cri-docker and kubernetes
在你的每个节点上,遵循安装 Docker Engine 指南为你的 Linux 发行版安装 Docker。
按照源代码仓库中的说明安装 cri-dockerd。
对于 cri-dockerd,默认情况下,CRI 套接字是 /run/cri-dockerd.sock
https://docs.docker.com/engine/install/#server
https://kubernetes.io/zh-cn/blog/2022/02/17/dockershim-faq/
https://github.com/Mirantis/cri-dockerd
https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#docker
从kubernetes 1.24开始,dockershim已经从kubelet中移除,但因为历史问题docker却不支持kubernetes
主推的CRI(容器运行时接口)标准,所以docker不能再作为kubernetes的容器运行时了,
即从kubernetesv1.24开始不再使用docker了。
但是如果想继续使用docker的话,可以在kubelet和docker之间加上一个中间层cri-docker。cri-docker是一个支持CRI标准的shim(垫片)。一头通过CRI跟kubelet交互,另一头跟docker api交互,从而间接的实现了kubernetes以docker作为容器运行时。
但是这种架构缺点也很明显,调用链更长,效率更低
软件源
http://mirrors.aliyun.com/repo/Centos-7.repo
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat >/etc/yum.repos.d/kubernetes.repo<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
yum -y clean all
yum -y makecache fast
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
sudo yum install -y yum-utils
sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
sudo systemctl start docker
systemctl enable docker
systemctl status docker
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://19b12x6i.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload
systemctl enable docker
systemctl restart docker
systemctl status docker
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
EOF
## 应用sysctl参数而无需重新启动
sudo sysctl --system
#安装ipset、ipvsadm
yum install -y ipset ipvsadm
cat > /etc/modules-load.d/ipvs.conf <<EOF
# Load IPVS at boot
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
EOF
bash /etc/modules-load.d/ipvs.conf
systemctl enable --now systemd-modules-load.service
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
reboot
[`cri-dockerd`](https://github.com/Mirantis/cri-dockerd)
安装go
wget https://golang.google.cn/dl/go1.20.2.linux-amd64.tar.gz
tar -zxvf go1.20.2.linux-amd64.tar.gz -C /usr/local/
cat>>/etc/profile<<EOF
#go 环境变量
export GO111MODULE=on
export GOROOT=/usr/local/go
export GOPATH=/home/gopath
export PATH=$GOROOT/bin:$GOPATH/bin:$PATH
EOF
source /etc/profile
go version
安装cri-dockerd
git clone https://github.com/Mirantis/cri-dockerd.git
cd cri-dockerd
mkdir bin
go build -o bin/cri-dockerd
mkdir -p /usr/local/bin
install -o root -g root -m 0755 bin/cri-dockerd /usr/local/bin/cri-dockerd
cp -a packaging/systemd/* /etc/systemd/system
sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
systemctl daemon-reload
systemctl enable cri-docker.service
systemctl enable --now cri-docker.socket
systemctl restart cri-docker.service
systemctl status cri-docker.service
ps -ef|grep dockerd
root 2381 1 0 12:09 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 43696 1 0 12:16 ? 00:00:00 /usr/local/bin/cri-dockerd --container-runtime-endpoint fd://
root 45055 1490 0 12:16 pts/0 00:00:00 grep --color=auto dockerd
sed -i "/.*ExecStart=*/c\ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7 --container-runtime-endpoint fd:// " /etc/systemd/system/cri-docker.service
cat /etc/systemd/system/cri-docker.service|grep ExecStart
安装kubernetes
可以先查询有哪些版本
yum list kubeadm --showduplicates
kubeadm.x86_64 1.26.1-0 kubernetes
kubeadm.x86_64 1.26.2-0 kubernetes
yum install -y kubelet-1.26.2-0 kubeadm-1.26.2-0 kubectl-1.26.2-0
systemctl enable kubelet && systemctl start kubelet
cat <<EOF > /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
集群初始化
kubeadm init --kubernetes-version=1.26.0 \
--apiserver-advertise-address=192.168.14.132 \
--image-repository registry.aliyuncs.com/google_containers \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket=unix:///var/run/cri-dockerd.sock
kubeadm token create --print-join-command
kubeadm join 192.168.14.132:6443 --token 4k9r1l.cmj3uycg7zds3ier --discovery-token-ca-cert-hash sha256:3ba7a76b190abc718f5b152aee3392b96cbf830786755fef88459f44187669ff
热门相关:无量真仙 豪门闪婚:帝少的神秘冷妻 网游之逆天飞扬 时间都知道 酒吧探戈