不断学习 · 持续进步 Skip to main content

安装 containerd 容器运行时

修改内核参数,启用 IPv4 数据包转发

cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
EOF

sysctl --system

安装 containerd 容器运行时

  • 下载 containerd

    https://github.com/containerd/containerd/releases

  • 解压 containerd.tar.gz

    tar xf containerd.tar.gz
cp containerd /usr/local/containerd

  • 下载 service 文件

    https://raw.githubusercontent.com/containerd/containerd/main/containerd.service

    [Unit]
Description=containerd container runtime
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

LimitNPROC=infinity
LimitCORE=infinity

TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

  • 启动 containerd 服务

    systemctl daemon-reload
systemctl enable --now containerd

    yum install containerd -y
systemctl enable --now containerd.service

初始化 containerd 配置文件

containerd config default > /etc/containerd/config.toml

修改配置文件

crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock

修改第61行sandbox_image为当前K8S对应版本的镜像

61     sandbox_image = "registry.k8s.io/kubernetes/pause:3.9"

修改 cgroup 驱动

sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml

修改 containerd 配置

# cat/etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true


# /etc/containerd/config.toml
sed -i 's/^disabled_plugins/#disabled_plugins/g' /etc/containerd/config.toml
systemctl restart containerd.service

# /etc/containerd/config.toml
[plugins]
  [plugins.cri]
    sandbox_image = "registry.k8s.io/pause:3.9"
    [plugins.cri.registry.mirrors]
    [plugins.cri.registry.mirrors."registry.k8s.io"]
      endpoint = ["https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]

    [plugins.cri.containerd.runtimes.runc]
      [plugins.cri.containerd.runtimes.runc.options]
        SystemdCgroup = true

[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.k8s.io/pause:3.9"

      [plugins."io.containerd.grpc.v1.cri".registry]
        config_path = "/etc/containerd/certs.d"
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
          [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
            endpoint = ["https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]

    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
        SystemdCgroup = true



[root@master ~]# tree /etc/containerd/
/etc/containerd/
├── certs.d
│   └── registry.k8s.io
│       └── hosts.toml

[root@master ~]# cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml
server = "https://registry.k8s.io"

[host."https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]
  capabilities = ["pull", "resolve"]
  skip_verify = true
Back to top