Mhoro! Ini ndinonzi Sergey, ndiri DevOps kuSurf. Dhipatimendi reDevOps kuSurf rinovavarira kwete chete kumisa kudyidzana pakati penyanzvi uye kubatanidza maitiro ebasa, asi zvakare nekushingaira kutsvaga nekushandisa matekinoroji azvino mumigadziriso yaro uye muzvivakwa zvemutengi.
Pazasi ini ndichataura zvishoma nezve shanduko mune tekinoroji stack yemidziyo yatakasangana nayo tichidzidza kugovera CentOS 8 uye kuti chii CRI-O uye sei kukurumidza kumisikidza executable nharaunda Kubernetes.
Nei Docker isina kubatanidzwa muCentOS 8?
Mushure mekuisa zvichangobva kubuda zvikuru rhel 8 kana CentOS 8 mumwe haagone kubatsira asi kucherechedza: izvi kugovera uye zviri pamutemo repositori hazvina application Docker, iyo ideologically uye inoshanda inotsiva mapakeji podman, Buildah (iripo mukugovera nekusarudzika) uye CRI-O. Izvi zvinokonzerwa nekuita kwekuita kwemaitiro akagadzirwa, pakati pezvimwe zvinhu, neRed Hat sechikamu cheOpen Container Initiative (OCI) chirongwa.
Chinangwa cheOCI, chinova chikamu cheLinux Foundation, ndechekugadzira yakavhurika indasitiri zviyero zvemidziyo mafomati uye nguva dzekumhanya dzinogadzirisa akati wandei matambudziko kamwechete. Chekutanga, ivo havana kupokana nehuzivi hweLinux (semuenzaniso, muchikamu chekuti chirongwa chega chega chinofanira kuita chiito chimwe, uye Docker imhando yezvose-mu-imwe musanganiswa). Chechipiri, vaigona kubvisa kusakwana kwese kuri musoftware Docker. Chechitatu, ivo vaizonyatsoenderana nezvinodiwa zvebhizinesi zvekutungamira kutengeserana mapuratifomu ekutumira, kutonga uye kushumira zvikumbiro zvemidziyo (semuenzaniso, Red Hat OpenShift).
kutadza Docker uye zvakanakira software nyowani zvakatotsanangurwa mune zvimwe zvakadzama mukati , uye tsananguro yakadzama yeiyo yese software stack yakapihwa mukati meOCI purojekiti uye masikirwo ayo ekuvaka anogona kuwanikwa mune zviri pamutemo zvinyorwa uye zvinyorwa kubva kuRed Hat pachayo (kwete yakaipa muRed Hat blog) uye mune wechitatu-bato .
Izvo zvakakosha kuti uzive kuti ndezvipi zvinoshanda izvo zvikamu zveyakarongwa stack zvine:
- podman - kupindirana kwakananga nemidziyo uye kuchengetedza kwemifananidzo kuburikidza neiyo runC maitiro;
- Buildah - kuunganidza uye kurodha mifananidzo kune registry;
- CRI-O - nharaunda inogoneka yemidziyo orchestration masisitimu (semuenzaniso, Kubernetes).
Ini ndinofunga kuti kunzwisisa hurongwa hwekudyidzana pakati pezvikamu zve stack, zvinokurudzirwa kupa dhizaini yekubatanidza pano. Kubernetes c runC nemaraibhurari epasi-pamwero achishandisa CRI-O:
CRI-O ΠΈ Kubernetes namatira kune imwechete kuburitswa uye kutenderera kutenderera (iyo yekuenderana matrix iri nyore kwazvo: makuru mavhezheni Kubernetes ΠΈ CRI-O pindirana), uye izvi, tichifunga nezvekutarisa kuzere uye kwakazara kuyedzwa kwekushanda kwechitubu ichi nevagadziri, zvinotipa kodzero yekutarisira iyo yakanyanya kugadzikana kugadzikana mukushanda pasi pemamiriro ese ekushandisa (relative lightness inobatsirawo pano. CRI-O uchienzaniswa ne Docker nekuda kwekuganhurirwa kwechinangwa kwekushanda).
Paunenge uchiisa Kubernetes "nzira chaiyo" nzira (maererano neOCI, hongu) kushandisa CRI-O pamusoro CentOS 8 Takasangana nezvinetso zvidiki, izvo, zvisinei, takakunda. Ini ndichafara kugovana newe yekuisa uye kumisikidza mirairo, iyo yakazara inotora anenge 10 maminetsi.
Maitiro ekuisa Kubernetes paCentOS 8 uchishandisa iyo CRI-O chimiro
Zvinodiwa: kuvapo kweanosvika munhu mumwe chete (2 cores, 4 GB RAM, inokwana 15 GB yekuchengetedza) ine yakaiswa CentOS 8 (iyo "Server" yekuisa mbiri inokurudzirwa), pamwe nekupinda kwayo muDNS yemuno (senzira yekupedzisira, unogona kupfuura nekupinda mukati /etc/hosts). Uye usakanganwa .
Isu tinoita mashandiro ese pane iyo host semudzi mushandisi, chenjera.
- Mudanho rekutanga, isu tichagadzirisa iyo OS, kuisa uye kugadzirisa yekutanga kutsamira kweCRI-O.
- Ngatigadzirise OS:
dnf -y update
- Tevere iwe unofanirwa kugadzirisa iyo firewall uye SELinux. Pano zvinhu zvose zvinoenderana nemhoteredzo umo muenzi wedu kana vaenzi vachashanda. Iwe unogona kana kuseta firewall zvinoenderana nekurudziro kubva , kana, kana iwe uri pane network yakavimbika kana kushandisa yechitatu-bato firewall, shandura iyo default zone kuti ivimbike kana kudzima firewall:
firewall-cmd --set-default-zone trusted firewall-cmd --reloadKudzima firewall unogona kushandisa murairo unotevera:
systemctl disable --now firewalldSELinux inoda kudzimwa kana kuchinjirwa ku "permissive" mode:
setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- Rodha inodiwa kernel modules uye mapakeji, gadzirisa iyo otomatiki kurodha ye "br_netfilter" module pakutanga system:
modprobe overlay modprobe br_netfilter echo "br_netfilter" >> /etc/modules-load.d/br_netfilter.conf dnf -y install iproute-tc
- Kumisikidza kuendesa mberi kwepaketi uye kugadzirisa traffic traffic, isu tichaita marongero akakodzera:
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOFshandisa marongero akaitwa:
sysctl --system
- isa shanduro inodiwa CRI-O (huru shanduro CRI-O, sezvatotaurwa, enderana neshanduro inodiwa Kubernetes), kubva yazvino yakagadzikana vhezheni Kubernetes parizvino 1.18:
export REQUIRED_VERSION=1.18wedzera anodiwa repositories:
dnf -y install 'dnf-command(copr)' dnf -y copr enable rhcontainerbot/container-selinux curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo
- ikozvino tinogona kuisa CRI-O:
dnf -y install cri-oTeerera kune yekutanga nuance yatinosangana nayo panguva yekuisa maitiro: iwe unofanirwa kugadzirisa iyo gadziriso CRI-O usati watanga sevhisi, sezvo iyo inodiwa conmon chikamu ine imwe nzvimbo pane yakataurwa:
sed -i 's//usr/libexec/crio/conmon//usr/bin/conmon/' /etc/crio/crio.confIye zvino unogona kumisa uye kutanga daemon CRI-O:
systemctl enable --now crioUnogona kutarisa mamiriro edaemon:
systemctl status crio
- Ngatigadzirise OS:
- Installation uye activation Kubernetes.
- Ngatiwedzerei inodiwa repository:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOFIye zvino tinogona kuisa Kubernetes (shanduro 1.18, sezvataurwa pamusoro):
dnf install -y kubelet-1.18* kubeadm-1.18* kubectl-1.18* --disableexcludes=kubernetes
- Yechipiri yakakosha nuance: sezvo isu tisingashandisi daemon Docker, asi isu tinoshandisa daemon CRI-O, isati yatanga nekutanga Kubernetes iwe unofanirwa kugadzira marongero akakodzera mufaira rekugadzirisa /var/lib/kubelet/config.yaml, watanga wagadzira dhairekitori raunoda:
mkdir /var/lib/kubelet cat <<EOF > /var/lib/kubelet/config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF
- Pfungwa yechitatu yakakosha yatinosangana nayo panguva yekuisa: kunyangwe isu takaratidza mutyairi akashandisa cgroup, uye magadzirirwo ayo kuburikidza nenharo dzakapfuura cubelet yapera (sezvinotaurwa zviri mugwaro), tinoda kuwedzera nharo kufaira, zvikasadaro cluster yedu haizotangwa:
cat /dev/null > /etc/sysconfig/kubelet cat <<EOF > /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS=--container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' EOF
- Iye zvino tinogona kumisikidza daemon cubelet:
sudo systemctl enable --now kubeletKugadzirisa control-ndege kana mushandi nodes mumaminitsi, unogona kushandisa .
- Ngatiwedzerei inodiwa repository:
- Yasvika nguva yekutanga cluster yedu.
- Kuti utange cluster, shandisa murairo:
kubeadm init --pod-network-cidr=10.244.0.0/16Ita shuwa yekunyora pasi murairo wekubatanidza cluster "kubeadm join ...", iyo yaunokumbirwa kushandisa pakupera kwekubuda, kana kanenge tokeni dzakatarwa.
- Ngatiisei plugin (CNI) yePod network. Ndinokurudzira kushandisa Calico. Zvichida zvakanyanya kufarirwa Flannel ine nyaya dzekuenderana ne nftables,ehe uye Calico - iyo chete CNI yekuitwa yakakurudzirwa uye yakaedzwa zvizere neprojekiti Kubernetes:
kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.15/manifests/calico.yaml
- Kuti ubatanidze node yevashandi kune yedu cluster, unofanirwa kuigadzirisa zvinoenderana nemirairo 1 uye 2, kana kushandisa. , wobva wamhanyisa iwo murairo kubva ku "kubeadm init..." kubuda kwatakanyora pasi munhanho yapfuura:
kubeadm join $CONTROL_PLANE_ADDRESS:6443 --token $TOKEN --discovery-token-ca-cert-hash $TOKEN_HASH
- Ngatitarisei kuti cluster yedu yatangwa uye yakatanga kushanda:
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A
Ready! Iwe unogona kutotora mihoro paK8s cluster yako.
- Kuti utange cluster, shandisa murairo:
Chii chakatimirira mberi
Ndinovimba kuti mirairo iri pamusoro yakabatsira kukuchengetedza imwe nguva uye tsinga.
Mhedzisiro yemaitiro anoitika muindastiri kazhinji zvinoenderana nekuti anogamuchirwa sei nehuwandu hwevashandisi vekupedzisira uye vanogadzira mamwe software mune inoenderana niche. Izvo hazvisati zvanyatsojeka kuti zvipi zvirongwa zveOCI zvichatungamira mumakore mashoma, asi isu tichange tichiona nemufaro. Iwe unogona kugovera maonero ako izvozvi mumashoko.
Ramba wakashama!
Chinyorwa ichi chakaonekwa nekuda kune anotevera masosi:
- Chikamu pamusoro peContainer runtimes
- CRI-O chirongwa paInternet
- Red Hat blog zvinyorwa: , nevamwe vakawanda
Source: www.habr.com