Docker 作为容器运行时
K8s 1.24 移除了 Dockershim,但通过 cri-dockerd 适配层仍可使用 Docker。二进制安装方式中演示此方案。
安装 Docker
# 卸载旧版本
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
# 配置 Docker apt 源
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
bash
配置 Docker
修改 /etc/docker/daemon.json:
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://mirror.ccs.tencentyun.com",
"https://docker.mirrors.ustc.edu.cn"
]
}
json
systemctl daemon-reload
systemctl restart docker
bash
注意:cgroupdriver 必须设为 systemd,与 kubelet 保持一致。
安装 cri-dockerd
cri-dockerd 是连接 Docker 和 K8s CRI 接口的适配层。
方式一:deb 包安装:
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.15/cri-dockerd_0.3.15.3-0.ubuntu-focal_amd64.deb
sudo dpkg -i cri-dockerd_0.3.15.3-0.ubuntu-focal_amd64.deb
bash
方式二:二进制安装:
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd-0.3.4.amd64.tgz
tar -xvf cri-dockerd-0.3.4.amd64.tgz
mv cri-dockerd /usr/local/bin/
bash
systemd 服务配置
安装 deb 包后会自动创建服务。如手动安装,创建以下服务文件:
# /etc/systemd/system/cri-dockerd.service
[Unit]
Description=cri-dockerd
After=network.target docker.service
[Service]
ExecStart=/usr/local/bin/cri-dockerd \
--network-plugin=cni \
--cni-default-network=calico \
--container-runtime-endpoint unix:///run/cri-dockerd.sock
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
ini
可选:指定 pause 镜像版本:
vi /etc/systemd/system/multi-user.target.wants/cri-docker.service
# 修改 ExecStart 行
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.k8s.io/pause:3.9 --container-runtime-endpoint fd://
bash
启动:
sudo systemctl daemon-reload
sudo systemctl enable --now cri-docker
sudo systemctl status cri-docker
bash
containerd + nerdctl 方案(推荐)
如果使用 containerd,建议安装 nerdctl 使其拥有类似 Docker 的命令体验:
# 下载 nerdctl
wget https://github.com/containerd/nerdctl/releases/download/v1.5.0/nerdctl-1.5.0-linux-amd64.tar.gz
tar -xvf nerdctl-1.5.0-linux-amd64.tar.gz -C /usr/local/bin/
bash
↑