Lumela! Lebitso la ka ke Sergey, ke DevOps ho Surf. Lefapha la DevOps ho Surf ha le ikemisetse feela ho theha tšebelisano lipakeng tsa litsebi le ho kopanya lits'ebetso tsa mosebetsi, empa hape le ho etsa lipatlisiso ka mafolofolo le ho kenya ts'ebetsong mahlale a morao-rao ka meaho ea eona le lits'ebetsong tsa bareki.
Ka tlase ke tla bua hanyane ka liphetoho tse teng ka har'a sethala sa theknoloji bakeng sa lijana tseo re kopaneng le tsona ha re ntse re ithuta kabo CentOS 8 le hore na ke eng CRI-O le mokhoa oa ho potlakela ho theha tikoloho e phethisoang bakeng sa Kubernetes.
Hobaneng ha Docker e sa kenyelletsoa ho CentOS 8?
Kamora ho kenya litokollo tse kholo tsa morao-rao hle 8 kapa CentOS 8 motho ha a tsebe ho hlokomela: liphaello tsena le lipolokelo tsa semmuso ha li na ts'ebeliso Docker, e nkang sebaka sa liphutheloana ka maikutlo le ka ts'ebetso podman, Buildah (e teng kabong ka ho sa feleng) le CRI-O. Sena se bakoa ke ts'ebetsong e sebetsang ea litekanyetso tse ntlafalitsoeng, har'a tse ling, ke Red Hat e le karolo ea morero oa Open Container Initiative (OCI).
Sepheo sa OCI, e leng karolo ea The Linux Foundation, ke ho theha maemo a bulehileng a indasteri bakeng sa liforomo tsa lijana le linako tsa ho sebetsa tse rarollang mathata a 'maloa hang-hang. Taba ea pele, li ne li sa hanyetse filosofi ea Linux (mohlala, karolong eo lenaneo le leng le le leng le lokelang ho etsa ketso e le 'ngoe, le Docker ke mofuta oa motsoako oa tsohle ka bonngoe). Taba ea bobeli, ba ka felisa mefokolo eohle e teng ho software Docker. Ea boraro, li ne li tla lumellana ka botlalo le litlhoko tsa khoebo tsa ho etella pele liforomo tsa khoebo bakeng sa ho tsamaisa, ho laola le ho fana ka lits'ebetso tse nang le lisebelisoa (mohlala, Red Hat OpenShift).
Mathata Docker 'me melemo ea software e ncha e se e hlalositsoe ka botlalo ka , le tlhaloso e qaqileng ea stack eohle ea software e fanoeng ka har'a morero oa OCI le likarolo tsa eona tsa meralo li ka fumanoa litokomaneng tsa molao le lihlooho tse tsoang ho Red Hat ka boeona (eseng e mpe. ho Red Hat blog) le ho motho oa boraro .
Ho bohlokoa ho hlokomela hore na likarolo tsa stack e reriloeng li na le ts'ebetso efe:
- podman - tšebelisano e tobileng le lijana le polokelo ea litšoantšo ka ts'ebetso ea runC;
- Buildah - kopanya le ho kenya litšoantšo ho registry;
- CRI-O - tikoloho e sebetsang bakeng sa litsamaiso tsa 'mino oa lijana (mohlala, Kubernetes).
Ke nahana hore ho utloisisa morero o akaretsang oa tšebelisano lipakeng tsa likarolo tsa stack, ho bohlokoa ho fana ka setšoantšo sa khokahano mona. Kubernetes c mathaC le lilaeborari tsa boemo bo tlase tse sebelisang CRI-O:
CRI-O и Kubernetes khomarela potoloho e tšoanang ea tokollo le tšehetso (matrix e lumellanang e bonolo haholo: liphetolelo tse kholo Kubernetes и CRI-O coincide), 'me sena, ho ela hloko ho tsepamisa maikutlo tekong e felletseng le e felletseng ea ts'ebetso ea stack ena ke bahlahisi, e re fa tokelo ea ho lebella botsitso bo ka fihlellehang ts'ebetsong tlasa maemo afe kapa afe a ts'ebeliso (bonolo bo amanang le bona bo molemo mona. CRI-O bapisoa le Docker ka lebaka la moedi o nang le maikemisetso wa tshebetso).
Ha o kenya Kubernetes "tsela e nepahetseng" (ho ea ka OCI, ehlile) ho sebelisa CRI-O mabapi le CentOS 8 Re ile ra kopana le mathata a manyenyane, ao, leha ho le joalo, re ileng ra a hlōla ka katleho. Ke tla thabela ho arolelana le uena litaelo tsa ho kenya le ho hlophisa, tseo ka kakaretso li tla nka metsotso e ka bang 10.
Mokhoa oa ho kenya Kubernetes ho CentOS 8 u sebelisa moralo oa CRI-O
Lintho tse hlokahalang: ho ba teng ha bonyane moamoheli a le mong (2 cores, 4 GB RAM, bonyane polokelo ea 15 GB) e kentsoeng. CentOS 8 ("Server" profile profile e buelloa), hammoho le likenyo tsa eona ho DNS ea lehae (e le khetho ea ho qetela, u ka khona ho feta ka ho kena ho /etc/hosts). Mme o seke wa lebala .
Re etsa lits'ebetso tsohle ho moamoheli joalo ka mosebelisi oa metso, ela hloko.
- Mohato oa pele, re tla lokisa OS, kenya le ho lokisa litšepeho tsa pele tsa CRI-O.
- Ha re ntlafatse OS:
dnf -y update
- E latelang o hloka ho lokisa firewall le SELinux. Mona ntho e 'ngoe le e' ngoe e itšetlehile ka tikoloho eo moamoheli oa rona kapa ba amohelang baeti ba tla sebetsa ho eona. U ka e ka ba ua theha firewall ho latela likhothaletso tse tsoang ho , kapa, haeba u le marang-rang a tšeptjoang kapa u sebelisa firewall ea motho oa boraro, fetola sebaka sa kamehla hore e be se tšepahalang kapa tima firewall:
firewall-cmd --set-default-zone trusted firewall-cmd --reloadHo tima firewall u ka sebelisa taelo e latelang:
systemctl disable --now firewalldSELinux e hloka ho tima kapa ho fetisetsoa ho "permissive mode":
setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- Laola li-module le liphutheloana tsa kernel tse hlokahalang, lokisa ho jarolla ka ho iketsa "br_netfilter" mojuleng oa ho qala sistimi:
modprobe overlay modprobe br_netfilter echo "br_netfilter" >> /etc/modules-load.d/br_netfilter.conf dnf -y install iproute-tc
- Ho kenya tšebetsong phetiso ea lipakete le ho lokisa sephethephethe, re tla etsa litlhophiso tse nepahetseng:
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOFsebelisa li-setting tse entsoeng:
sysctl --system
- beha mofuta o hlokahalang CRI-O (phetolelo e kholo CRI-O, joalo ka ha ho se ho boletsoe, tsamaisana le mofuta o hlokahalang Kubernetes), kaha mofuta oa morao-rao o tsitsitseng Kubernetes hajoale 1.18:
export REQUIRED_VERSION=1.18eketsa polokelo e hlokahalang:
dnf -y install 'dnf-command(copr)' dnf -y copr enable rhcontainerbot/container-selinux curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/CentOS_8/devel:kubic:libcontainers:stable.repo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION/CentOS_8/devel:kubic:libcontainers:stable:cri-o:$REQUIRED_VERSION.repo
- joale re ka kenya CRI-O:
dnf -y install cri-oEla hloko nuance ea pele eo re kopanang le eona nakong ea ts'ebetso ea ho kenya: o hloka ho hlophisa tlhophiso CRI-O pele o qala ts'ebeletso, kaha karolo e hlokahalang ea li-conmon e na le sebaka se fapaneng le se boletsoeng:
sed -i 's//usr/libexec/crio/conmon//usr/bin/conmon/' /etc/crio/crio.confJoale o ka kenya tšebetsong le ho qala daemon CRI-O:
systemctl enable --now crioO ka sheba boemo ba daemon:
systemctl status crio
- Ha re ntlafatse OS:
- Ho kenya le ho kenya tshebetsong Kubernetes.
- Ha re kenye polokelo e hlokahalang:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOFHona joale re ka kenya Kubernetes (phetolelo ea 1.18, joalo ka ha ho boletsoe ka holimo):
dnf install -y kubelet-1.18* kubeadm-1.18* kubectl-1.18* --disableexcludes=kubernetes
- Ntho ea bobeli ea bohlokoa: kaha ha re sebelise daemon Docker, empa re sebelisa daemon CRI-O, pele ho qala le ho qala Kubernetes o hloka ho etsa litlhophiso tse nepahetseng faeleng ea tlhophiso /var/lib/kubelet/config.yaml, ka mor'a ho theha bukana eo u e batlang pele:
mkdir /var/lib/kubelet cat <<EOF > /var/lib/kubelet/config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF
- Ntlha ea boraro ea bohlokoa eo re kopanang le eona nakong ea ho kenya: ho sa tsotellehe taba ea hore re bontšitse hore mokhanni o sebelisitse sehlopha, 'me tlhophiso ea eona ka likhang e fetile kubelet e siiloe ke nako (joalokaha ho boletsoe ka ho hlaka litokomaneng), re hloka ho kenya likhang faeleng, ho seng joalo sehlopha sa rona se ke ke sa qalisoa:
cat /dev/null > /etc/sysconfig/kubelet cat <<EOF > /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS=--container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' EOF
- Joale re ka kenya daemon kubelet:
sudo systemctl enable --now kubeletHo tloaela taolo-sefofane kapa Mosebetsi nodes ka metsotso, u ka sebelisa .
- Ha re kenye polokelo e hlokahalang:
- Ke nako ea ho qala sehlopha sa rona.
- Ho qala sehlopha, tsamaisa taelo:
kubeadm init --pod-network-cidr=10.244.0.0/16Etsa bonnete ba hore o ngola taelo ea ho ikopanya le sehlopha sa "kubeadm join ...", seo u kopuoang ho se sebelisa qetellong ea tlhahiso, kapa bonyane li-tokens tse boletsoeng.
- Ha re kenye plugin (CNI) bakeng sa marang-rang a Pod. Ke khothaletsa ho sebelisa Calico. Mohlomong e tumme ho feta Flannel e na le mathata a ho lumellana le liqhomane, ee le Calico - ke eona feela ts'ebetsong ea CNI e khothalelitsoeng le ho lekoa ka botlalo ke morero Kubernetes:
kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.15/manifests/calico.yaml
- Ho hokahanya node ea basebetsi sehlopheng sa rona, o hloka ho e hlophisa ho latela litaelo 1 le 2, kapa sebelisa , ebe u tsamaisa taelo e tsoang ho "kubeadm init..." tlhahiso eo re e ngotseng mohatong o fetileng:
kubeadm join $CONTROL_PLANE_ADDRESS:6443 --token $TOKEN --discovery-token-ca-cert-hash $TOKEN_HASH
- Ha re hlahlobeng hore na sehlopha sa rona se qalile 'me se qalile ho sebetsa:
kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods -A
E lokile! U se u ka amohela meroalo e mengata ea meputso sehlopheng sa hau sa K8s.
- Ho qala sehlopha, tsamaisa taelo:
Se re emetseng pele
Ke tšepa hore litaelo tse ka holimo li thusitse ho u pholosa nako le methapo.
Sephetho sa lits'ebetso tse etsahalang indastering hangata se ipapisitse le hore na li amoheloa joang ke bongata ba basebelisi ba ho qetela le baetsi ba software e ngoe sebakeng se lumellanang. Ha e so hlake ka botlalo hore na matsapa a OCI a tla lebisa ho eng lilemong tse 'maloa, empa re tla be re shebelletse ka thabo. U ka arolelana maikutlo a hau hona joale ho maikutlo.
Lula u mametse!
Sengoliloeng sena se hlahile ka lebaka la mehloli e latelang:
- Karolo e mabapi le nako ea ho sebetsa ea Container
- Morero oa CRI-O ho Marang-rang
- Lingoloa tsa blog tsa Red Hat: , le tse ling tse ngata
Source: www.habr.com