tim/ansible-k8s-pi-cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
ansible-k8s-pi-cluster/files/LFS258/SOLUTIONS/s_03/containerd-setup.txt

184 lines
4.9 KiB
Plaintext
Raw Permalink Blame History

#
# This script is intended to be run on an Ubuntu 20.04,
# 2cpu, 8G node. The course is **not** tested using containerd,
# so you may have endless issues, or not. Only for those already
# comfortable with Kubernetes, who want to compare and contrast
# various container engines
# By Tim Serewicz, 03/2022 GPL
# Note there is a lot of software downloaded, which may require
# some troubleshooting if any of the sites updates their code,
# which should be expected.
# These first several steps can be done on cp and worker.
# Ensure two modules are loaded after reboot
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
# Disable swap if not on a cloud instance - done anyway
sudo swapoff -a
# Load the modules now
sudo modprobe overlay
sudo modprobe br_netfilter
# Update sysctl to load iptables and ipforwarding
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
# Install some necessary software
sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
# Install the Docker keyring
# In Ubuntu 20.04, containerd part of local repos.
sudo apt install containerd -y
#Older OS steps
#curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/docker.gpg add -
# Create a Docker repository
#sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# Install and configure the containerd package
#sudo apt-get update && sudo apt-get install -y containerd.io
#sudo mkdir -p /etc/containerd
#sudo containerd config default | sudo tee /etc/containerd/config.toml
# Verify the file has the appropriate contents
#cat /etc/containerd/config.toml
# Restart and check containerd
sudo systemctl restart containerd
sudo systemctl status containerd
#
#
# RETURN TO THE BOOK now that containerd is installed.
# Some of same steps included following to make life easier, and some
# troubleshooting
#
#
# Add the Kubernetes repo
sudo sh -c "echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list"
# Add the GPG key for the new repo
sudo sh -c "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -"
# Install the Kubernetes packages - Using older version of k8s
# so we can upgrade to current in future lab. Stop after these steps
# if on the worker
sudo apt-get update
sudo apt-get install -y kubeadm=1.22.1-00 kubelet=1.22.1-00 kubectl=1.22.1-00
sudo apt-mark hold kubelet kubeadm kubectl
# Create a cluster using containerd - Using older version of k8s
# so we can upgrade to current in future lab. Only run init on
# the control plane (cp) - **not** the worker.
sudo kubeadm init --kubernetes-version 1.22.1 --cri-socket=/var/run/containerd/containerd.sock --pod-network-cidr 192.168.0.0/16 | tee $HOME/cp.out
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# We'll use Calico for the network plugin
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
# Make sure all the infrastructure pods are running
kubectl get pod --all-namespaces
kubectl describe pod -l component=kube-apiserver -n kube-system
kubectl get events
# Enable command line completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> $HOME/.bashrc
# Untaint the control plane, as we only have one node
kubectl taint node --all node-role.kubernetes.io/master-
# Troubleshooting and or optional add ons
# Get containerd running, append or create several files.
cat <<EOF | sudo tee /etc/containerd/config.toml
disabled_plugins = ["restart"]
[plugins.linux]
shim_debug = true
[plugins.cri.containerd.runtimes.runsc]
runtime_type = "io.containerd.runsc.v1"
EOF
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///var/run/dockershim.sock
timeout: 10
debug: true
EOF
# Ensure containerd starts and
sudo systemctl restart containerd
kubectl get pod --all-namespaces
# Optional
# Install and configure crictl and gVisor if you want a more secure environment.
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz
tar zxvf crictl-v1.22.0-linux-amd64.tar.gz
sudo mv crictl /usr/local/bin
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
EOF
sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/containerd-shim-runsc-v1 -O /usr/local/bin/containerd-shim-runsc-v1
sudo chmod +x /usr/local/bin/containerd-shim-runsc-v1
sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc -O /usr/local/bin/runsc
sudo chmod +x /usr/local/bin/runsc
Reference in New Issue View Git Blame Copy Permalink