
加入其它控制面节点
使用初始化第一个节点返回的结果来初始化其它的节点:
kubeadm join test.node:6443 \
--token q5n6vm.sj9xpkqr6iyxxxxx \
--discovery-token-ca-cert-hash sha256:ee352fb3db6aeff1bd3cfebba1c4439641e8a8c151ac4f770fc13f4504xxxxx \
--control-plane
加入worker节点
kubeadm join test.node:6443 \
--token q5n6vm.sj9xpkqr6iyxxxxx \
--discovery-token-ca-cert-hash sha256:ee352fb3db6aeff1bd3cfebba1c4439641e8a8c151ac4f770fc13f4504xxxxx