Skip to content

Changes

Page history
Update Creating a cluster with containerd and gVisor authored by Kamil Baran's avatar Kamil Baran
Hide whitespace changes
Inline Side-by-side
Creating-a-cluster-with-containerd-and-gVisor.md
View page @ c4eac723
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd
https://docs.docker.com/engine/install/ubuntu/
https://gvisor.dev/docs/user_guide/containerd/quick_start/
[gVisor](https://gvisor.dev/) is an application kernel that provides an additional layer of isolation between running applications and the host operating system.
## containerd installation
```bash
sudo modprobe overlay
......@@ -10,6 +10,7 @@ overlay
br_netfilter
EOF
```
```bash
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
......@@ -18,6 +19,7 @@ net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
```
```bash
sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
......@@ -29,6 +31,10 @@ containerd config default | sudo tee /etc/containerd/config.toml
sudo systemctl restart containerd
```
<br />
## Kubernetes installation and cluster initialisation
```bash
sudo apt-get update && sudo apt-get install -y apt-transport-https bash-completion curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
......@@ -50,21 +56,22 @@ kubectl taint nodes --all node-role.kubernetes.io/master-
watch kubectl get node,pod -o wide --all-namespaces
```
<br />
## gVisor installation and creation of Runtime Class
```bash
curl -fsSL https://gvisor.dev/archive.key | sudo gpg --dearmor -o /usr/share/keyrings/gvisor-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases release main" | sudo tee /etc/apt/sources.list.d/gvisor.list > /dev/null
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] \
https://storage.googleapis.com/gvisor/releases release main" \
| sudo tee /etc/apt/sources.list.d/gvisor.list > /dev/null
sudo apt-get update && sudo apt-get install -y runsc
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz
tar xf crictl-v1.13.0-linux-amd64.tar.gz
sudo mv crictl /usr/local/bin
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
EOF
```
```bash
containerd config default | sudo tee /etc/containerd/config.toml
cat <<EOF | sudo tee /etc/containerd/config.toml
version = 2
[plugins."io.containerd.runtime.v1.linux"]
......@@ -79,25 +86,11 @@ sudo systemctl restart containerd
```bash
cat <<EOF | kubectl apply -f -
apiVersion: node.k8s.io/v1beta1
kind: RuntimeClass
metadata:
name: gvisor
handler: runsc
EOF
kubectl apply -f runtime-class/gvisor-runtime-class.yaml
kubectl apply -f runtime-class/gvisor-demo-app.yaml
```
```bash
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: nginx-gvisor
spec:
runtimeClassName: gvisor
containers:
- name: nginx
image: nginx
EOF
```
\ No newline at end of file
<br />
more info: [container runtimes](https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd),
[containerd installation](https://docs.docker.com/engine/install/ubuntu/), [gVisor installation](https://gvisor.dev/docs/user_guide/containerd/quick_start/)
\ No newline at end of file