Mhoro! Ini ndinonzi Sergey, ndiri DevOps kuSurf. Dhipatimendi reDevOps kuSurf rinovavarira kwete chete kumisa kudyidzana pakati penyanzvi uye kubatanidza maitiro ebasa, asi zvakare nekushingaira kutsvaga nekushandisa matekinoroji azvino mumigadziriso yaro uye muzvivakwa zvemutengi.
Pazasi ini ndichataura zvishoma nezve shanduko mune tekinoroji stack yemidziyo yatakasangana nayo tichidzidza kugovera CentOS 8 uye kuti chii CRI-O uye sei kukurumidza kumisikidza executable nharaunda Kubernetes.
Nei Docker isina kubatanidzwa muCentOS 8?
Mushure mekuisa zvichangobva kubuda zvikuru rhel 8 kana CentOS 8 mumwe haagone kubatsira asi kucherechedza: izvi kugovera uye zviri pamutemo repositori hazvina application Docker, iyo ideologically uye inoshanda inotsiva mapakeji podman, Buildah (iripo mukugovera nekusarudzika) uye CRI-O. Izvi zvinokonzerwa nekuita kwekuita kwemaitiro akagadzirwa, pakati pezvimwe zvinhu, neRed Hat sechikamu cheOpen Container Initiative (OCI) chirongwa.
Chinangwa cheOCI, chinova chikamu cheLinux Foundation, ndechekugadzira yakavhurika indasitiri zviyero zvemidziyo mafomati uye nguva dzekumhanya dzinogadzirisa akati wandei matambudziko kamwechete. Chekutanga, ivo havana kupokana nehuzivi hweLinux (semuenzaniso, muchikamu chekuti chirongwa chega chega chinofanira kuita chiito chimwe, uye Docker imhando yezvose-mu-imwe musanganiswa). Chechipiri, vaigona kubvisa kusakwana kwese kuri musoftware Docker. Chechitatu, ivo vaizonyatsoenderana nezvinodiwa zvebhizinesi zvekutungamira kutengeserana mapuratifomu ekutumira, kutonga uye kushumira zvikumbiro zvemidziyo (semuenzaniso, Red Hat OpenShift).
kutadza Docker uye zvakanakira software nyowani zvakatotsanangurwa mune zvimwe zvakadzama mukati
Izvo zvakakosha kuti uzive kuti ndezvipi zvinoshanda izvo zvikamu zveyakarongwa stack zvine:
- podman - kupindirana kwakananga nemidziyo uye kuchengetedza kwemifananidzo kuburikidza neiyo runC maitiro;
- Buildah - kuunganidza uye kurodha mifananidzo kune registry;
- CRI-O - nharaunda inogoneka yemidziyo orchestration masisitimu (semuenzaniso, Kubernetes).
Ini ndinofunga kuti kunzwisisa hurongwa hwekudyidzana pakati pezvikamu zve stack, zvinokurudzirwa kupa dhizaini yekubatanidza pano. Kubernetes c runC nemaraibhurari epasi-pamwero achishandisa CRI-O:
CRI-O ΠΈ Kubernetes namatira kune imwechete kuburitswa uye kutenderera kutenderera (iyo yekuenderana matrix iri nyore kwazvo: makuru mavhezheni Kubernetes ΠΈ CRI-O pindirana), uye izvi, tichifunga nezvekutarisa kuzere uye kwakazara kuyedzwa kwekushanda kwechitubu ichi nevagadziri, zvinotipa kodzero yekutarisira iyo yakanyanya kugadzikana kugadzikana mukushanda pasi pemamiriro ese ekushandisa (relative lightness inobatsirawo pano. CRI-O uchienzaniswa ne Docker nekuda kwekuganhurirwa kwechinangwa kwekushanda).
Paunenge uchiisa Kubernetes "nzira chaiyo" nzira (maererano neOCI, hongu) kushandisa CRI-O pamusoro CentOS 8 Takasangana nezvinetso zvidiki, izvo, zvisinei, takakunda. Ini ndichafara kugovana newe yekuisa uye kumisikidza mirairo, iyo yakazara inotora anenge 10 maminetsi.
Maitiro ekuisa Kubernetes paCentOS 8 uchishandisa iyo CRI-O chimiro
Zvinodiwa: kuvapo kweanosvika munhu mumwe chete (2 cores, 4 GB RAM, inokwana 15 GB yekuchengetedza) ine yakaiswa CentOS 8 (iyo "Server" yekuisa mbiri inokurudzirwa), pamwe nekupinda kwayo muDNS yemuno (senzira yekupedzisira, unogona kupfuura nekupinda mukati /etc/hosts). Uye usakanganwa
Isu tinoita mashandiro ese pane iyo host semudzi mushandisi, chenjera.
- Mudanho rekutanga, isu tichagadzirisa iyo OS, kuisa uye kugadzirisa yekutanga kutsamira kweCRI-O.
- Ngatigadzirise OS:
dnf -y update
- Tevere iwe unofanirwa kugadzirisa iyo firewall uye SELinux. Pano zvinhu zvose zvinoenderana nemhoteredzo umo muenzi wedu kana vaenzi vachashanda. Iwe unogona kana kuseta firewall zvinoenderana nekurudziro kubva
zvinyorwa , kana, kana iwe uri pane network yakavimbika kana kushandisa yechitatu-bato firewall, shandura iyo default zone kuti ivimbike kana kudzima firewall:firewall-cmd --set-default-zone trusted firewall-cmd --reload
Kudzima firewall unogona kushandisa murairo unotevera:
systemctl disable --now firewalld
SELinux inoda kudzimwa kana kuchinjirwa ku "permissive" mode:
setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- Rodha inodiwa kernel modules uye mapakeji, gadzirisa iyo otomatiki kurodha ye "br_netfilter" module pakutanga system:
modprobe overlay modprobe br_netfilter echo "br_netfilter" >> /etc/modules-load.d/br_netfilter.conf dnf -y install iproute-tc
- Kumisikidza kuendesa mberi kwepaketi uye kugadzirisa traffic traffic, isu tichaita marongero akakodzera:
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF
shandisa marongero akaitwa:
sysctl --system
- isa shanduro inodiwa CRI-O (huru shanduro CRI-O, sezvatotaurwa, enderana neshanduro inodiwa Kubernetes), kubva yazvino yakagadzikana vhezheni Kubernetes parizvino 1.18:
export REQUIRED_VERSION=1.18
wedzera anodiwa repositories:
dnf -y install 'dnf-command(copr)' dnf -y copr enable rhcontainerbot/container-selinux curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo
- ikozvino tinogona kuisa CRI-O:
dnf -y install cri-o
Teerera kune yekutanga nuance yatinosangana nayo panguva yekuisa maitiro: iwe unofanirwa kugadzirisa iyo gadziriso CRI-O usati watanga sevhisi, sezvo iyo inodiwa conmon chikamu ine imwe nzvimbo pane yakataurwa:
sed -i 's//usr/libexec/crio/conmon//usr/bin/conmon/' /etc/crio/crio.conf
Iye zvino unogona kumisa uye kutanga daemon CRI-O:
systemctl enable --now crio
Unogona kutarisa mamiriro edaemon:
systemctl status crio
- Ngatigadzirise OS:
- Installation uye activation Kubernetes.
- Ngatiwedzerei inodiwa repository:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOF
Iye zvino tinogona kuisa Kubernetes (shanduro 1.18, sezvataurwa pamusoro):
dnf install -y kubelet-1.18* kubeadm-1.18* kubectl-1.18* --disableexcludes=kubernetes
- Yechipiri yakakosha nuance: sezvo isu tisingashandisi daemon Docker, asi isu tinoshandisa daemon CRI-O, isati yatanga nekutanga Kubernetes iwe unofanirwa kugadzira marongero akakodzera mufaira rekugadzirisa /var/lib/kubelet/config.yaml, watanga wagadzira dhairekitori raunoda:
mkdir /var/lib/kubelet cat <<EOF > /var/lib/kubelet/config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF
- Pfungwa yechitatu yakakosha yatinosangana nayo panguva yekuisa: kunyangwe isu takaratidza mutyairi akashandisa cgroup, uye magadzirirwo ayo kuburikidza nenharo dzakapfuura cubelet yapera (sezvinotaurwa zviri mugwaro), tinoda kuwedzera nharo kufaira, zvikasadaro cluster yedu haizotangwa:
cat /dev/null > /etc/sysconfig/kubelet cat <<EOF > /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS=--container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' EOF
- Iye zvino tinogona kumisikidza daemon cubelet:
sudo systemctl enable --now kubelet
Kugadzirisa control-ndege kana mushandi nodes mumaminitsi, unogona kushandisa
ne script iyi .
- Ngatiwedzerei inodiwa repository:
- Yasvika nguva yekutanga cluster yedu.
- Kuti utange cluster, shandisa murairo:
kubeadm init --pod-network-cidr=10.244.0.0/16
Ita shuwa yekunyora pasi murairo wekubatanidza cluster "kubeadm join ...", iyo yaunokumbirwa kushandisa pakupera kwekubuda, kana kanenge tokeni dzakatarwa.
- Ngatiisei plugin (CNI) yePod network. Ndinokurudzira kushandisa Calico. Zvichida zvakanyanya kufarirwa Flannel ine nyaya dzekuenderana ne nftables,ehe uye Calico - iyo chete CNI yekuitwa yakakurudzirwa uye yakaedzwa zvizere neprojekiti Kubernetes:
kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.15/manifests/calico.yaml
- Kuti ubatanidze node yevashandi kune yedu cluster, unofanirwa kuigadzirisa zvinoenderana nemirairo 1 uye 2, kana kushandisa.
script , wobva wamhanyisa iwo murairo kubva ku "kubeadm init..." kubuda kwatakanyora pasi munhanho yapfuura:kubeadm join $CONTROL_PLANE_ADDRESS:6443 --token $TOKEN --discovery-token-ca-cert-hash $TOKEN_HASH
- Ngatitarisei kuti cluster yedu yatangwa uye yakatanga kushanda:
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A
Ready! Iwe unogona kutotora mihoro paK8s cluster yako.
- Kuti utange cluster, shandisa murairo:
Chii chakatimirira mberi
Ndinovimba kuti mirairo iri pamusoro yakabatsira kukuchengetedza imwe nguva uye tsinga.
Mhedzisiro yemaitiro anoitika muindastiri kazhinji zvinoenderana nekuti anogamuchirwa sei nehuwandu hwevashandisi vekupedzisira uye vanogadzira mamwe software mune inoenderana niche. Izvo hazvisati zvanyatsojeka kuti zvipi zvirongwa zveOCI zvichatungamira mumakore mashoma, asi isu tichange tichiona nemufaro. Iwe unogona kugovera maonero ako izvozvi mumashoko.
Ramba wakashama!
Chinyorwa ichi chakaonekwa nekuda kune anotevera masosi:
- Chikamu pamusoro peContainer runtimes
Kubernetes zvinyorwa Page CRI-O chirongwa paInternet- Red Hat blog zvinyorwa:
uyu ,izvi nevamwe vakawanda
Source: www.habr.com