06-3. 部署 containerd 组件

containerd 实现了 kubernetes 的 Container Runtime Interface (CRI) 接口,提供容器运行时核心功能,如镜像管理、容器管理等,相比 dockerd 更加简单、健壮和可移植。

注意:

  1. 如果没有特殊指明,本文档的所有操作均在 zhangjun-k8s01 节点上执行。
  2. 如果想使用 docker,请参考附件 F.部署docker.md
  3. docker 需要与 flannel 配合使用,且先安装 flannel;

下载和分发二进制文件

下载二进制文件:

  1. cd /opt/k8s/work
  2. wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.17.0/crictl-v1.17.0-linux-amd64.tar.gz \
  3. https://github.com/opencontainers/runc/releases/download/v1.0.0-rc10/runc.amd64 \
  4. https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz \
  5. https://github.com/containerd/containerd/releases/download/v1.3.3/containerd-1.3.3.linux-amd64.tar.gz

解压:

  1. cd /opt/k8s/work
  2. mkdir containerd
  3. tar -xvf containerd-1.3.3.linux-amd64.tar.gz -C containerd
  4. tar -xvf crictl-v1.17.0-linux-amd64.tar.gz
  5. mkdir cni-plugins
  6. sudo tar -xvf cni-plugins-linux-amd64-v0.8.5.tgz -C cni-plugins
  7. sudo mv runc.amd64 runc

分发二进制文件到所有 worker 节点:

  1. cd /opt/k8s/work
  2. source /opt/k8s/bin/environment.sh
  3. for node_ip in ${NODE_IPS[@]}
  4. do
  5. echo ">>> ${node_ip}"
  6. scp containerd/bin/* crictl cni-plugins/* runc root@${node_ip}:/opt/k8s/bin
  7. ssh root@${node_ip} "chmod a+x /opt/k8s/bin/* && mkdir -p /etc/cni/net.d"
  8. done

创建和分发 containerd 配置文件

  1. cd /opt/k8s/work
  2. source /opt/k8s/bin/environment.sh
  3. cat << EOF | sudo tee containerd-config.toml
  4. version = 2
  5. root = "${CONTAINERD_DIR}/root"
  6. state = "${CONTAINERD_DIR}/state"
  7. [plugins]
  8. [plugins."io.containerd.grpc.v1.cri"]
  9. sandbox_image = "registry.cn-beijing.aliyuncs.com/images_k8s/pause-amd64:3.1"
  10. [plugins."io.containerd.grpc.v1.cri".cni]
  11. bin_dir = "/opt/k8s/bin"
  12. conf_dir = "/etc/cni/net.d"
  13. [plugins."io.containerd.runtime.v1.linux"]
  14. shim = "containerd-shim"
  15. runtime = "runc"
  16. runtime_root = ""
  17. no_shim = false
  18. shim_debug = false
  19. EOF
  1. cd /opt/k8s/work
  2. source /opt/k8s/bin/environment.sh
  3. for node_ip in ${NODE_IPS[@]}
  4. do
  5. echo ">>> ${node_ip}"
  6. ssh root@${node_ip} "mkdir -p /etc/containerd/ ${CONTAINERD_DIR}/{root,state}"
  7. scp containerd-config.toml root@${node_ip}:/etc/containerd/config.toml
  8. done

创建 containerd systemd unit 文件

  1. cd /opt/k8s/work
  2. cat <<EOF | sudo tee containerd.service
  3. [Unit]
  4. Description=containerd container runtime
  5. Documentation=https://containerd.io
  6. After=network.target
  7. [Service]
  8. Environment="PATH=/opt/k8s/bin:/bin:/sbin:/usr/bin:/usr/sbin"
  9. ExecStartPre=/sbin/modprobe overlay
  10. ExecStart=/opt/k8s/bin/containerd
  11. Restart=always
  12. RestartSec=5
  13. Delegate=yes
  14. KillMode=process
  15. OOMScoreAdjust=-999
  16. LimitNOFILE=1048576
  17. LimitNPROC=infinity
  18. LimitCORE=infinity
  19. [Install]
  20. WantedBy=multi-user.target
  21. EOF

分发 systemd unit 文件,启动 containerd 服务

  1. cd /opt/k8s/work
  2. source /opt/k8s/bin/environment.sh
  3. for node_ip in ${NODE_IPS[@]}
  4. do
  5. echo ">>> ${node_ip}"
  6. scp containerd.service root@${node_ip}:/etc/systemd/system
  7. ssh root@${node_ip} "systemctl enable containerd && systemctl restart containerd"
  8. done

创建和分发 crictl 配置文件

crictl 是兼容 CRI 容器运行时的命令行工具,提供类似于 docker 命令的功能。具体参考官方文档

  1. cd /opt/k8s/work
  2. cat << EOF | sudo tee crictl.yaml
  3. runtime-endpoint: unix:///run/containerd/containerd.sock
  4. image-endpoint: unix:///run/containerd/containerd.sock
  5. timeout: 10
  6. debug: false
  7. EOF

分发到所有 worker 节点:

  1. cd /opt/k8s/work
  2. source /opt/k8s/bin/environment.sh
  3. for node_ip in ${NODE_IPS[@]}
  4. do
  5. echo ">>> ${node_ip}"
  6. scp crictl.yaml root@${node_ip}:/etc/crictl.yaml
  7. done