在 使用 Ansible 部署 K8s 集群 部署完成后,重新阅读了 K8s 的文档,发现使用 containerd 需要先修改配置文件,之前配置失败的主要原因是没有配置 SystemdCgroup。
参考:
containerd 安装手册
配置 systemd cgroup 驱动
安装 containerd
首先是安装 containerd 并修改配置文件,可以从 apt 源或者 GitHub Releases 安装。
从 apt 源安装
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| ---
- hosts: all
become: true
tasks:
- name: 安装 containerd
apt:
name: containerd
update_cache: true
register: result
- name: 配置 containerd
when: result.changed
block:
- name: 生成 containerd 默认配置文件
shell: "containerd config default > /etc/containerd/config.toml"
- name: 启用 SystemdCgroup
replace:
path: /etc/containerd/config.toml
regexp: "SystemdCgroup = false"
replace: "SystemdCgroup = true"
- name: 更新 pause 镜像版本
replace:
path: /etc/containerd/config.toml
regexp: '"registry.k8s.io/pause:.*'
replace: '"registry.k8s.io/pause:3.9"'
- name: 重启并启用 containerd 服务
systemd_service:
enabled: true
state: restarted
daemon_reload: true
name: containerd
|
从 GitHub Releases 安装
参考 containerd 安装手册 编写的 playbook 安装步骤
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
| ---
- hosts: all
become: true
vars:
containerd_url: https://github.com/containerd/containerd/releases/download/v1.7.20/containerd-1.7.20-linux-amd64.tar.gz
containerd_service_url: https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
runc_url: https://github.com/opencontainers/runc/releases/download/v1.1.13/runc.amd64
cni_plugins_url: https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz
tasks:
- name: 解压 containerd 包到 /usr/local
unarchive:
src: "{{ containerd_url }}"
dest: /usr/local
remote_src: yes
register: result
- name: 下载 runc 二进制文件到 /usr/local/sbin 并设置权限
get_url:
url: "{{ runc_url }}"
dest: "/usr/local/sbin/runc"
mode: "755"
- name: 创建 /opt/cni/bin 目录
file:
path: /opt/cni/bin
state: directory
- name: 解压 CNI 插件包到 /opt/cni/bin
unarchive:
src: "{{ cni_plugins_url }}"
dest: /opt/cni/bin
remote_src: yes
- name: 配置 containerd
when: result.changed
block:
- name: 下载 containerd systemd 服务文件
get_url:
url: "{{ containerd_service_url }}"
dest: "/etc/systemd/system/containerd.service"
- name: 创建 /etc/containerd 目录
file:
path: /etc/containerd
state: directory
- name: 生成 containerd 默认配置文件
shell: "containerd config default > /etc/containerd/config.toml"
- name: 修改 SystemdCgroup 为 true
replace:
path: /etc/containerd/config.toml
regexp: "SystemdCgroup = false"
replace: "SystemdCgroup = true"
- name: 更新 pause 镜像版本
replace:
path: /etc/containerd/config.toml
regexp: '"registry.k8s.io/pause:.*'
replace: '"registry.k8s.io/pause:3.9"'
- name: 重启并启用 containerd 服务
systemd_service:
enabled: true
state: restarted
daemon_reload: true
name: containerd
|
安装 K8s
containerd 安装配置完成后,使用以下 playbook 安装 K8s:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| ---
- hosts: all
become: true
tasks:
- name: 创建 APT 密钥目录
file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
- name: 添加 Kubernetes APT 密钥
apt_key:
url: https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.30/deb/Release.key
keyring: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
- name: 添加 Kubernetes APT 仓库
apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.30/deb/ /"
filename: kubernetes
- name: 安装 Kubernetes 组件
apt:
name:
- kubelet
- kubeadm
- kubectl
update_cache: true
- name: 将 Kubernetes 组件的包状态设置为 hold
dpkg_selections:
name: "{{ item }}"
selection: hold
loop:
- kubelet
- kubeadm
- kubectl
|
镜像拉取
containerd 也可以配置代理,参考上文的 为 Docker 配置代理
将 service_override_dir 改成 /etc/systemd/system/containerd.service.d,systemd_service 下的 name 改成 containerd 即可。
在上文的时候已经通过 docker 拉取镜像并导出,现在使用 containerd 仍然可以使用这些文件导入。
导入镜像的 playbook:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
| ---
- hosts: all
become: true
vars:
images_base_url: http://192.168.1.100
tmp_dir: /tmp/images_import
filenames:
- kube-apiserver.tar
- kube-controller-manager.tar
- kube-scheduler.tar
- kube-proxy.tar
- coredns.tar
- pause.tar
- etcd.tar
- flannel.tar
- flannel-cni-plugin.tar
tasks:
- name: 创建临时目录用于存储镜像文件
file:
path: "{{ tmp_dir }}"
state: directory
- name: 下载镜像文件到临时目录
get_url:
url: "{{ images_base_url }}/{{ item }}"
dest: "{{ tmp_dir }}/{{ item }}"
loop: "{{ filenames }}"
- name: 导入镜像到 containerd
command: "ctr -n=k8s.io images import {{ tmp_dir }}/{{ item }}"
loop: "{{ filenames }}"
- name: 删除临时目录及其内容
file:
path: "{{ tmp_dir }}"
state: absent
|
环境准备好后,可以开始初始化 K8s 集群。
和上文初始化步骤差不多,只不过创建和加入都不需要指定运行时参数,直接执行 sudo kubeadm init --pod-network-cidr=10.244.0.0/16 就可以初始化。
完整步骤: 初始化 K8s 集群