|
|
|
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd
|
|
|
|
https://docs.docker.com/engine/install/ubuntu/
|
|
|
|
https://gvisor.dev/docs/user_guide/containerd/quick_start/
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo modprobe overlay
|
|
|
|
sudo modprobe br_netfilter
|
|
|
|
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
|
|
|
|
overlay
|
|
|
|
br_netfilter
|
|
|
|
EOF
|
|
|
|
```
|
|
|
|
```bash
|
|
|
|
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
|
|
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
|
|
net.ipv4.ip_forward = 1
|
|
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
|
|
EOF
|
|
|
|
sudo sysctl --system
|
|
|
|
```
|
|
|
|
```bash
|
|
|
|
sudo apt-get update && sudo apt-get install -y ca-certificates curl gnupg lsb-release
|
|
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
|
|
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
|
|
|
|
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
|
|
|
sudo apt-get update && sudo apt-get install -y docker-ce docker-ce-cli containerd.io
|
|
|
|
```
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo mkdir -p /etc/containerd
|
|
|
|
sudo containerd config default | sudo tee /etc/containerd/config.toml
|
|
|
|
sudo systemctl restart containerd
|
|
|
|
sudo systemctl status containerd
|
|
|
|
```
|
|
|
|
Kubernetes installation ->
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo kubeadm init --kubernetes-version 1.21.1 --cri-socket=/var/run/containerd/containerd.sock --pod-network-cidr 192.168.0.0/16
|
|
|
|
mkdir -p $HOME/.kube
|
|
|
|
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
|
|
|
sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
|
|
|
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
|
|
|
|
```
|
|
|
|
```bash
|
|
|
|
cat <<EOF | sudo tee /etc/containerd/config.toml
|
|
|
|
version = 2
|
|
|
|
[plugins."io.containerd.runtime.v1.linux"]
|
|
|
|
shim_debug = true
|
|
|
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
|
|
|
runtime_type = "io.containerd.runc.v2"
|
|
|
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runsc]
|
|
|
|
runtime_type = "io.containerd.runsc.v1"
|
|
|
|
EOF
|
|
|
|
sudo systemctl restart containerd
|
|
|
|
```
|
|
|
|
```bash
|
|
|
|
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz
|
|
|
|
tar xf crictl-v1.13.0-linux-amd64.tar.gz
|
|
|
|
sudo mv crictl /usr/local/bin
|
|
|
|
cat <<EOF | sudo tee /etc/crictl.yaml
|
|
|
|
runtime-endpoint: unix:///run/containerd/containerd.sock
|
|
|
|
EOF
|
|
|
|
```
|
|
|
|
```bash
|
|
|
|
cat <<EOF | kubectl apply -f -
|
|
|
|
apiVersion: node.k8s.io/v1beta1
|
|
|
|
kind: RuntimeClass
|
|
|
|
metadata:
|
|
|
|
name: gvisor
|
|
|
|
handler: runsc
|
|
|
|
EOF
|
|
|
|
```
|
|
|
|
```bash
|
|
|
|
cat <<EOF | kubectl apply -f -
|
|
|
|
apiVersion: v1
|
|
|
|
kind: Pod
|
|
|
|
metadata:
|
|
|
|
name: nginx-gvisor
|
|
|
|
spec:
|
|
|
|
runtimeClassName: gvisor
|
|
|
|
containers:
|
|
|
|
- name: nginx
|
|
|
|
image: nginx
|
|
|
|
EOF
|
|
|
|
``` |
|
|
\ No newline at end of file |
