Nyob zoo! Kuv lub npe yog Sergey, Kuv yog DevOps ntawm Surf. Lub tuam tsev DevOps ntawm Surf lub hom phiaj tsis yog tsim kom muaj kev sib cuam tshuam ntawm cov kws tshaj lij thiab koom ua ke cov txheej txheem ua haujlwm, tab sis kuj tseem ua haujlwm tshawb fawb thiab siv cov thev naus laus zis tam sim no ob qho tib si hauv nws tus kheej cov txheej txheem thiab hauv cov neeg siv khoom vaj tse.
Hauv qab no kuv yuav tham me ntsis txog cov kev hloov pauv hauv cov txheej txheem thev naus laus zis rau cov thawv uas peb tau ntsib thaum kawm txog kev faib khoom CentOS 8 thiab hais txog qhov nws yog CRI-O thiab yuav ua li cas sai teeb tsa ib puag ncig executable rau Kubernetes.
Vim li cas Docker tsis suav nrog CentOS 8?
Tom qab txhim kho qhov kev tso tawm loj kawg RHEL 8 los yog CentOS 8 ib tug tsis tuaj yeem pab tab sis ceeb toom: cov kev faib tawm thiab cov chaw khaws ntaub ntawv raug cai tsis muaj daim ntawv thov docker, uas ideologically thiab functionally hloov tej pob khoom podman, Buildah (tam sim no nyob rau hauv kev faib khoom los ntawm lub neej ntawd) thiab CRI-O. Qhov no yog vim qhov ua tau zoo ntawm cov qauv tsim, thiab lwm yam, los ntawm Red Hat ua ib feem ntawm Open Container Initiative (OCI) project.
Lub hom phiaj ntawm OCI, uas yog ib feem ntawm Linux Foundation, yog los tsim cov qauv kev lag luam qhib rau cov thawv ntim thiab cov sijhawm ua haujlwm uas daws tau ntau yam teeb meem ib zaug. Ua ntej, lawv tsis tawm tsam lub tswv yim ntawm Linux (piv txwv li, hauv ib feem uas txhua qhov kev zov me nyuam yuav tsum ua ib qho kev txiav txim, thiab docker yog ib hom ntawm all-in-one ua ke). Qhov thib ob, lawv tuaj yeem tshem tawm tag nrho cov tsis muaj nyob hauv software docker. Thib peb, lawv yuav ua tau raws li kev lag luam uas yuav tsum tau ua los ntawm kev ua lag luam platform rau kev xa tawm, tswj thiab ua haujlwm rau cov ntawv thov ntim khoom (piv txwv li Red Hat OpenShift).
Disadvantages docker thiab qhov zoo ntawm cov software tshiab twb tau piav qhia hauv qee qhov kev nthuav dav hauv , thiab cov lus piav qhia ntxaws ntxaws ntawm tag nrho cov software pawg uas muaj nyob rau hauv OCI qhov project thiab nws cov qauv tsim muaj nyob rau hauv cov ntaub ntawv raug cai thiab cov khoom los ntawm Red Hat nws tus kheej (tsis yog qhov phem. hauv Red Hat blog) thiab hauv peb tog .
Nws yog ib qho tseem ceeb uas yuav tsum nco ntsoov dab tsi ua haujlwm ntawm cov khoom ntawm pawg npaj muaj:
- podman - kev sib cuam tshuam ncaj qha nrog cov ntim thiab cov duab khaws cia los ntawm cov txheej txheem runC;
- Buildah - sib dhos thiab upload cov duab rau hauv daim ntawv teev npe;
- CRI-O - ib qho chaw ua tau zoo rau lub thawv orchestration systems (piv txwv li, Kubernetes).
Kuv xav tias kom nkag siab txog cov txheej txheem dav dav ntawm kev sib cuam tshuam ntawm cov khoom ntawm pawg, nws yog qhov tsim nyog los muab daim duab sib txuas ntawm no Kubernetes c runC thiab cov tsev qiv ntawv qis siv CRI-O:
CRI-O ΠΈ Kubernetes ua raws li tib qhov kev tso tawm thiab kev txhawb nqa lub voj voog (lub compatibility matrix yog yooj yim heev: loj versions Kubernetes ΠΈ CRI-O coincide), thiab qhov no, coj mus rau hauv tus account lub tsom mus rau kev ua tiav thiab kev ntsuam xyuas ntawm kev ua haujlwm ntawm pawg no los ntawm cov neeg tsim khoom, muab peb txoj cai los cia siab tias qhov ua tau zoo tshaj plaws nyob rau hauv kev ua haujlwm nyob rau hauv txhua qhov kev siv scenarios (cov txheeb ze lightness kuj tau txais txiaj ntsig ntawm no. CRI-O piv nrog docker vim lub hom phiaj txwv kev ua haujlwm).
Thaum nruab Kubernetes "txoj kev yog" txoj kev (raws li OCI, tau kawg) siv CRI-O rau CentOS 8 Peb tau ntsib qee qhov teeb meem me me, uas, txawm li cas los xij, peb tau kov yeej. Kuv yuav zoo siab los qhia rau koj txog kev teeb tsa thiab teeb tsa cov lus qhia, uas tag nrho yuav siv li 10 feeb.
Yuav ua li cas xa Kubernetes ntawm CentOS 8 siv CRI-O lub moj khaum
Yam yuavtsum tau kawm uantej: muaj tsawg kawg yog ib tug tswv tsev (2 cores, 4 GB RAM, tsawg kawg yog 15 GB cia) nrog ntsia CentOS 8 (qhov "Server" kev teeb tsa profile tau pom zoo), nrog rau kev nkag rau nws hauv DNS hauv zos (raws li qhov chaw kawg, koj tuaj yeem tau txais los ntawm kev nkag hauv /etc/hosts). Thiab tsis txhob hnov ββqab .
Peb ua txhua yam haujlwm ntawm tus tswv tsev raws li tus neeg siv hauv paus, ceev faj.
- Hauv thawj kauj ruam, peb yuav teeb tsa OS, nruab thiab teeb tsa qhov kev cia siab ua ntej rau CRI-O.
- Cia peb hloov kho OS:
dnf -y update
- Tom ntej no koj yuav tsum teeb tsa lub firewall thiab SELinux. Ntawm no txhua yam nyob ntawm ib puag ncig uas peb tus tswv lossis tus tswv yuav ua haujlwm. Koj tuaj yeem teeb tsa lub firewall raws li cov lus pom zoo los ntawm , los yog, yog tias koj nyob rau hauv ib lub network uas ntseeg siab los yog siv ib tug thib peb-tog firewall, hloov lub neej ntawd tsam kom ntseeg siab los yog tua lub firewall:
firewall-cmd --set-default-zone trusted firewall-cmd --reloadTxhawm rau tua firewall koj tuaj yeem siv cov lus txib hauv qab no:
systemctl disable --now firewalldSELinux yuav tsum tau muab tua lossis hloov mus rau "kev tso cai" hom:
setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- Thauj khoom tsim nyog kernel modules thiab pob khoom, teeb tsa qhov tsis siv neeg thauj khoom ntawm "br_netfilter" module ntawm kev pib ua haujlwm:
modprobe overlay modprobe br_netfilter echo "br_netfilter" >> /etc/modules-load.d/br_netfilter.conf dnf -y install iproute-tc
- Txhawm rau qhib pob ntawv xa mus thiab ua kom raug tsheb khiav, peb yuav ua qhov tsim nyog:
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOFsiv cov kev teeb tsa tau ua:
sysctl --system
- teeb tsa qhov xav tau version CRI-O (qhov loj version CRI-O, raws li twb tau hais lawm, phim qhov xav tau version Kubernetes), txij li qhov tseeb ruaj khov version Kubernetes tam sim no 1.18:
export REQUIRED_VERSION=1.18ntxiv qhov tsim nyog repositories:
dnf -y install 'dnf-command(copr)' dnf -y copr enable rhcontainerbot/container-selinux curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo
- tam sim no peb tuaj yeem nruab CRI-O:
dnf -y install cri-oUa tib zoo saib rau thawj nuance uas peb ntsib thaum lub sijhawm teeb tsa: koj yuav tsum hloov kho qhov teeb tsa CRI-O ua ntej pib qhov kev pabcuam, txij li qhov yuav tsum tau muaj cov khoom siv conmon muaj qhov chaw sib txawv dua li qhov tau teev tseg:
sed -i 's//usr/libexec/crio/conmon//usr/bin/conmon/' /etc/crio/crio.confTam sim no koj tuaj yeem qhib thiab pib lub daemon CRI-O:
systemctl enable --now crioKoj tuaj yeem tshawb xyuas qhov xwm txheej daemon:
systemctl status crio
- Cia peb hloov kho OS:
- Kev teeb tsa thiab qhib Kubernetes.
- Wb ntxiv qhov yuav tsum tau repository:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOFTam sim no peb tuaj yeem nruab Kubernetes (version 1.18, raws li tau hais los saum no):
dnf install -y kubelet-1.18* kubeadm-1.18* kubectl-1.18* --disableexcludes=kubernetes
- Qhov thib ob tseem ceeb nuance: vim peb tsis siv lub daemon docker, tab sis peb siv lub daemon CRI-O, ua ntej tso tawm thiab pib Kubernetes koj yuav tsum tau ua qhov tsim nyog nyob rau hauv cov ntaub ntawv configuration /var/lib/kubelet/config.yaml, thawj zaug tsim cov ntaub ntawv xav tau:
mkdir /var/lib/kubelet cat <<EOF > /var/lib/kubelet/config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF
- Qhov thib peb lub ntsiab lus tseem ceeb uas peb ntsib thaum lub sijhawm teeb tsa: txawm tias peb tau qhia tus tsav tsheb siv cgroup, thiab nws configuration los ntawm kev sib cav dhau kub kub yog outdated (raws li tau hais meej meej hauv cov ntaub ntawv), peb yuav tsum ntxiv cov lus sib cav rau cov ntaub ntawv, txwv tsis pub peb pawg yuav tsis pib:
cat /dev/null > /etc/sysconfig/kubelet cat <<EOF > /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS=--container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' EOF
- Tam sim no peb tuaj yeem qhib lub daemon kub kub:
sudo systemctl enable --now kubeletKho kom haum tswj-dav hlau los yog neeg ua haujlwm nodes hauv feeb, koj tuaj yeem siv .
- Wb ntxiv qhov yuav tsum tau repository:
- Nws yog lub sijhawm los pib peb pawg.
- Txhawm rau pib lub cluster, khiav cov lus txib:
kubeadm init --pod-network-cidr=10.244.0.0/16Nco ntsoov sau cov lus txib kom koom nrog pawg "kubeadm koom ...", uas koj raug hais kom siv thaum kawg ntawm cov zis, lossis tsawg kawg yog cov tokens teev.
- Cia peb nruab lub plugin (CNI) rau Pod network. Kuv pom zoo kom siv Calico. Tejzaum nws nrov dua Flannel muaj teeb meem compatibility nrog nftables, yog thiab Calico - tsuas yog CNI kev siv tau pom zoo thiab kuaj tag nrho los ntawm qhov project Kubernetes:
kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.15/manifests/calico.yaml
- Txhawm rau txuas tus neeg ua haujlwm ntawm peb pawg, koj yuav tsum teeb tsa nws raws li cov lus qhia 1 thiab 2, lossis siv , ces khiav cov lus txib los ntawm "kubeadm init ..." tso zis uas peb tau sau tseg hauv cov kauj ruam dhau los:
kubeadm join $CONTROL_PLANE_ADDRESS:6443 --token $TOKEN --discovery-token-ca-cert-hash $TOKEN_HASH
- Cia peb kuaj xyuas tias peb pawg tau pib thiab pib ua haujlwm:
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A
Npaj txhij! Koj twb tuaj yeem tuav payloads ntawm koj pawg K8s.
- Txhawm rau pib lub cluster, khiav cov lus txib:
Dab tsi tos peb tom ntej
Kuv vam tias cov lus qhia saum toj no pab txuag koj qee lub sijhawm thiab ntxhov siab.
Qhov tshwm sim ntawm cov txheej txheem tshwm sim hauv kev lag luam feem ntau yog nyob ntawm seb lawv tau txais los ntawm cov neeg siv khoom kawg thiab cov tsim tawm ntawm lwm cov software hauv cov khoom sib txuas. Nws tseem tsis tau paub meej tias qhov kev pib OCI yuav ua rau ob peb xyoos, tab sis peb yuav saib zoo siab. Koj tuaj yeem qhia koj qhov kev xav tam sim no hauv cov lus pom.
Nyob zoo!
Kab lus no tau tshwm sim ua tsaug rau cov hauv qab no:
- Nqe lus hais txog Container runtimes
- CRI-O qhov project hauv Internet
- Cov ntawv blog Red Hat: , thiab ntau lwm tus
Tau qhov twg los: www.hab.com