标签:containerd kubeoperator registry io plugins xr k8s root
1.在安装过程中容器运行时选择containerd后,节点集群主机就不会安装docker了
查看安装的版本:
[root@jdd-k8s-worker-2 ~]# ctr --version
ctr github.com/containerd/containerd v1.6.0
[root@jdd-k8s-worker-2 ~]# ctr version
Client:
Version: v1.6.0
Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6e
Go version: go1.17.2
Server:
Version: v1.6.0
Revision: 39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6e
UUID: 084a860a-0956-47ff-864c-f918cff9cb1e
查看默认的containerd配置文件内容:
# cat /etc/containerd/config.toml
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = 0
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[plugins]
[plugins.cgroups]
no_prometheus = false
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_selinux = false
sandbox_image = "registry.kubeoperator.io:8082/kubeoperator/pause:3.5"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
[plugins.cri.containerd]
snapshotter = "overlayfs"
no_pivot = false
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."10.16.16.110:8082"]
endpoint = [
"http://10.16.16.110:8082"
]
[plugins.cri.registry.mirrors."10.16.16.110:8083"]
endpoint = [
"http://10.16.16.110:8083"
]
[plugins.cri.registry.mirrors."registry.kubeoperator.io:8082"]
endpoint = [
"http://10.16.16.110:8082"
]
[plugins.cri.registry.mirrors."registry.kubeoperator.io:8083"]
endpoint = [
"http://10.16.16.110:8083"
]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
]
[plugins.cri.registry.mirrors."gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."k8s.gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn/google-containers/"
]
[plugins.cri.registry.mirrors."quay.io"]
endpoint = [
"https://quay.mirrors.ustc.edu.cn"
]
[plugins.cri.x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins.diff-service]
default = ["walking"]
[plugins.linux]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins.opt]
path = "/opt/containerd"
[plugins.restart]
interval = "10s"
[plugins.scheduler]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
注意到有几个镜像加速配置,可以测试一下
[root@jdd-k8s-worker-2 ~]# crictl pull k8s.gcr.io/pause:3.6
FATA[0030] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "k8s.gcr.io/pause:3.6": failed to resolve reference "k8s.gcr.io/pause:3.6": pulling from host gcr.mirrors.ustc.edu.cn failed with status code [manifests 3.6]: 403 Forbidden
发现拉取镜像:k8s.gcr.io/pause:3.6 实际是从网址:gcr.mirrors.ustc.edu.cn 拉取的,但是这个网站访问报错403
2.查看网络插件目录
[root@jdd-k8s-worker-2 net.d]# pwd
/etc/cni/net.d
[root@jdd-k8s-worker-2 net.d]# ll
总用量 8
-rw-r--r--. 1 root root 670 7月 1 11:28 10-calico.conflist
-rw-------. 1 root root 2767 7月 1 15:33 calico-kubeconfig
[root@jdd-k8s-worker-2 net.d]# cat 10-calico.conflist
{
"name": "k8s-pod-network",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "calico",
"log_level": "info",
"log_file_path": "/var/log/calico/cni/cni.log",
"datastore_type": "kubernetes",
"nodename": "jdd-k8s-worker-2",
"mtu": 1440,
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
}
},
{
"type": "portmap",
"snat": true,
"capabilities": {"portMappings": true}
},
{
"type": "bandwidth",
"capabilities": {"bandwidth": true}
}
]
}
可以获知,节点主机只是单纯使用containerd,并没有使用网络插件使用,而是使用的k8s集群提供的calico插件,来给pod提供网络服务
查看网络插件可执行文件目录,发现里面也都是k8s集群提供的calico插件有关命令
[root@jdd-k8s-worker-2 bin]# pwd
/opt/cni/bin
[root@jdd-k8s-worker-2 bin]# ll
总用量 213144
-rwxr-xr-x. 1 root root 3990548 7月 1 11:28 bandwidth
-rwxr-xr-x. 1 root root 4671647 5月 14 2020 bridge
-rwsr-xr-x. 1 root root 47026188 7月 1 11:28 calico
-rwsr-xr-x. 1 root root 47026188 7月 1 11:28 calico-ipam
-rwxr-xr-x. 1 root root 12124326 5月 14 2020 dhcp
-rwxr-xr-x. 1 root root 5945760 5月 14 2020 firewall
-rwxr-xr-x. 1 root root 3357992 7月 1 11:28 flannel
-rwxr-xr-x. 1 root root 4174394 5月 14 2020 host-device
-rwxr-xr-x. 1 root root 3402808 7月 1 11:28 host-local
-rwsr-xr-x. 1 root root 47026188 7月 1 11:28 install
-rwxr-xr-x. 1 root root 4314598 5月 14 2020 ipvlan
-rwxr-xr-x. 1 root root 3472123 7月 1 11:28 loopback
-rwxr-xr-x. 1 root root 4389622 5月 14 2020 macvlan
-rwxr-xr-x. 1 root root 3924908 7月 1 11:28 portmap
-rwxr-xr-x. 1 root root 4590277 5月 14 2020 ptp
-rwxr-xr-x. 1 root root 3392826 5月 14 2020 sbr
-rwxr-xr-x. 1 root root 2885430 5月 14 2020 static
-rw-r--r--. 1 root root 4555575 7月 1 11:28 tags.txt
-rwxr-xr-x. 1 root root 3622648 7月 1 11:28 tuning
-rwxr-xr-x. 1 root root 4314446 5月 14 2020 vlan
2.在集群节点主机上查看镜像
[root@jdd-k8s-worker-2 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@jdd-k8s-worker-2 ~]# crictl images ls
IMAGE TAG IMAGE ID SIZE
docker.io/library/nginx alpine cc44224bfe208 10.2MB
k8s.gcr.io/kube-proxy v1.22.8 c1cfbd59f7747 105MB
k8s.gcr.io/pause 3.5 ed210e3e4a5ba 686kB
registry.kubeoperator.io:8082/kubeoperator/pause 3.5 ed210e3e4a5ba 686kB
registry.kubeoperator.io:8082/calico/cni v3.21.4 f1de15d70851b 80.5MB
registry.kubeoperator.io:8082/calico/node v3.21.4 c59896fc7ca44 74MB
registry.kubeoperator.io:8082/calico/pod2daemon-flexvol v3.21.4 ab768d7a914ff 9.23MB
registry.kubeoperator.io:8082/kubeoperator/ingress-nginx-controller v1.1.1 2461b2698dcd5 104MB
registry.kubeoperator.io:8082/kubeoperator/k8s-dns-node-cache 1.17.0 3a187183b3a8c 56.8MB
registry.kubeoperator.io:8082/kubeoperator/kube-bench v0.6.8 43684c5de97d2 26.7MB
3.在集群节点主机上查看运行的容器
[root@jdd-k8s-worker-2 ~]# ctr container ls
CONTAINER IMAGE RUNTIME
[root@jdd-k8s-worker-2 ~]# crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
2dc6db8bc454e cc44224bfe208 17 minutes ago Running nginx 0 e51bbae3f9b02
054efcebc2ee1 3a187183b3a8c 4 hours ago Running node-cache 0 00e195d4e2a4e
339e50b2fb546 2461b2698dcd5 4 hours ago Running ingress-nginx-controller 0 4aaecb99b1417
f2762f54bd9aa c59896fc7ca44 4 hours ago Running calico-node 0 6b632de8647df
2ac9e9b24f505 c1cfbd59f7747 4 hours ago Running kube-proxy 0 11ff7c85696e1
注意:从查看节点主机的镜像和容器可知,使用crictl命令代替ctr命令使用
4.crictl配置文件内容
# cat /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
标签:containerd,kubeoperator,registry,io,plugins,xr,k8s,root 来源: https://www.cnblogs.com/sanduzxcvbnm/p/16434979.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。