在Ubuntu 20.04 | 18.04上安装CRI-O容器运行时
时间:2020-02-23 14:31:41 来源:igfitidea点击:
本教程将引导我们完成在Ubuntu 20.04/18.04上CRI-O Container Runtime的安装。 CRI-O是Kubernetes容器运行时接口(CRI)的基于OCI的实现,旨在在OCI兼容的运行时和kubelet之间提供集成路径。
创建CRI-O是为了提供以下核心功能:支持多种图像格式(包括现有的Docker图像格式)支持多种下载图像的方式(包括信任和图像验证)容器图像管理(管理图像层,覆盖文件系统等)容器过程生命周期管理监视和记录需要满足CRI要求的CRI资源隔离
CRI-O使用的库是:
运行时:runc(或者任何OCI运行时规范实现)和oci运行时工具图像:使用容器/图像的图像管理存储:使用容器/存储的图像层的存储和管理网络:通过使用CNI进行网络支持
在Ubuntu 20.04 | 18.04上安装CRI-O容器运行时
我们将使用预构建的二进制程序包来安装CRI-O容器运行时。请按照以下步骤在Ubuntu 20.04 | 18.04上安装CRI-O Container Runtime。
更新系统
确保Ubuntu系统已更新。如果我们担心这可能会破坏系统,则可以跳过。
sudo apt update && sudo apt upgrade
建议重新引导系统以确保它在更新版本上运行。
sudo systemctl reboot
添加CRI-O Kubic存储库
添加Kubic存储库,该存储库托管基于Debian的系统的二进制软件包。如果将CRI-O与Kubernetes一起使用,请安装与Kubernetes版本设置相匹配的版本。
如果Kubernetes版本是1.17,请安装CRI-O版本1.17.
CRIO_VERSION=1.17
. /etc/os-release
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/x${NAME}_${VERSION_ID}//' >/etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
将存储库添加到系统后,导入GPG密钥:
wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/x${NAME}_${VERSION_ID}/Release.key -O- | sudo apt-key add
在Ubuntu 20.04上安装CRI-O Ubuntu 18.04
添加存储库后,更新apt缓存并在Ubuntu上安装CRI-O。
sudo apt update
sudo apt install cri-o-${CRIO_VERSION}
使用y键接受安装提示。
The following additional packages will be installed: conmon containers-common containers-golang containers-image libgpgme11 runc Suggested packages: containernetworking-plugins The following NEW packages will be installed: conmon containers-common containers-golang containers-image cri-o-1.17 libgpgme11 runc 0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded. Need to get 23.3 MB of archives. After this operation, 107 MB of additional disk space will be used. Do you want to continue? [Y/n] y
启动并启用Crio服务:
sudo systemctl enable crio.service sudo systemctl start crio.service
可以使用以下命令检查服务状态:
$systemctl status crio
● crio.service - Container Runtime Interface for OCI (CRI-O)
Loaded: loaded (/lib/systemd/system/crio.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2017-06-07 20:16:50 CEST; 37s ago
Docs: https://github.com/cri-o/cri-o
Main PID: 2461 (crio)
Tasks: 13
Memory: 7.7M
CGroup: /system.slice/crio.service
└─2461 /usr/bin/crio
Jun 07 20:16:50 ubuntu systemd[1]: Starting Container Runtime Interface for OCI (CRI-O)...
Jun 07 20:16:50 ubuntu systemd[1]: Started Container Runtime Interface for OCI (CRI-O).
在Ubuntu 20.04上使用CRI-O 18.04
可以通过cri-tools软件包安装命令行工具crioctl。
sudo apt install cri-tools
检查crictl命令是否存在:
$crictl info
{
"status": {
"conditions": [
{
"type": "RuntimeReady",
"status": true,
"reason": "",
"message": ""
},
{
"type": "NetworkReady",
"status": false,
"reason": "NetworkPluginNotReady",
"message": "Network plugin returns error: Missing CNI default network"
}
]
}
}
拉一个测试图像:
# crictl pull nginx Image is up to date for docker.io/library/theitroad@localhost:c870bf53de0357813af37b9500cb1c2ff9fb4c00120d5fe1d75c21591293c34d # crictl pull hello-world Image is up to date for docker.io/library/theitroad@localhost:6a65f928fb91fcfbc963f7aa6d57c8eeb426ad9a20c7ee045538ef34847f44f1 # crictl pull busybox Image is up to date for docker.io/library/theitroad@localhost:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209
列出可用的图像:
# crictl images IMAGE TAG IMAGE ID SIZE docker.io/library/alpine latest a24bb4013296f 5.85MB docker.io/library/busybox latest 1c35c44120825 1.44MB docker.io/library/hello-world latest bf756fb1ae65a 20kB docker.io/library/nginx latest 4392e5dad77db 136MB
创建pod沙箱配置文件:
cat >nginx.json<<EOF
{
"metadata": {
"name": "nginx-container",
"attempt": 1
},
"image": {
"image": "nginx"
},
"log_path": "nginx.log",
"linux": {
"security_context": {
"namespace_options": {}
}
}
}
EOF
cat >net-pod.json<<EOF
{
"metadata": {
"name": "networking",
"uid": "networking-pod-uid",
"namespace": "default",
"attempt": 1
},
"hostname": "networking",
"port_mappings": [
{
"container_port": 80
}
],
"log_directory": "/tmp/net-pod",
"linux": {}
}
EOF
运行Pod
sudo crictl runp net-pod.json sudo crictl create nginx.json net-pod.json sudo crictl ps -a
