Moni! Dzina langa ndine Sergey, ndine DevOps ku Surf. Dipatimenti ya DevOps ku Surf sikungofuna kukhazikitsa mgwirizano pakati pa akatswiri ndikuphatikiza njira zogwirira ntchito, komanso kufufuza mwachangu ndikugwiritsa ntchito matekinoloje apano pazitukuko zake komanso pazomanga makasitomala.
Pansipa ndilankhula pang'ono za kusintha kwa luso lazotengera zomwe tidakumana nazo pophunzira kugawa CentOS 8 ndi chomwe chiri CRI-O ndi momwe mwamsanga kukhazikitsa executable chilengedwe kwa Kubernetes.
Chifukwa chiyani Docker sanaphatikizidwe mu CentOS 8?
Pambuyo kukhazikitsa zatsopano zazikulu zotulutsidwa RHEL 8 kapena CentOS 8 munthu sangachitire mwina koma kuzindikira: magawo awa ndi nkhokwe zovomerezeka zilibe ntchito Docker, zomwe zimatengera malingaliro ndi magwiridwe antchito pansi, Buildah (zikupezeka pogawira mwachisawawa) ndi CRI-O. Izi zili choncho chifukwa cha kukhazikitsidwa kwabwino kwa miyezo yopangidwa, mwa zina, ndi Red Hat monga gawo la polojekiti ya Open Container Initiative (OCI).
Cholinga cha OCI, chomwe ndi gawo la Linux Foundation, ndikupanga miyezo yotseguka yamakampani yamawonekedwe a chidebe ndi nthawi yoyendetsera yomwe imathetsa mavuto angapo nthawi imodzi. Choyamba, iwo sanatsutse malingaliro a Linux (mwachitsanzo, mu gawo lomwe pulogalamu iliyonse iyenera kuchitapo kanthu, ndi Docker ndi mtundu wa kuphatikiza zonse mu chimodzi). Kachiwiri, atha kuthetsa zofooka zonse zomwe zilipo mu pulogalamuyo Docker. Chachitatu, zimagwirizana kwathunthu ndi zofunikira zamabizinesi pamapulatifomu otsogola otumizira, kuyang'anira ndi kutumiza mapulogalamu omwe ali ndi zida (mwachitsanzo, Red Hat OpenShift).
zolakwa Docker ndi ubwino wa pulogalamu yatsopano yafotokozedwa kale mwatsatanetsatane mu , ndi kufotokozera mwatsatanetsatane za pulogalamu yonse yoperekedwa mkati mwa polojekiti ya OCI ndi mapangidwe ake angapezeke muzolemba zovomerezeka ndi zolemba zochokera ku Red Hat palokha (osati zoipa. mu Red Hat blog) komanso wachitatu .
Ndikofunikira kuzindikira kuti zigawo za stack zomwe zaperekedwa zili ndi ntchito ziti:
- pansi - kulumikizana mwachindunji ndi zotengera ndikusungira zithunzi kudzera munjira ya runC;
- Buildah - kusonkhanitsa ndi kukweza zithunzi ku registry;
- CRI-O - malo ogwiritsiridwa ntchito a makina oimba (mwachitsanzo, Kubernetes).
Ndikuganiza kuti kumvetsetsa chiwembu cholumikizirana pakati pa zigawo za stack, ndikofunikira kupereka chithunzi cholumikizira apa. Kubernetes c thamanga C ndi malaibulale otsika omwe amagwiritsa ntchito CRI-O:
CRI-O ΠΈ Kubernetes tsatirani kumasulidwa komweko ndi kuwongolera kothandizira (matrix ofananira ndi osavuta: mitundu yayikulu Kubernetes ΠΈ CRI-O kugwirizana), ndipo izi, poganizira kuyang'ana kwa kuyezetsa kokwanira komanso kokwanira kwa ntchito ya stack iyi ndi omanga, zimatipatsa ufulu woyembekezera kukhazikika kwakukulu komwe kungathe kuchitika pakugwiritsa ntchito kulikonse (kupepuka kwachibale kulinso kopindulitsa pano. CRI-O poyerekeza Docker chifukwa cha kuchepa kwachindunji kwa magwiridwe antchito).
Mukakhazikitsa Kubernetes "njira yolondola" (malinga ndi OCI, inde) pogwiritsa ntchito CRI-O pa CentOS 8 Tinakumana ndi mavuto angβonoangβono, amene, komabe, tinawagonjetsa. Ndidzakhala wokondwa kugawana nanu malangizo oyika ndi kasinthidwe, omwe onse adzatenga pafupifupi mphindi 10.
Momwe mungagwiritsire ntchito Kubernetes pa CentOS 8 pogwiritsa ntchito dongosolo la CRI-O
Zofunikira: kukhalapo kwa wolandila m'modzi (2 cores, 4 GB RAM, osachepera 15 GB yosungirako) yoyikidwa CentOS 8 (mbiri yoyika "Seva" ikulimbikitsidwa), komanso zolembera mu DNS yakomweko (monga njira yomaliza, mutha kudutsamo ndi kulowa /etc/hosts). Ndipo musaiwale .
Timachita ntchito zonse pa wolandila ngati wogwiritsa ntchito mizu, samalani.
- Mu sitepe yoyamba, tidzakonza OS, kukhazikitsa ndi kukonza zodalira zoyambira za CRI-O.
- Tiyeni tisinthe OS:
dnf -y update
- Kenako muyenera kukonza firewall ndi SELinux. Pano chirichonse chimadalira malo omwe obwera nawo kapena ochereza athu adzagwira ntchito. Mukhoza kukhazikitsa firewall malinga ndi malangizo ochokera , kapena, ngati muli pa netiweki yodalirika kapena mukugwiritsa ntchito chowotcha moto cha gulu lachitatu, sinthani malo osakhazikika kukhala odalirika kapena kuzimitsa chowotcha:
firewall-cmd --set-default-zone trusted firewall-cmd --reloadKuti muzimitsa firewall mutha kugwiritsa ntchito lamulo ili:
systemctl disable --now firewalldSELinux iyenera kuzimitsidwa kapena kusinthidwa kukhala "yololera":
setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- Kwezani ma module a kernel ndi phukusi, konzani kutsitsa kwa gawo la "br_netfilter" poyambitsa dongosolo:
modprobe overlay modprobe br_netfilter echo "br_netfilter" >> /etc/modules-load.d/br_netfilter.conf dnf -y install iproute-tc
- Kuti tiyambitse kutumiza mapaketi ndikuwongolera kuwongolera magalimoto, tipanga zokonda zoyenera:
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOFtsatirani zokonda zomwe zapangidwa:
sysctl --system
- khazikitsani mtundu wofunikira CRI-O (chinthu chachikulu CRI-O, monga tanenera kale, fananizani ndi mtundu wofunikira Kubernetes), popeza mtundu waposachedwa kwambiri Kubernetes pakali pano 1.18:
export REQUIRED_VERSION=1.18onjezerani nkhokwe zofunika:
dnf -y install 'dnf-command(copr)' dnf -y copr enable rhcontainerbot/container-selinux curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo
- tsopano tikhoza kukhazikitsa CRI-O:
dnf -y install cri-oSamalani pa nuance yoyamba yomwe timakumana nayo pakukhazikitsa: muyenera kusintha kasinthidwe CRI-O musanayambe ntchitoyo, popeza gawo lofunikira la conmon lili ndi malo osiyana ndi omwe atchulidwa:
sed -i 's//usr/libexec/crio/conmon//usr/bin/conmon/' /etc/crio/crio.confTsopano mutha yambitsa ndi kuyambitsa daemon CRI-O:
systemctl enable --now crioMutha kuwona momwe daemon ilili:
systemctl status crio
- Tiyeni tisinthe OS:
- Kuyika ndi kuyambitsa Kubernetes.
- Tiyeni tiwonjezere chosungira chofunikira:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOFTsopano tikhoza kukhazikitsa Kubernetes (mtundu 1.18, monga tafotokozera pamwambapa):
dnf install -y kubelet-1.18* kubeadm-1.18* kubectl-1.18* --disableexcludes=kubernetes
- Chachiwiri chofunikira kwambiri: popeza sitigwiritsa ntchito daemon Docker, koma timagwiritsa ntchito daemon CRI-O, isanayambe ndikuyambitsa Kubernetes muyenera kupanga zosintha zoyenera mu fayilo yosinthira /var/lib/kubelet/config.yaml, mutapanga chikwatu chomwe mukufuna:
mkdir /var/lib/kubelet cat <<EOF > /var/lib/kubelet/config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF
- Mfundo yachitatu yofunika yomwe timakumana nayo pakuyika: ngakhale tawonetsa kuti dalaivala adagwiritsa ntchito gulu, ndi kasinthidwe kake kupyolera mu mfundo zomwe zadutsa cubelet yachikale (monga zafotokozedwera mwatsatanetsatane), tikuyenera kuwonjezera zotsutsana pafayilo, apo ayi gulu lathu silingayambitsidwe:
cat /dev/null > /etc/sysconfig/kubelet cat <<EOF > /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS=--container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' EOF
- Tsopano titha kuyambitsa daemon cubelet:
sudo systemctl enable --now kubeletKusintha control-ndege kapena wogwira ntchito mfundo mu mphindi, mungagwiritse ntchito .
- Tiyeni tiwonjezere chosungira chofunikira:
- Yakwana nthawi yoyambitsa gulu lathu.
- Kuti muyambitse cluster, yesani lamulo:
kubeadm init --pod-network-cidr=10.244.0.0/16Onetsetsani kuti mwalemba lamulo loti mulowe nawo gulu la "kubeadm join ...", lomwe mwapemphedwa kuti mugwiritse ntchito kumapeto kwa zotulutsa, kapena ma tokeni omwe atchulidwa.
- Tiyeni tiyike pulogalamu yowonjezera (CNI) ya netiweki ya Pod. Ndikupangira kugwiritsa ntchito Kalico. Mwinanso otchuka Flannel ali ndi zovuta zogwirizana ndi zopanda pake,iya ndi Kalico - njira yokhayo ya CNI yomwe idalimbikitsidwa ndikuyesedwa kwathunthu ndi polojekitiyi Kubernetes:
kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.15/manifests/calico.yaml
- Kuti mulumikizane node ya ogwira ntchito ku gulu lathu, muyenera kuyikonza molingana ndi malangizo 1 ndi 2, kapena gwiritsani ntchito , kenako yendetsani lamulo kuchokera pa "kubeadm init..." zomwe tidalemba mu gawo lapitalo:
kubeadm join $CONTROL_PLANE_ADDRESS:6443 --token $TOKEN --discovery-token-ca-cert-hash $TOKEN_HASH
- Tiyeni tiwone ngati gulu lathu lakhazikitsidwa ndikuyamba kugwira ntchito:
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A
Okonzeka! Mutha kulandira kale zolipirira pagulu lanu la K8s.
- Kuti muyambitse cluster, yesani lamulo:
Zomwe zikutiyembekezera m'tsogolo
Ndikukhulupirira kuti malangizo omwe ali pamwambawa adakuthandizani kuti muchepetse nthawi komanso mitsempha.
Zotsatira za njira zomwe zimachitika mumakampani nthawi zambiri zimatengera momwe amavomerezera ndi kuchuluka kwa ogwiritsa ntchito kumapeto ndi opanga mapulogalamu ena mu niche yofananira. Sizikudziwika bwino lomwe zomwe OCI adzatsogolere zaka zingapo, koma tidzakhala tikuwonera mosangalala. Mutha kugawana nawo malingaliro anu pompano mu ndemanga.
Dzimvetserani!
Nkhaniyi idawoneka chifukwa cha magwero otsatirawa:
- Gawo la nthawi yoyendetsera Container
- Ntchito ya CRI-O pa intaneti
- Zolemba za Red Hat blog: , ndi ena ambiri
Source: www.habr.com