组件介绍:
cri (Container runtime interface):
cri是 kubernetes的容器运行时接口的容器插件实现。
containerd:
containerd完全支持运行容器的的CRI运行时规范,它内置于containerd并默认启用。
cri-o:
kubernetes为了兼容cri和oci孵化了项目cri-o。为了架设在cri和oci之间的一座桥梁。由此cri-o既兼容cri插件实现又兼容oci的容器运行时标准。
oci:
oci是由多家公司成立的项目,并由linux基金会进行管理,致力于container runtime 的标准的制定和runc的开发等工作。
runc:
runc,是对于OCI标准的一个参考实现,是一个可以用于创建和运行容器的CLI(command-line interface)工具。
安装包:
runc.amd64
containerd-1.4.3-linux-amd64.tar.gz
crictl-v1.18.0-linux-amd64.tar.gz
crio-v1.18.4.tar.gz
下载地址:
curl -OL https://github.com/opencontainers/runc/releases/download/v1.0.0-rc92/runc.amd64
curl -OL https://github.com/containerd/containerd/releases/download/v1.4.3/containerd-1.4.3-linux-amd64.tar.gz
curl -OL https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.18.0/crictl-v1.18.0-linux-amd64.tar.gz
curl -OL https://github.com/cri-o/cri-o/releases/download/v1.18.4/crio-v1.18.4.tar.gz
一、安装服务
1、安装runc
mkdir /usr/local/bin/ru
mv runc.amd64 /usr/local/bin/ru && chmod +x /usr/local/bin/ru
2、安装containerd
tar -zxvf containerd-1.4.3-linux-amd64.tar.gz -C /usr/local/
curl -o /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/cri/master/contrib/systemd-units/containerd.service
[root@master1 ~]# cat /etc/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://registry.docker-cn.com
After=network.target
[Service]
ExecStartPre=/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Restart=always
RestartSec=5
Delegate=yes
KillMode=process
OOMScoreAdjust=-999
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
[Install]
WantedBy=multi-user.target
3、获取containerd配置文件
containerd config default > /etc/containerd/config.toml
4、启动containerd服务并加入开机启动
systemctl enable containerd && systemctl restart containerd
5、安装crictl
tar -zxf crictl-v1.18.0-linux-amd64.tar.gz -C /usr/local/bin/
6、配置crictl
[root@master1 ~]# cat /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
7、测试containerd
[root@master1 ~]# ctr images pull docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:c2ce58e024275728b00a554ac25628af25c54782865b3487b11c21cafb7fabda: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:01747306a7247dbe928db991eab42e4002118bf636dd85b4ffea05dd907e5b66: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e295e0624aa3268544bd2a4efaa6b471db1f4e5340ffa94f145ff05008cd7f37: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b1242e25d28452a7ebfd93d40d8f8b2629a05f4805e40b23ee109f49da5645b5: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:7453d3e6b909a42e8ab2ae94425962629cbf5415ba5baed93171b37ee576fe1c: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:629df02b47c8733258baf6663e308a86cd23f80247d35407022c35fd91a50ea3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:07ce7418c4f86bc008243dc5900d1efbcdc5e4c167fbae32af74e015163ac6c8: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:801bfaa63ef2094d770c809815b9e2b9c1194728e5e754ef7bc764030e140cea: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 28.7s total: 9.3 Mi (330.7 KiB/s)
unpacking linux/amd64 sha256:c2ce58e024275728b00a554ac25628af25c54782865b3487b11c21cafb7fabda...
done
8、验证一下cri插件是否可用
[root@master1 ~]# crictl pull redis
Image is up to date for sha256:ef47f3b6dc11e8f17fb39a6e46ecaf4efd47b3d374e92aeb9f2606896b751251
[root@master1 ~]# crictl images
IMAGE TAG IMAGE ID SIZE
docker.io/library/nginx alpine 629df02b47c87 9.72MB
docker.io/library/nginx latest f6d0b4767a6c4 53.6MB
docker.io/library/redis latest ef47f3b6dc11e 38.2MB
docker.io/library/tomcat latest feba8d001e3f5 335MB