前言
在传统的k8s集群中,我们都是使用docker engine做为底层的容器管理软件的,而docker engine因为不是k8s亲生的解决方案,所以实际使用中会有更多的分层。之前我们也讲过,k8s为了调用docker engine,专门写了一个dockershim做为CRI,而在1.20版本的时候,k8s就宣布停止更新dockershim了,也就是说再往后的版本就不推荐使用k8s+dockershim+docker engine的方案了。
而k8s官方比较推荐的解决方案中,官方比较推荐的是cri-o或者containerd,前者是基于开放容器计划(OCI)的实现,后者是基于docker的containerd,后脱离出来进行独立开发的组件,现归属于CNCF组织。
CRI-O vs containerd vs docker daemon
这三者有啥区别呢?
首先,cri-o是cri的实现,可以直接调用底层的runc
其次,containerd是CRI-Containerd的实现,可以调用底层的runc
而docker则需要先调用dockershim,然后调用docker,再调用containerd,最后调用底层的runc
三者区别如图:
k8s+crio+podman实现
podman安装
可参考我前一篇文章
docker的平替--podman - eryoung2 - 博客园
三台机都需要安装podman
k8s的安装
可参考我另一篇文章
kubernetes 搭建集群 - eryoung2 - 博客园
三台机都需要安装kubelet/kubeadm/kubectl,并启动kubelet
cri-o的安装
Ubuntu(18.04)
1 准备
modprobe overlay # 打开overlay
modprobe br_netfilter # 打开netfilter
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF #内核处理
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
swapoff -a #kube scheduler要求关闭swap
2 安装CRI-O
# 指定版本
OS=xUbuntu_18.04
CRIO_VERSION=1.23
# 加源
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list
# 加key
curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION/$OS/Release.key | sudo apt-key add -
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | sudo apt-key add -
# 安装
sudo apt update -y
sudo apt install cri-o cri-o-runc cri-tools -y
3 检查CRI-O
root@home:~# apt show cri-o
Package: cri-o
Version: 1.23.3~0
Priority: optional
Section: devel
Maintainer: Peter Hunt <haircommander@fedoraproject.org>
Installed-Size: 98.3 MB
Depends: libgpgme11, libseccomp2, conmon, containers-common (>= 0.1.27) | golang-github-containers-common, tzdata
Suggests: cri-o-runc | runc (>= 1.0.0), containernetworking-plugins
Replaces: cri-o-1.19, cri-o-1.20, cri-o-1.21, cri-o-1.22
Homepage: https://github.com/cri-o/cri-o
Download-Size: 19.9 MB
APT-Manual-Installed: yes
APT-Sources: http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23/xUbuntu_18.04 Packages
Description: OCI-based implementation of Kubernetes Container Runtime Interface.
N: Ignoring file 'ystemctlqq' in directory '/etc/apt/sources.list.d/' as it has no filename extension
systemctl enable crio.service
systemctl start crio.service
root@home:~# systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-13 01:26:03 CST; 16h ago
Docs: https://github.com/cri-o/cri-o
Main PID: 5338 (crio)
Tasks: 15
CGroup: /system.slice/crio.service
└─5338 /usr/bin/crio
4 使用cri-o
查看状态
root@home:~# crictl info
{
"status": {
"conditions": [
{
"type": "RuntimeReady",
"status": true,
"reason": "",
"message": ""
},
{
"type": "NetworkReady",
"status": true,
"reason": "",
"message": ""
}
]
}
}
查看镜像
root@home:~# crictl images
IMAGE TAG IMAGE ID SIZE
docker.io/calico/cni v3.23.2 a87d3f6f1b8fd 263MB
docker.io/calico/node v3.23.2 a3447b26d32c7 224MB
docker.io/library/nginx latest 41b0e86104ba6 146MB
k8s.gcr.io/coredns/coredns v1.8.6 a4ca41631cc7a 47MB
k8s.gcr.io/etcd 3.5.3-0 aebe758cef4cd 301MB
k8s.gcr.io/kube-apiserver v1.24.2 d3377ffb7177c 131MB
k8s.gcr.io/kube-controller-manager v1.24.2 34cdf99b1bb3b 121MB
k8s.gcr.io/kube-proxy v1.24.2 a634548d10b03 112MB
k8s.gcr.io/kube-scheduler v1.24.2 5d725196c1f47 52.3MB
k8s.gcr.io/pause 3.6 6270bb605e12e 690kB
k8s.gcr.io/pause 3.7 221177c6082a8 718kB
Centos(7)
1 准备
VERSION=1.22
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_7/devel:kubic:libcontainers:stable.repo
sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:${VERSION}/CentOS_7/devel:kubic:libcontainers:stable:cri-o:${VERSION}.repo
2 安装
yum update -y
yum install cri-o cri-tools -y
3 查看cri-o版本
[root@node1 systemd]# rpm -qi cri-o
Name : cri-o
Epoch : 0
Version : 1.22.5
Release : 2.2.el7
Architecture: x86_64
Install Date: 2022年07月13日 星期三 01时36分47秒
Group : Unspecified
Size : 236845729
License : ASL 2.0
Signature : RSA/SHA256, 2022年07月10日 星期日 12时53分28秒, Key ID 4d64390375060aa4
Source RPM : cri-o-1.22.5-2.2.el7.src.rpm
Build Date : 2022年07月10日 星期日 12时53分00秒
Build Host : sheep87
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/devel:kubic
URL : https://github.com/cri-o/cri-o
Summary : Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
Description :
Open Container Initiative-based implementation of Kubernetes Container Runtime
Interface.
4 启动cri-o
systemctl enable --now cri-o
5 查看cri-o状态
[root@node1 systemd]# systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/usr/lib/systemd/system/crio.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2022-07-13 01:41:06 CST; 16h ago
Docs: https://github.com/cri-o/cri-o
Main PID: 24127 (crio)
Tasks: 15
Memory: 13.7M
CGroup: /system.slice/crio.service
└─24127 /usr/bin/crio
三台机都安装cri-o并启动。
K8S启动
在master上,跑下列命令:
kubeadm init --apiserver-advertise-address 192.168.1.150 --apiserver-bind-port 6443 --kubernetes-version 1.24.2 --pod-network-cidr 10.244.0.0/16
然后等5分钟,就创建了一个k8s集群的master node。
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.150:6443 --token gjxt6y.0wljlhfkjz90v12m --discovery-token-ca-cert-hash sha256:d69fc5929e442210c97ab85c05a8c2906f5819a74d5b0fa3481032d6a8f3fc07
在三台机上跑这三条命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
否则会报错。
The connection to the server localhost:8080 was refused - did you specify the right host or port?
检查集群
在以上所有内容都完成之后,我们可以看一下nodes或者pods
root@home:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
home Ready control-plane 179m v1.24.2
node1 Ready <none> 179m v1.24.2
node2 Ready <none> 179m v1.24.2
root@home:~# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6d4b75cb6d-4wxjh 1/1 Running 0 179m
kube-system coredns-6d4b75cb6d-7qxpv 1/1 Running 0 179m
kube-system etcd-home 1/1 Running 2 3h
kube-system kube-apiserver-home 1/1 Running 2 3h
kube-system kube-controller-manager-home 1/1 Running 2 3h
kube-system kube-proxy-9w7mf 1/1 Running 0 179m
kube-system kube-proxy-hpw6c 1/1 Running 0 179m
kube-system kube-proxy-tbpr8 1/1 Running 0 179m
kube-system kube-scheduler-home 1/1 Running 2 3h