k8s 1.20.6 将docker引擎切换为containerd
一、环境介绍
官方文档:https://kubernetes.io/zh/docs/setup/production-environment/container-runtimes/#containerd
[root@master ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master Ready control-plane,master 4m24s v1.20.6 192.168.11.67 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://20.10.7 node1 Ready <none> 4m v1.20.6 192.168.11.68 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://20.10.7 node2 Ready <none> 3m57s v1.20.6 192.168.11.69 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://20.10.7
二、在master上操作
1、将需要切换的node改为不可调度
kubectl cordon node1
2、驱逐该node上的pod资源
kubectl drain node1 --delete-local-data --force --ignore-daemonsets
3、查看
[root@master ~]# kubectl get node NAME STATUS ROLES AGE VERSION master Ready control-plane,master 15m v1.20.6 node1 Ready,SchedulingDisabled <none> 14m v1.20.6 node2 Ready <none> 14m v1.20.6
三、在切换引擎的node服务器上操作
1、配置先决条件
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter # 设置必需的 sysctl 参数,这些参数在重新启动后仍然存在。 cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF # 应用 sysctl 参数而无需重新启动 sudo sysctl --system
2、安装containerd(因为我之前用的docker引擎。所以containerd已经安装好了。所以就不用安装containerd了)
3、配置containerd的config.toml文件(覆盖旧的配置config.toml文件)
containerd config default | sudo tee /etc/containerd/config.toml
4、修改config.toml配置
sandbox_image:将镜像地址替换为国内阿里云的
SystemdCgroup:指定使用systemd作为Cgroup的驱动程序(在options下一行添加的内容)
endpoint:修改镜像加速地址
[root@node1 ~]# cat -n /etc/containerd/config.toml |egrep "sandbox_image|SystemdCgroup |endpoint "
57 sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2"
97 SystemdCgroup = true
106 endpoint = ["https://1nj0zren.mirror.aliyuncs.com"]
5、重启containerd
systemctl restart containerd.service systemctl enable containerd.service
6、配置kubelet使用containerd
[root@node1 ~]# cat /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock --cgroup-driver=systemd"
7、重启kubelet
systemctl restart kubelet
四、查看容器引擎是否成功切换为containerd
1、查看容器引擎是否成功切换为containerd
[root@master ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master Ready control-plane,master 22m v1.20.6 192.168.11.67 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://20.10.7 node1 Ready,SchedulingDisabled <none> 22m v1.20.6 192.168.11.68 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 containerd://1.4.6 node2 Ready <none> 21m v1.20.6 192.168.11.69 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://20.10.7
2、取消node节点不可被调度的标记
[root@master ~]# kubectl uncordon node1 node/node1 uncordoned [root@master ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master Ready control-plane,master 23m v1.20.6 192.168.11.67 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://20.10.7 node1 Ready <none> 23m v1.20.6 192.168.11.68 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 containerd://1.4.6 node2 Ready <none> 23m v1.20.6 192.168.11.69 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 docker://20.10.7
五、集群切换查看
[root@master ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master Ready control-plane,master 46m v1.20.6 192.168.11.67 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 containerd://1.4.6 node1 Ready <none> 46m v1.20.6 192.168.11.68 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 containerd://1.4.6 node2 Ready <none> 46m v1.20.6 192.168.11.69 <none> CentOS Linux 7 (Core) 3.10.0-1160.25.1.el7.x86_64 containerd://1.4.6 [root@master ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-7f4f5bf95d-zs84c 1/1 Running 0 45m calico-node-4kxmh 0/1 Running 1 66s calico-node-jt2m5 1/1 Running 7 45m calico-node-pjl62 1/1 Running 1 45m coredns-54d67798b7-m77pp 1/1 Running 0 46m coredns-54d67798b7-ptsgl 1/1 Running 0 46m etcd-master 1/1 Running 7 3m27s kube-apiserver-master 1/1 Running 7 3m27s kube-controller-manager-master 1/1 Running 7 3m27s kube-proxy-4tv7s 1/1 Running 0 46m kube-proxy-5qbw4 1/1 Running 0 46m kube-proxy-hqtlm 1/1 Running 0 46m kube-scheduler-master 1/1 Running 7 3m27s
六、FATA[0010] failed to connect: failed to connect: context deadline exceeded错误解决
在服务器上执行命令
crictl config runtime-endpoint /run/containerd/containerd.sock
1、问题解决
七、升级为containerd后,无法在服务器上下载私有镜像仓库的镜像问题
1、问题解决(在config.toml中添加仓库认证)
文档:https://www.orchome.com/10011
[root@test-node1 ~]# cat -n /etc/containerd/config.toml|grep cn-shanghai.aliyuncs.com -C 4 103 [plugins."io.containerd.grpc.v1.cri".registry] 104 [plugins."io.containerd.grpc.v1.cri".registry.mirrors] 105 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] 106 endpoint = ["https://ixxxxx.mirror.aliyuncs.com"] 107 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry-vpc.cn-shanghai.aliyuncs.com"] 108 endpoint = ["https://registry-vpc.cn-shanghai.aliyuncs.com"] 109 [plugins."io.containerd.grpc.v1.cri".registry.configs] 110 [plugins."io.containerd.grpc.v1.cri".registry.configs."registry-vpc.cn-shanghai.aliyuncs.com"] 111 [plugins."io.containerd.grpc.v1.cri".registry.configs."registry-vpc.cn-shanghai.aliyuncs.com".auth] 112 username = "xxxxxxxx" 113 password = "xxxxxxxxxxxxx" 114 [plugins."io.containerd.grpc.v1.cri".image_decryption] 115 key_model = ""
