不断学习 · 持续进步 Skip to main content

安装 containerd 容器运行时

加载内核模块

modprobe br_netfilter
modprobe overlay

开机自动加载内裤模块

cat > /etc/modules-load.d/k8s.conf << EOF
overlay
br_netfilter
EOF

修改内核参数,启用 IPv4 数据包转发

cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl --system

安装 containerd

  • 下载 containerd

    https://github.com/containerd/containerd/releases

  • 解压 containerd.tar.gz

    tar xf containerd.tar.gz
cp containerd /usr/local/containerd

  • 下载 service 文件

    https://raw.githubusercontent.com/containerd/containerd/main/containerd.service

    [Unit]
Description=containerd container runtime
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

LimitNPROC=infinity
LimitCORE=infinity

TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

  • 启动 containerd 服务

    systemctl daemon-reload
systemctl enable --now containerd

安装容器运行时

  • 下载容器运行时

  • https://github.com/opencontainers/runc/releases

    chmod 755 runc.amd64
cp -p runc.amd64 /usr/local/bin/runc

安装 CNI plugins

  • 下载 CNI plugins

  • https://github.com/containernetworking/plugins/releases

    mkdir -p /opt/cni/bin
cd /opt/cni/bin
tar xf cni-plugins-linux-amd64-v1.1.1.tgz


    yum install containerd -y
systemctl enable --now containerd.service

初始化 containerd 配置文件

containerd config default > /etc/containerd/config.toml

修改配置文件

crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock

修改第61行sandbox_image为当前K8S对应版本的镜像

61     sandbox_image = "registry.k8s.io/kubernetes/pause:3.9"

修改 cgroup 驱动

sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml

修改 containerd 配置

# cat/etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true


# /etc/containerd/config.toml
sed -i 's/^disabled_plugins/#disabled_plugins/g' /etc/containerd/config.toml
systemctl restart containerd.service

[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.k8s.io/pause:3.9"

      [plugins."io.containerd.grpc.v1.cri".registry]
        config_path = "/etc/containerd/certs.d"



[root@master ~]# tree /etc/containerd/certs.d/
/etc/containerd/certs.d/
└── _default
    └── hosts.toml



[root@master ~]# cat /etc/containerd/certs.d/_default/hosts.toml
[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
Back to top