Kubernetes 二进制部署 《easzlab / kubeasz项目部署》
- 03-安装容器运行时
03-安装容器运行时
项目根据k8s版本提供不同的默认容器运行时:
k8s 版本 < 1.24 时,支持docker containerd 可选
k8s 版本 >= 1.24 时,仅支持 containerd
[root@k8s-master-01 kubeasz]# cat playbooks/03.runtime.yml
# to install a container runtime
- hosts:- kube_master- kube_noderoles:- { role: docker, when: "CONTAINER_RUNTIME == 'docker'" }- { role: containerd, when: "CONTAINER_RUNTIME == 'containerd'" }
kubeasz 集成安装 containerd
注意:k8s 1.24以后,项目已经设置默认容器运行时为 containerd,无需手动修改
执行安装:分步安装ezctl setup xxxx 03
命令对比
| 命令 | docker | crictl(推荐) | ctr |
|---|---|---|---|
| 查看容器列表 | docker ps | crictl ps | ctr -n k8s.io c ls |
| 查看容器详情 | docker inspect | crictl inspect | ctr -n k8s.io c info |
| 查看容器日志 | docker logs | crictl logs | 无 |
| 容器内执行命令 | docker exec | crictl exec | 无 |
| 挂载容器 | docker attach | crictl attach | 无 |
| 容器资源使用 | docker stats | crictl stats | 无 |
| 创建容器 | docker create | crictl create | ctr -n k8s.io c create |
| 启动容器 | docker start | crictl start | ctr -n k8s.io run |
| 停止容器 | docker stop | crictl stop | 无 |
| 删除容器 | docker rm | crictl rm | ctr -n k8s.io c del |
| 查看镜像列表 | docker images | crictl images | ctr -n k8s.io i ls |
| 查看镜像详情 | docker inspect | crictl inspecti | 无 |
| 拉取镜像 | docker pull | crictl pull | ctr -n k8s.io i pull |
| 推送镜像 | docker push | 无 | ctr -n k8s.io i push |
| 删除镜像 | docker rmi | crictl rmi | ctr -n k8s.io i rm |
| 查看Pod列表 | 无 | crictl pods | 无 |
| 查看Pod详情 | 无 | crictl inspectp | 无 |
| 启动Pod | 无 | crictl runp | 无 |
| 停止Pod | 无 | crictl stopp | 无 |
containerd和docker命令大体相似,我们甚至可以通过alias来把crictl改成docker
alias docker=crictl
[root@k8s-master-01 kubeasz]# cat roles/containerd/tasks/main.yml
- name: 获取是否已经安装containerdshell: 'systemctl is-active containerd || echo "NoFound"'register: containerd_svc- block:- name: 准备containerd相关目录file: name={{ item }} state=directorywith_items:- "{{ bin_dir }}/containerd-bin"- "/etc/containerd"- name: 加载内核模块 overlaymodprobe: name=overlay state=present- name: 下载 containerd 二进制文件copy: src={{ item }} dest={{ bin_dir }}/containerd-bin/ mode=0755with_fileglob:- "{{ base_dir }}/bin/containerd-bin/*"tags: upgrade- name: 下载 crictlcopy: src={{ base_dir }}/bin/crictl dest={{ bin_dir }}/crictl mode=0755- name: 添加 crictl 自动补全lineinfile:dest: ~/.bashrcstate: presentregexp: 'crictl completion'line: 'source <(crictl completion bash) # generated by kubeasz'- name: 创建 containerd 配置文件template: src=config.toml.j2 dest=/etc/containerd/config.tomltags: upgrade- name: 创建systemd unit文件template: src=containerd.service.j2 dest=/etc/systemd/system/containerd.servicetags: upgrade- name: 创建 crictl 配置template: src=crictl.yaml.j2 dest=/etc/crictl.yaml- name: 开机启用 containerd 服务shell: systemctl enable containerdignore_errors: true- name: 开启 containerd 服务shell: systemctl daemon-reload && systemctl restart containerdtags: upgrade- name: 轮询等待containerd服务运行shell: "systemctl is-active containerd.service"register: containerd_statusuntil: '"active" in containerd_status.stdout'retries: 8delay: 2tags: upgradewhen: "'NoFound' in containerd_svc.stdout"
需要注意
config.toml.j2这个文件中的sandbox_image = "{{ SANDBOX_IMAGE }}",这个沙盒镜像在kubelet启动pod的时候会用到,所以如果无法启动pod,很有可能是这个插件没装好。不过kubeasz项目已经为我们填好了
[root@k8s-master-01 kubeasz]# ./ezctl setup k8s-cluster-01 03
[root@k8s-master-01 kubeasz]# ansible node -m shell -a "systemctl is-active containerd"
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.17.241 | CHANGED | rc=0 >>
active
192.168.17.240 | CHANGED | rc=0 >>
active
)
)
