{"id":144556,"date":"2019-05-17T09:19:34","date_gmt":"2019-05-17T01:19:34","guid":{"rendered":"https:\/\/lrxjmw.cn\/?p=144556"},"modified":"2019-05-13T09:34:15","modified_gmt":"2019-05-13T01:34:15","slug":"containerd-kubernetes","status":"publish","type":"post","link":"https:\/\/lrxjmw.cn\/containerd-kubernetes.html","title":{"rendered":"containerd\u4e0ekubernetes\u96c6\u6210\u90e8\u7f72"},"content":{"rendered":"
\u6982\u5ff5\u4ecb\u7ecd<\/strong><\/div>\n
cri (Container runtime interface)<\/strong><\/span><\/div>\n
\r\ncri is a containerd plugin implementation of Kubernetes container runtime interface (CRI).\r\ncri\u662f kubernetes\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u63a5\u53e3\u7684\u5bb9\u5668\u63d2\u4ef6\u5b9e\u73b0\u3002\r\n<\/pre>\n
containerd<\/strong><\/span><\/div>\n
\r\ncontainerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability.\r\ncontainerd\u5b8c\u5168\u652f\u6301\u8fd0\u884c\u5bb9\u5668\u7684\u7684CRI\u8fd0\u884c\u65f6\u89c4\u8303\u3002\r\ncri\u5728containerd1.1\u4ee5\u4e0a\u7684\u7248\u672c\u7684\u539f\u751f\u63d2\u4ef6\u3002\u5b83\u5185\u7f6e\u4e8econtainerd\u5e76\u9ed8\u8ba4\u542f\u7528\u3002\r\n<\/pre>\n
\"\"<\/p>\n
cri-o<\/strong><\/span><\/div>\n
\r\nOCI-based implementation of Kubernetes Container Runtime Interface.\r\nkubernetes\u4e3a\u4e86\u517c\u5bb9cri\u548coci\u5b75\u5316\u4e86\u9879\u76eecri-o\u3002\u4e3a\u4e86\u67b6\u8bbe\u5728cri\u548coci\u4e4b\u95f4\u7684\u4e00\u5ea7\u6865\u6881\u3002\u7531\u6b64cri-o\u65e2\u517c\u5bb9cri\u63d2\u4ef6\u5b9e\u73b0\u53c8\u517c\u5bb9oci\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u6807\u51c6\u3002\r\n<\/pre>\n
oci (Open Container Initiative)<\/strong><\/span><\/div>\n
\r\noci\u662f\u7531\u591a\u5bb6\u516c\u53f8\u6210\u7acb\u7684\u9879\u76ee,\u5e76\u7531linux\u57fa\u91d1\u4f1a\u8fdb\u884c\u7ba1\u7406,\u81f4\u529b\u4e8econtainer runtime \u7684\u6807\u51c6\u7684\u5236\u5b9a\u548crunc\u7684\u5f00\u53d1\u7b49\u5de5\u4f5c\u3002\r\n<\/pre>\n
runc<\/strong><\/span><\/div>\n
\r\nrunc is a CLI tool for spawning and running containers according to the OCI specification.\r\nrunc\uff0c\u662f\u5bf9\u4e8eOCI\u6807\u51c6\u7684\u4e00\u4e2a\u53c2\u8003\u5b9e\u73b0\uff0c\u662f\u4e00\u4e2a\u53ef\u4ee5\u7528\u4e8e\u521b\u5efa\u548c\u8fd0\u884c\u5bb9\u5668\u7684CLI(command-line interface)\u5de5\u5177\u3002\r\n<\/pre>\n
\"\"<\/p>\n
\u6982\u8ff0<\/strong><\/span><\/div>\n
\u7531\u4e8edocker\u5d4c\u5165\u4e86\u592a\u591a\u81ea\u8eab\u5185\u5bb9,\u4e3a\u4e86\u51cf\u8f7b\u5bb9\u5668\u8d1f\u62c5\u3002\u6b64\u6b21\u9009\u7528containerd\u4f5c\u4e3akubernetes\u7684\u5bb9\u5668\u5b9e\u73b0\u65b9\u6848\u3002\u672c\u6587\u5c06\u5e26\u5927\u5bb6\u8bb2\u8ff0\u5982\u4f55\u642d\u5efa\u4e00\u4e2a\u96c6\u6210\u4e86containerd\u7684k8s\u96c6\u7fa4\u3002<\/p>\n
\u73af\u5883\u51c6\u5907<\/strong><\/span><\/div>\n
\u4e0b\u8f7dcontainerd\u4e8c\u8fdb\u5236\u5305\u3002\u6211\u8fd9\u91cc\u5df2\u7ecf\u7f16\u8bd1\u5e76\u6253\u5305\u4e86\u597d\u4e86\uff0c\u5185\u542bcontainerd\u3001runc\u3001crictl\u3001ctr\u7b49\u3002<\/p>\n
\u4e0b\u8f7d\u94fe\u63a5\uff1ahttps:\/\/github.com\/cuisongliu\/containerd-dist\/releases\/download\/v1.2.4\/containerd-v1.2.4.tar.gz<\/p>\n
\r\nrunc\u7248\u672c\uff1a 1.0.1-dev\r\n\r\ncontainerd\u7248\u672c\uff1a v1.2.4\r\n<\/pre>\n
\u5b89\u88c5containerd<\/strong><\/span><\/div>\n
\u89e3\u538b\u4e8c\u8fdb\u5236\u5305\u5e76\u751f\u6210\u9ed8\u8ba4\u6587\u4ef6<\/p>\n
\r\n  tar -C \/usr\/local\/bin -xzf containerd-v1.2.4.tar.gz\r\n  chmod a+x \/usr\/local\/bin\/*\r\n  containerd config default > \/etc\/containerd\/config.toml\r\n<\/pre>\n
\u751f\u6210\u7684\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u6ce8\u610f [grpc] \u7684 address \u5b57\u6bb5\u9ed8\u8ba4\u4e3a \/run\/containerd\/containerd.sock<\/p>\n
\u914d\u7f6e\u6587\u4ef6\u5176\u4ed6\u53c2\u6570\u542b\u4e49\u53c2\u7167github\u5730\u5740\uff1a https:\/\/github.com\/containerd\/containerd\/blob\/master\/docs\/man\/containerd-config.toml.5.md<\/p>\n
\u5728 \/etc\/systemd\/system \u76ee\u5f55\u4e0b\u7f16\u5199\u6587\u4ef6 containerd.service\u5185\u5bb9\u5982\u4e0b<\/p>\n
\r\n  [Unit]\r\n  Description=containerd container runtime\r\n  Documentation=https:\/\/containerd.io\r\n  After=network.target\r\n  \r\n  [Service]\r\n  ExecStartPre=\/sbin\/modprobe overlay\r\n  ExecStart=\/usr\/local\/bin\/containerd\r\n  Restart=always\r\n  RestartSec=5\r\n  Delegate=yes\r\n  KillMode=process\r\n  OOMScoreAdjust=-999\r\n  LimitNOFILE=1048576\r\n  # Having non-zero Limit*s causes performance problems due to accounting overhead\r\n  # in the kernel. We recommend using cgroups to do container-local accounting.\r\n  LimitNPROC=infinity\r\n  LimitCORE=infinity\r\n  \r\n  [Install]\r\n  WantedBy=multi-user.target\r\n<\/pre>\n
\u542f\u52a8containerd<\/strong><\/span><\/div>\n
\r\n  systemctl enable containerd\r\n  systemctl restart containerd\r\n  systemctl status containerd\r\n<\/pre>\n
\u770bcontainerd\u542f\u52a8\u72b6\u6001\u5982\u679c\u662frunning\u5c31\u6ca1\u6709\u95ee\u9898\u3002\u4e0b\u9762\u6211\u4eec\u6d4b\u8bd5\u62c9\u53d6\u4e00\u4e0bhub\u7684\u955c\u50cf\u3002<\/p>\n
\u6d4b\u8bd5containerd<\/strong><\/span><\/div>\n
\r\n  ctr images pull docker.io\/library\/nginx:alpine\r\n<\/pre>\n
\u770b\u5230\u8f93\u51fadone\uff0c\u8bf4\u660econtainerd\u8fd0\u884c\u4e00\u5207\u6b63\u5e38\u3002<\/p>\n
\u4f7f\u7528crictl\u8fde\u63a5containerd,\u4e0b\u4e00\u6b65\u6211\u4eec\u4f7f\u7528crictl\u8fde\u63a5containerd\u3002<\/p>\n
\u4fee\u6539crictl\u7684\u914d\u7f6e\u6587\u4ef6,\u5728 \/etc\/crictl.yaml \u5199\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n
\r\n  runtime-endpoint: unix:\/\/\/run\/containerd\/containerd.sock\r\n  image-endpoint: unix:\/\/\/run\/containerd\/containerd.sock\r\n  timeout: 10\r\n  debug: false\r\n<\/pre>\n
\u8fd9\u91cc\u6ce8\u610fruntime-endpoint \u548cimage-endpoint \u5fc5\u987b\u4e0e\/etc\/containerd\/config.toml\u4e2d\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002<\/p>\n
\u9a8c\u8bc1\u4e00\u4e0bcri\u63d2\u4ef6\u662f\u5426\u53ef\u7528<\/p>\n
\r\n  crictl  pull nginx:alpine\r\n  crictl  rmi  nginx:alpine\r\n  crictl  images\r\n<\/pre>\n
\u5176\u4e2d crictl images \u4f1a\u5217\u51fa\u6240\u6709\u7684cri\u5bb9\u5668\u955c\u50cf\u3002<\/p>\n
\u5230\u6b64\u6211\u4eec\u7684cri + containerd\u5df2\u7ecf\u5b8c\u6210\u6574\u5408\u4e86\u3002\u4e0b\u4e00\u6b65\u6211\u4eec\u9700\u8981\u4fee\u6539kubeadm\u914d\u7f6e\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n
\u5bfc\u5165kubenetes\u79bb\u7ebf\u955c\u50cf\u5305<\/strong><\/span><\/div>\n
\u8fd9\u91cc\u6211\u4eec\u5c31\u9700\u8981\u5bfc\u5165k8s\u7684\u79bb\u7ebf\u955c\u50cf\u5305\u4e86\u3002\u8fd9\u91cc\u9700\u8981\u6ce8\u610f\u4e00\u4e0b\uff0ckubernetes\u662f\u8c03\u7528\u7684cri\u63a5\u53e3,\u6240\u4ee5\u5bfc\u5165\u65f6\u4e5f\u9700\u8981\u4ececri\u63d2\u4ef6\u5bfc\u5165\u955c\u50cf\u3002<\/p>\n
cri\u5bfc\u5165\u955c\u50cf\u547d\u4ee4(cri\u5bfc\u5165\u955c\u50cf)\uff1a<\/p>\n
\r\n   ctr cri load  images.tar\r\n<\/pre>\n
containerd\u5bfc\u5165\u955c\u50cf\u547d\u4ee4(containerd\u5bfc\u5165\u955c\u50cf)\uff1a<\/p>\n
\r\n   ctr images import images.tar \r\n<\/pre>\n
\u4fee\u6539kubelet\u914d\u7f6e\u548ckubeadm\u5b89\u88c5\u65f6\u914d\u7f6e<\/strong><\/span><\/div>\n
\u5728 kubelet\u914d\u7f6e\u6587\u4ef6 10-kubeadm.conf \u7684[Service] \u7ed3\u70b9\u52a0\u5165\u4ee5\u4e0b\u914d\u7f6e\uff1a<\/p>\n
\r\n  Environment=\"KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:\/\/\/run\/containerd\/containerd.sock\"\r\n<\/pre>\n
\u5728kubeadm\u914d\u7f6e\u6587\u4ef6 kubeadm.yaml \u4e2d\u52a0\u5165<\/p>\n
\r\n  apiVersion: kubeadm.k8s.io\/v1beta1\r\n  kind: InitConfiguration\r\n  nodeRegistration:\r\n    criSocket: \/run\/containerd\/containerd.sock\r\n    name: containerd\r\n<\/pre>\n
\u5230\u6b64containerd\u548ckubernetes\u7684\u96c6\u6210\u5c31\u5b8c\u6210\u4e86\u3002\u4e0b\u9762\u53ef\u4ee5\u76f4\u63a5\u5b89\u88c5\u5373\u53ef\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
cri is a containerd plugin implementation of Kubernetes […]<\/p>\n","protected":false},"author":668,"featured_media":144635,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-144556","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/144556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/668"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=144556"}],"version-history":[{"count":5,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/144556\/revisions"}],"predecessor-version":[{"id":144760,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/144556\/revisions\/144760"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/144635"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=144556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=144556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=144556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}