Kia ora! Ko Sergey toku ingoa, ko DevOps ahau i Surf. Ko te kaupapa DevOps i Surf ehara i te mea anake ki te whakatu i te taunekeneke i waenga i nga tohungatanga me te whakauru i nga mahi mahi, engari ki te rangahau kaha me te whakatinana i nga hangarau o naianei i roto i ona ake hanganga me te hanganga a te kaihoko.
Kei raro nei ka korero au mo nga huringa o te puranga hangarau mo nga ipu i tutaki i a maatau e ako ana i te tohatoha CentOS 8 me te aha hoki KRI-O me pehea te whakarite tere i tetahi taiao whakahaere mo Kubernetes.
He aha te take kaore i whakauruhia a Docker ki CentOS 8?
I muri i te whakauru i nga putanga nui hou RHEL 8 ranei CentOS 8 e kore e taea e tetahi engari ka kite: ko enei tohatoha me nga putunga whaimana kaore i roto te tono Docker, e whakakapi ana i te whakaaro me te mahi i nga kohinga Pukeraki, Hanga (kei roto i te tohatoha ma te taunoa) me KRI-O. Ko tenei na te whakatinanatanga o nga paerewa kua whakawhanakehia, me era atu mea, na Red Hat hei waahanga o te kaupapa Open Container Initiative (OCI).
Ko te whainga o OCI, he wahanga o The Linux Foundation, ko te hanga i nga paerewa ahumahi tuwhera mo nga whakatakotoranga ipu me nga wa whakahaere e whakaoti rapanga maha i te wa kotahi. Tuatahi, kaore ratou i whakahē i te kaupapa o Linux (hei tauira, i te waahanga me mahi ia kaupapa kotahi mahi, a Docker he momo whakakotahi katoa-i-kotahi). Tuarua, ka taea e ratou te whakakore i nga hapa katoa o te rorohiko Docker. Tuatoru, ka tino hototahi ki nga whakaritenga pakihi o nga papaaapaki arumoni rangatira mo te whakatakoto, te whakahaere me te mahi i nga tono whakauru (hei tauira, Red Hat OpenShift).
hapehape Docker me nga painga o te rorohiko hou kua whakamaramatia i roto i etahi korero i roto , me te whakamaarama taipitopito o te puranga rorohiko katoa e tukuna ana i roto i te kaupapa OCI me ona ahuatanga hoahoanga ka kitea i roto i nga tuhinga whaimana me nga tuhinga mai i a Red Hat ano (ehara i te kino. i roto i te blog Red Hat) me te hunga tuatoru .
He mea nui kia mohio koe he aha nga mahi a nga waahanga o te puranga kua whakaarohia:
- Pukeraki - te taunekeneke tika me nga ipu me te rokiroki whakaahua ma te tukanga runC;
- Hanga — te huihuinga me te tuku whakaahua ki te rehita;
- KRI-O — he taiao kawe mo nga punaha whakahaere ipu (hei tauira, Kubernetes).
Ki taku whakaaro, kia mohio ai koe ki te kaupapa whanui o te taunekeneke i waenga i nga waahanga o te puranga, he mea tika kia tukuna he hoahoa hononga ki konei Kubernetes c rereC me nga whare pukapuka taumata-iti e whakamahi ana KRI-O:
KRI-O и Kubernetes ū ki te tukunga me te huringa tautoko (he tino ngawari te matrix hototahi: nga putanga nui Kubernetes и KRI-O he rite tonu), a, ko tenei, ma te aro ki te whakamatautau oti me te matawhānui o te mahi o tenei puranga e nga kaiwhakawhanake, ka whakawhiwhia ki a tatou te tika ki te tumanako i te tino tutukitanga o te mahi i raro i nga ahuatanga whakamahi (he painga ano te ngawari o konei. KRI-O whakaritea ki Docker nā te whāiti o te mahi).
A, no te taunga Kubernetes "ara tika" ara (e ai ki te OCI, o te akoranga) te whakamahi KRI-O i runga i CentOS 8 Ua farerei matou i te tahi mau fifi rii, tera râ, ua upootia matou. Ka harikoa ahau ki te whakapuaki ki a koe i nga tohutohu whakaurunga me te whirihoranga, ka pau te 10 meneti.
Me pehea te tuku Kubernetes i runga i te CentOS 8 ma te whakamahi i te anga CRI-O
Nga whakaritenga: te aroaro o te kaihautu kotahi neke atu (e rua nga matua, 2 GB RAM, neke atu i te 4 GB te rokiroki) me te whakauru CentOS 8 (ka tūtohutia te kōtaha whakaurunga "Server", me nga whakaurunga ki roto i te DNS rohe (hei huarahi whakamutunga, ka taea e koe te uru me te urunga ki /etc/hosts). A kaua e wareware .
Ka mahia e matou nga mahi katoa i runga i te kaihautu hei kaiwhakamahi pakiaka, kia tupato.
- I te taahiraa tuatahi, ka whirihorahia e matou te OS, te whakauru me te whirihora i nga whakawhirinaki tuatahi mo CRI-O.
- Kia whakahouhia te OS:
dnf -y update
- I muri mai ka hiahia koe ki te whirihora i te papangaahi me te SELinux. I konei ka whakawhirinaki nga mea katoa ki te taiao e mahi ai to tatou kaihautu, kaihautu ranei. Ka taea e koe te whakarite i te papangaahi i runga i nga tohutohu mai , ki te mea kei runga koe i tetahi whatunga whirinaki, kei te whakamahi ranei koe i te papangaahi-tuatoru, hurihia te rohe taunoa ki te whirinaki, whakawetohia ranei te papangaahi:
firewall-cmd --set-default-zone trusted firewall-cmd --reloadHei whakaweto i te papangaahi ka taea e koe te whakamahi i te whakahau e whai ake nei:
systemctl disable --now firewalldMe whakaweto, me huri ranei a SELinux ki te aratau "whakaae":
setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- Utaina nga kowae kernel me nga kohinga e tika ana, whirihora i te uta aunoa o te "br_netfilter" kōwae i te tiimata o te punaha:
modprobe overlay modprobe br_netfilter echo "br_netfilter" >> /etc/modules-load.d/br_netfilter.conf dnf -y install iproute-tc
- Hei whakahohe i te tuku paatete me te whakatika i te tukatuka waka, ka mahia e matou nga tautuhinga tika:
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOFwhakamahia nga tautuhinga i mahia:
sysctl --system
- whakaturia te putanga e hiahiatia ana KRI-O (putanga nui KRI-O, kia rite ki te korero kua korerohia, kia rite ki te putanga e hiahiatia ana Kubernetes), mai i te putanga pumau hou Kubernetes 1.18 inaianei:
export REQUIRED_VERSION=1.18taapirihia nga putunga e tika ana:
dnf -y install 'dnf-command(copr)' dnf -y copr enable rhcontainerbot/container-selinux curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo
- inaianei ka taea e taatau te whakauru KRI-O:
dnf -y install cri-oKia tupato ki te ahua tuatahi e pa ana ki a maatau i te wa o te whakaurunga: me whakatika e koe te whirihoranga KRI-O i mua i te tiimata i te ratonga, na te mea he rereke te waahi o te waahanga conmon e hiahiatia ana i te waahi kua tohua:
sed -i 's//usr/libexec/crio/conmon//usr/bin/conmon/' /etc/crio/crio.confInaianei ka taea e koe te whakahohe me te tiimata i te daemon KRI-O:
systemctl enable --now crioKa taea e koe te tirotiro i te mana daemon:
systemctl status crio
- Kia whakahouhia te OS:
- Te whakauru me te whakahohe Kubernetes.
- Me taapiri te putunga e hiahiatia ana:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOFInaianei ka taea e taatau te whakauru Kubernetes (putanga 1.18, pera i korero i runga ake nei):
dnf install -y kubelet-1.18* kubeadm-1.18* kubectl-1.18* --disableexcludes=kubernetes
- Ko te ahua nui tuarua: na te mea kaore matou e whakamahi i te daemon Docker, engari ka whakamahia e matou te daemon KRI-O, i mua i te whakarewatanga me te arawhiti Kubernetes Me hanga e koe nga tautuhinga e tika ana i roto i te konae whirihoranga /var/lib/kubelet/config.yaml, na te tuatahi i hanga te raarangi e hiahiatia ana:
mkdir /var/lib/kubelet cat <<EOF > /var/lib/kubelet/config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF
- Ko te tuatoru o nga mea nui e pa ana ki a maatau i te wa o te whakaurunga: ahakoa kua tohuhia e matou te taraiwa i whakamahia crōpū, me tana whirihoranga na roto i nga tohenga kua paahitia kubelet kua tawhitotia (e kii maramatia ana i roto i nga tuhinga), me taapiri atu nga tohenga ki te konae, ki te kore e arawhitia to tatou kahui:
cat /dev/null > /etc/sysconfig/kubelet cat <<EOF > /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS=--container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' EOF
- Inaianei ka taea e tatou te whakahohe i te daemon kubelet:
sudo systemctl enable --now kubeletHei whakarite rererangi whakahaere ranei kaimahi i roto i nga meneti, ka taea e koe te whakamahi .
- Me taapiri te putunga e hiahiatia ana:
- Kua tae ki te wa ki te arawhiti i ta tatou kahui.
- Hei arawhiti i te tautau, whakahaeretia te whakahau:
kubeadm init --pod-network-cidr=10.244.0.0/16Me tuhi ki raro te whakahau kia uru atu ki te tautau “kubeadm join …”, ka tonoa koe ki te whakamahi i te mutunga o te whakaputanga, i te iti rawa ranei nga tohu kua tohua.
- Me whakauru te mono (CNI) mo te whatunga Pod. Ka tūtohu ahau ki te whakamahi Calico. He rongonui ake pea Tuhinga he take hototahi ki whaihoko, ae me Calico - ko te whakatinanatanga CNI anake e taunaki ana, kua tino whakamatauria e te kaupapa Kubernetes:
kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.15/manifests/calico.yaml
- Hei hono i tetahi pona kaimahi ki to tatou kahui, me whirihora e koe kia rite ki nga tohutohu 1 me te 2, whakamahi ranei , ka whakahaere i te whakahau mai i te putanga "kubeadm init..." i tuhia e matou i te taahiraa o mua:
kubeadm join $CONTROL_PLANE_ADDRESS:6443 --token $TOKEN --discovery-token-ca-cert-hash $TOKEN_HASH
- Kia tirohia kua arawhitihia to tatou kahui ka timata te mahi:
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A
Kua rite! Ka taea e koe te manaaki i nga utu utu ki runga i to huinga K8s.
- Hei arawhiti i te tautau, whakahaeretia te whakahau:
He aha ta tatou e tatari ana ki mua
Te ti'aturi nei au na nga tohutohu i runga ake nei i awhina i a koe ki te whakaora i etahi wa me nga uaua.
Ko te hua o nga tukanga e puta ana i roto i te umanga ka whakawhirinaki ki te ahua o te whakaaetanga a te nuinga o nga kaiwhakamahi mutunga me nga kaiwhakawhanake o etahi atu punaha i roto i te kohanga e rite ana. Kaore ano kia tino marama he aha nga kaupapa OCI ka arahi i roto i nga tau torutoru, engari ka maataki marie. Ka taea e koe te whakapuaki i to whakaaro inaianei i roto i nga korero.
Kia ora!
I puta tenei tuhinga ma te mihi ki nga puna e whai ake nei:
- Wāhanga mō ngā wā whakahaere Ipu
- Kaupapa CRI-O i runga i te Ipurangi
- Tuhinga blog Red Hat: , me te tini ke atu
Source: will.com